[Freeipa-users] Confused,HELP
Dmitri Pal
dpal at redhat.com
Mon Sep 28 12:15:39 UTC 2009
Michael Kang wrote:
> Dear FreeIPA community,
>
> I'm confused those days. My PL wants to find a AAA solution for our
> company by using LDAP to storing employee information. Now they use
> phpLDAPadmin to manage Fedora directory server. Using Apache ladp mod
> to authenticate for internal websites.
>
> Now I'm learning FreeIPA. But I don't know what's different with
> FreeIPA and 389-ds?
>
> What could FreeIPA offer? What is the benefit of deploying FreeIPA in
> my company.
>
> I'm a junior Linux system administrator. I really need your help.
>
FreeIPA v1.x is a combination of the Directory Server and Kerberos
Domain Controller glued together. It has web UI and CLI interfaces.
Kerberos brings to the table SSO. Once one is authenticated and got his
kerberos ticket he can access any kerberized service in the same domain
without being prompted for re-authentication.
The FreeIPA 2.x (in works) adds embedded DNS, CA. Allows tracking and
autorenewal of the server certificates, allows enrollment of the hosts
in the IPA domain , supports automount and netgroups, provides host
based access control and more.
This is a quick overview.
What is different between 389 and IPA? IPA is more than just as DS.
There are also differences in how the DIT is organized.
What is the value? IPA is aiming at being a fully functional domain
controller for Linux/UNIX hosts with big set of native UNIX/Linux
features as AD does for Windows.
Hope this helps.
Dmitri
More information about the Freeipa-users
mailing list