[Freeipa-users] Question on AD to freeipa sync

[Simo Sorce]

Ondrej,
it depends on your company structure, complexity and goals and
flexibility.

If you join your Linux machines to an AD directory then you are tied
very strictly, administratively and functionally to that directory. 
Given Windows Administration and Linux Administration are very diverse
skills set, and very few admins are capable of doing both with maximum
proficiency on both system we think that splitting your support
organization between the Windows admin and Linux admins is a good thing.

Each group can concentrate on its own tasks w/o too much interference
and less need for coordinating.
Also FreeIPA is targeted at serving Linux machines and has integrated
HBAC, Sudo support and other goodies that are simply missing in the AD
side as they are alien concepts in the Windows world.

Of course small organization were a single admin group controlling both
platfroms may decide having just one directory is the way to go. You
have the freedom to choose.

Simo.

On Mon, 2011-10-03 at 12:45 +0200, Ondrej Valousek wrote:
> Well, I think these advantages won't outweigh the extra complexity of
> having two systems for the same thing. 
> But it is up to everyone's decision...
> 
> Ondrej
> 
> > - the error messages of an AD might be strange to deal with for
> > unix/linux admins
> > 
> > - While I expect Microsoft to test AD patches with Windows clients
> > I do not expect them to test linux/unix clients.  Resulting in possi-
> > bility that patches of the AD break the communication to linux/unix
> > clients.
> > 
> > - Having important infrastructure like idendification/directory services
> > running on OpenSource software is a good thing, apply all the OpenSource
> > advantages here like beeing able to audit the code etc.
> > 
> > 
> > Christian
> 
> 
> ______________________________________________________________________
> The information contained in this e-mail and in any attachments is
> confidential and is designated solely for the attention of the
> intended recipient(s). If you are not an intended recipient, you must
> not use, disclose, copy, distribute or retain this e-mail or any part
> thereof. If you have received this e-mail in error, please notify the
> sender by return e-mail and delete all copies of this e-mail from your
> computer system(s). Please direct any additional queries to:
> communications at s3group.com. Thank You. Silicon and Software Systems
> Limited (S3 Group). Registered in Ireland no. 378073. Registered
> Office: South County Business Park, Leopardstown, Dublin 18 
> 
> ______________________________________________________________________
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-- 
Simo Sorce * Red Hat, Inc * New York