[Freeipa-users] hesitate to deploy freeipa
Christopher Lamb
christopher.lamb at ch.ibm.com
Fri Jun 26 07:21:19 UTC 2015
Hi Harold
Perhaps you should not think of FreeIPA as a product. Perhaps a better
analogy is a Product Stack. Another example would be LAMP. And as far as I
can make out, the point of the FreeIPA project is to better integrate the
various products that build the stack.
A very important factor - at least to me is this community: It is vibrant
and active, you get advice, "they" listen and change things. For example I
can think of at least 3 changes made to the documentation in the last few
months due to mistakes I had made!
I second the use of Apache Directory Studio - very useful for peaking under
the hood and studying the guts of your LDAP directory.
Cheers
Chris
From: Rich Megginson <rmeggins at redhat.com>
To: freeipa-users at redhat.com
Date: 25.06.2015 20:32
Subject: Re: [Freeipa-users] hesitate to deploy freeipa
Sent by: freeipa-users-bounces at redhat.com
On 06/25/2015 12:12 PM, Thomas Sailer wrote:
> Am 25.06.2015 um 17:47 schrieb Simo Sorce:
>
>> Yes, the whole project is complex, but not because we like complexity,
>> it is complex because the problem space is complex and we are bound to
>> use existing protocols, which sometimes add in complexity, and we want
>> to offer useful features to admins, so they can think about managing
>> stuff and not about the plumbing all the time.
>
> Sure, the problem space is a lot more complex than say ls.
>
> But I think there is room for improvement, by making the individual
> tools somewhat more resilient to unexpected behaviour in other
> components.
+1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc.
>
> For example, if there's any nsuniqueid group present in a users entry,
> login authentication via sssd breaks with a cryptic error message. It
> would be nice, IMO, if it didn't break or if it at least issued a
> better error message.
Sure. For starters, there's https://fedorahosted.org/389/ticket/48161
>
> Furthermore, a good graphical generic LDAP editor would make the
> admin's life significantly easier, IMO. I so far haven't found one.
> There's gq, which works, mostly, but crashes relatively frequently.
> I'm mostly using ldapvi now, which works quite well but only after
> studying its manual.
Have you tried Apache Directory Studio?
>
> Thomas
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list