[Freeipa-users] Multi-tennancy and Freeipa
Dmitri Pal
dpal at redhat.com
Fri Dec 16 20:41:32 UTC 2011
On 12/16/2011 02:37 PM, Alan Evans wrote:
> Adam,
>
> This is great news. The feedback I have after a quick read through (I
> will try to put a bit more time on it later) would be to make the
> 'tennant' separation more flexible and why not use existing ldap
> schema?
>
> Instead of forcing the user into cn={TENANT},cn=tenants,$suffix why
> not create a 'tennant' aux class that would allow the end user to
> design a DIT however they would like.
>
> We for example use o=<company|organization>,$suffix. Then any schema
> maintenance instead of being:
> For each tennant in (cn=tenants,$suffix)
> It would be:
> For each tennant in (ldapsearch (objectclass=tennant))
>
> Then the end provider could design a DIT that fit their needs with
> replication in mind. Consider the flexibility of:
>
> o=<Tennant1>,C=US,$suffix
> o=<Tennant2>,C=UK,$suffix
> o=<Tennant3>,OU=North America,$suffix
> o=<Tennant4>,OU=Europe,$suffix
>
> That's my 2¢ at the moment. I'd be glad to banter back and forth
> about this with you. :)
>
> Regards,
> -Alan
This is very flexible but I am not sure IPA would be able to be that
flexible.
One of the design goals from the beginning was: static schema and flat
DIT. The whole project is built around it. Such approach would really
come as a "system shock". I am not against it, just saying it would be
harder as it goes even further than Adam's proposal in changing the
fundamental principals.
> On Fri, Dec 16, 2011 at 5:35 AM, Adam Young <ayoung at redhat.com> wrote:
>> I opened a ticket for multitenancy
>>
>> https://fedorahosted.org/freeipa/ticket/2201
>>
>> Here is a detailed write up of the issues.
>>
>> http://freeipa.org/page/Multitenancy
>>
>> Please provide any feedback that you have and I will update.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list