[Freeipa-users] Some feature requests

Dmitri Pal dpal at redhat.com
Mon Dec 5 00:00:10 UTC 2011 

On 12/04/2011 02:35 PM, Steven Jones wrote:
> Hi,
>
> RFE? request for engineering?  via RHN support portal?

Request for enhancement = RFE

> I will also raise these with my RH solution architect.....
>
> I noticed that you have a freeipa nfs howto/engineering proof of concept, more of those would be good.  What I am finding is its very hard (actually impossible) to figure out how to get 3rd party hardware to talk LDAP into IPA. It seems the hardware talks one way or multiple ways and IPA answers differently, the result is they dont communicate. So far I have failed with Sun's Solar SAN, and Bluecoat's proxy server.....the info just seems lacking....or maybe a dictionary from IPA to LDAP or into "steven's speak" is needed I certainly dont find it simple to understand. 

We do not know what this hardware wants or expects. We do not even know
what kind of lookups it does. Is it nss_ldap? If so and underlying OS is
Solaris you need to turn on the IPA compat tree and point the device to
that tree.
Via compat tree you can expose the information inside FreeIPA tree in
any shape you want so if the device wants something special you would be
able to satisfy its tastes as long as the data already is some place in
the main tree. If it is not then it is a different issue.

> ;]
>
> I will be attempting a new Bluearc this week......which is centos 4.8 apparently....
>
> ;/
>
> I also find that the vendors only speak AD, they are all MS trained.....they are totally clueless when I mention LDAP and especially IPA....."Ive never done a Linux/LDAP connection, I will have to ask engineering" is the common answer......seems in NZ and even in APAC that is a common, I usually dont get an answer.......

If it is AD specific it might not use LDAP. Do you know that these
devices actually use LDAP?

> Satellite - OTP, it would be per machine.....each machine is recorded individually in RH Sat so you know what is vulnerable and what patches there are..........I kind of envisioned another tab in the kickstart file generator where you would put in the info....maybe it isnt that easy.......but integrating their products is what many vendors are slick at.....or make a huge mess of, depending on the vendor........

RFE would be helpful.


> ;]
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
> Sent: Sunday, 4 December 2011 7:44 a.m.
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Some feature requests
>
> On 11/28/2011 04:36 PM, Steven Jones wrote:
>> I cant see anything in the glster admin guide on connecting it to a IPA setup...
>>
> We will be working with them but it will take some time.
> Would be nice to have RFEs for those components filed.
>
>
> As for kickstart any ipa-client invocation requires and authentication.
> You either need to do it manually or in some way add OTP to the
> kickstart file.
> At best OTP should be one per machine but you can reuse it for a group
> of machines.
> This seems to be a problem that can only be solved by the individual
> admin depending on the constraints of his environment.
> I do not think this has a generic solution.
>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Adam Young [ayoung at redhat.com]
>> Sent: Tuesday, 29 November 2011 10:32 a.m.
>> To: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] Some feature requests
>>
>> On 11/28/2011 04:16 PM, Steven Jones wrote:
>>> Hi,
>>>
>>> a) Auto setup in RH satellite to allow auto joining to freeIPA from a baremetal kickstart.
>> That is a Satellite,  not FreeIPA,  request.
>>
>>> b) Setup/config (info etc) to allow a gluster system to join to IPA.
>> What  would a gluster system require that we do not already provide?
>>
>>> Since these are all RH...shouldn't be too hard.
>>>
>>> ;]
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list