[Freeipa-users] FreeIPA and others
JR Aquino
JR.Aquino at citrix.com
Mon May 14 03:53:34 UTC 2012
On May 13, 2012, at 2:23 PM, "Steven Jones" <Steven.Jones at vuw.ac.nz<mailto:Steven.Jones at vuw.ac.nz>> wrote:
Hi,
>From a user perspective such as myself,
If its mission critical and complex need today then you need to also look at more mature solutions.
Mileage may vary.
I for one have found no suitable scalable substitute for FreeIPA.
I currently run over 21 (soon to be 42) Production FreeIPA servers. These are globally dispersed in every major continent.
They support over 5,000 servers (Mostly RHEL with some Fedora, and Ubuntu mixed in), 1,000 Networking devices (Cisco and Juniper) and around 2,000 users.
I heavily utilize centralized authentication, SSO, hbac, sudo, and automember (with sometimes as many as 100 new hosts a week being built and automatically assigned to their respective hostgroups.).
My use case tends to be the most complex that I've heard of.
The important bugs that I find and report have patches sometimes within a few days.
My advice is to stage thoroughly so you know what you need to have in order to run effectively in production.
There is no real end all be all for all things relating to authentication. I suggest that if you find an important delta, don't give up, experiment with integrating whatever protocol you need. Document the success or the challenges for others to benefit or contribute.
-JR
These however will cost you a lot of time and money to deploy. We have been there and the costs are obscene and the support worryingly poor in AP. Since you have only mentioned 389 and Openldap as options I suspect IPA will suit you its the best of the three, so take a look.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________
From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com> [freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com>] on behalf of Chandan Kumar [chandank.kumar at gmail.com<mailto:chandank.kumar at gmail.com>]
Sent: Saturday, 12 May 2012 6:18 a.m.
To: Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
Subject: [Freeipa-users] FreeIPA and others
Hi All,
I was considering different centralized authentication/authorization services such as FreeIPA, 389 and Open ldap to deploy into our network in order to have a good centralized user authentication/authorization machanism. I was wondering what are they key that FreeIPA provides as compared to other directory servies in terms of extra feature, ease of deployment and use etc.
Thanks
Chandan
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list