[Freeipa-users] Replicating users/groups from AD
Simo Sorce
simo at redhat.com
Fri Jul 22 15:49:12 UTC 2016
On Fri, 2016-07-22 at 09:59 -0500, Alston, David wrote:
> Greetings!
>
> I realize that FreeIPA is supposed to be setup as master of its
> own domain, but are there any plans to continue the account
> replication functionality that has already been in FreeIPA? I had
> heard rumor that it would be possible to have FreeIPA and Active
> Directory coexist in the same domain in some release in the future.
> Am I waiting for a feature that will never come?
Hi David,
in order to respond to your question an idea of what are your
expectations would is needed.
If by Domain you mean "AD Domain or Kerberos Realm", the answer is no,
they will never coexists.
If by Domain you mean DNS Domain read then FreeIPA can work in the same
domain as AD but only if you do not care for them interacting (at the
kerberos level, no trusts, no SSO).
You can basically have only one association between a DNS domain and a
Realm, and a DNS domain is either going to be associated to the AD
Domain server or to the IPA Domain.
Synchronization, however is a completely unrelated topic, and I can't
give you an answer on that side as I do not understand how it would
relate to the coexistence of FreeIPA and AD in a single DNS domain.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list