[Freeipa-users] hesitate to deploy freeipa
Rich Megginson
rmeggins at redhat.com
Thu Jun 25 18:30:24 UTC 2015
On 06/25/2015 12:12 PM, Thomas Sailer wrote:
> Am 25.06.2015 um 17:47 schrieb Simo Sorce:
>
>> Yes, the whole project is complex, but not because we like complexity,
>> it is complex because the problem space is complex and we are bound to
>> use existing protocols, which sometimes add in complexity, and we want
>> to offer useful features to admins, so they can think about managing
>> stuff and not about the plumbing all the time.
>
> Sure, the problem space is a lot more complex than say ls.
>
> But I think there is room for improvement, by making the individual
> tools somewhat more resilient to unexpected behaviour in other
> components.
+1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc.
>
> For example, if there's any nsuniqueid group present in a users entry,
> login authentication via sssd breaks with a cryptic error message. It
> would be nice, IMO, if it didn't break or if it at least issued a
> better error message.
Sure. For starters, there's https://fedorahosted.org/389/ticket/48161
>
> Furthermore, a good graphical generic LDAP editor would make the
> admin's life significantly easier, IMO. I so far haven't found one.
> There's gq, which works, mostly, but crashes relatively frequently.
> I'm mostly using ldapvi now, which works quite well but only after
> studying its manual.
Have you tried Apache Directory Studio?
>
> Thomas
>
More information about the Freeipa-users
mailing list