[Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC
Dag Wieers
dag at wieers.com
Wed Feb 13 14:58:42 UTC 2013
Hi,
We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the synchronization
with AD can be limited to a subset.
Since we would like to only synchronize certain user-accounts (conforming
to a specific format) from AD unidirectionally, and we also want to manage
functional/technical accounts on IPA, we need to make sure that we:
- can filter the stuff we pull from AD
- can avoid the synchronisation to remove other accounts managed in IPA
Can someone confirm that this is possible ? Is there any indepth
information on how this AD sycnhronization works (preferably about RHEL6
IPA) ?
Also since we also require compatibility with Solaris, and roles (RBAC) is
currently used on Solaris, does IPA support RBAC on Solaris ? (We noticed
that RBAC mentioned in the IPA web interface only relates to IPA
management).
Thanks in advance,
--
-- dag wieers, dag at wieers.com, http://dag.wieers.com/
-- dagit linux solutions, info at dagit.net, http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
More information about the Freeipa-users
mailing list