[Freeipa-users] FreeIPA – AD Trust Integration Option
Alexander Bokovoy
abokovoy at redhat.com
Thu Jun 16 05:31:45 UTC 2016
On Wed, 15 Jun 2016, Saqib N Ali wrote:
>Greetings,
>
>If we want to use the FreeIPA Active Directory Trust Integration Option,
>can we use an existing implementation of SunLDAP to store the Policies
>(e.g. sudo, hbac etc.)
>
>Essentially we don't to create another LDAP Directory just for storing the
>Policies.
FreeIPA cannot work with another LDAP Directory. It is integrated
solution that relies on the set of plugins in 389-ds directory, there
are about dozen specialized plugins that come with FreeIPA itself.
Trust to Active Directory option is part of that setup and cannot be
done against another LDAP directory because it also relies on the
specific plugins to 389-ds that don't exist in your SunLDAP.
If you deploy FreeIPA, you cannot have it 'just for storing the
policies'. It will be used for all kinds of objects. With trust to
Active Directory you may opt to not create native IPA users but then
these wouldn't be coming from your SunLDAP directory either, AD users
would be coming from AD.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list