[Freeipa-users] Questions about FreeIPA vs 389DS

[Rich Megginson]

On 09/13/2012 07:01 AM, mailing lists wrote:
> Hello all,
>
>   It is difficult for newcomers to cope with all this 389DS/FreeIPA stuff, after reading the project documentation and several mail messages in the archives I still have some unanswered questions so I would be very grateful if list members could answer the following doubts.
>
> I need use services in an Active Directory environment and the WinSync solution has important limitations, the MODRDN operation is not handled correctly losing the relation with AD objects (it delete and add the entry so a new SID and GUID is assigned),

What version of 389-ds-base are you using?

> the upcoming "IPAv3 Trust" feature seems very promising because AFAIK no sinchronization is necessary, but by using IPA it seems very restrictive to support current applications which need a LDAP hierarchical tree, custom schema with custom objectclassess and attributes, custom ACLs for applications...... I know about Directory Server virtual views, but I'm worried about the consequences of low level manipulation of the FreeIPA Directory Server instance.
>
> So how others are solving this paradox?
> they run  389DS with (fractional) replication towards (or from) FreeIPA 389DS?
> they add custom schemas to FreeIPA 389DS?
> the do low level manipulation of FreeIPA 389DS for ACLs, plugin activation, ...?
> what about upgrades after this modifications were done?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users