[Freeipa-devel] FreeIPA Footprint

Rob Crittenden rcritten at redhat.com
Thu Feb 21 14:54:04 UTC 2008 

W. Michael Petullo wrote:
> I have been piecing together an authentication and authorization solution
> using Kerberos and OpenLDAP for about two years [1]. I have recently begun
> looking at FreeIPA. I may be able to help with the integration of Mac
> OS X clients into a FreeIPA-based network.

Great! We have some amount of documentation on it at 
http://www.freeipa.com/page/ConfiguringOtherClients#Mac_OS_X but it 
could use another set of eyes and some other enhancements. Currently it 
just adds the OS X machine to the realm.

> I do have a few questions about FreeIPA, related to my interest in a
> very low-footprint solution.
> 
> 1. Is there a good document on reducing the memory footprint of the Fedora
> Directory Server? On my computer, FDS / ns-slapd seems to use 500 MB of
> memory. A similar configuration using OpenLDAP / slapd used only 20 MB.

DS by default has very large caches. It is possible to tune these down. 
We haven't done much IPA-specific tuning beyond creating an index for 
each attribute we search on.

> 2. Is there any interest in making the Fedora IPA packages more
> fine-grained? For example, the web-based configuration tools brings in
> quite a few dependencies. Could this be split into an separate package? In
> this case, I am interested in disk space.

You raise a good point. Can you file a bug on this so it doesn't fall 
thru the cracks?

I'll have to think a bit about how this would work. Separating the files 
is probably fairly straightforward but what it means to have IPA w/o the 
UI I'm not sure. It will require other changes so we don't configure 
Apache to forward requests. Or we could just leave Apache as it is and 
let it proxy things to nowhere :-)

> 
> [1] http://www.redhatmagazine.com/2008/01/17/serving-apples-integrating-mac-os-x-clients-into-a-fedora-network/

I'll make sure our docs writer takes a look at this.

BTW, I saw your bug on the acutil dependency. I think you need to 
install authconfig to fix this.

regards

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080221/ddf577cd/attachment.bin>

More information about the Freeipa-devel mailing list