[Freeipa-users] Extending IPA to include multiple (say 5) fields for MAC addresses per user

Steven Jones Steven.Jones at vuw.ac.nz
Wed Mar 11 20:54:58 UTC 2015 

Hi,


Hosts however would have to be joined by an admin?


They also wouldnt be very IPA aware and stable  from what I can see, ie joining a non-RH OS to IPA just looks an awful nightmare especially for 10000+ devices plus with 3 different OSes at least (IOS, Win, Android, linux and apple and windows laptops plus others) and multiple versions and patch levels.....um no, insanity beckons, LOL.


I am still trying to figure out what is wanted so I am vague because so are criteria and I have never done this before.


All I have is,


free, open source,


The idea is that an employee can have a zero config access / sign in to wifi for their device once initially connected.


The solution must be robust and available ie close to 99.999% availability.  IPA can do this as the backend and yes PF can use LDAP hence my interest.  Packet fence can be active/passive HA so its possible.  Virtualised across multiple ESXi hosts and SANs.


I have a RFE in for a IPA howto section to be added to the PF manual as even the openldap section is empty.  Or I might try and write it if I get the go ahead myself.


The PF servers would be RHEL6.6 so Im hoping adding a service in IPA will "simply" work.




regards

Steven

________________________________
From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Dmitri Pal <dpal at redhat.com>
Sent: Thursday, 12 March 2015 9:15 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Extending IPA to include multiple (say 5) fields for MAC addresses per user

On 03/11/2015 03:43 PM, Steven Jones wrote:

Hi,


I have been asked to look at packetfence and linking it to IPA for authentication but I might need to allow users to login into their IPA info and add MAC addresses themselves, this is possible I think?


Since ppl these days can have 3 mobile devices, (ipad, iphone and laptop) I would need multiple MAC fields so would have to extend IPA's schema? is this a good idea?

I would treat the devices as hosts rather than extend user schema.
But can you explain the use case and what you have in mind.
Based on the PF site they support different LDAP servers for authentication so I am not sure any schema change would be needed.





regards

Steven






--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150311/a9828d6f/attachment.htm>

More information about the Freeipa-users mailing list