freeipa team mailing list archive

Thread
Date

Re: Please review and advocate 389-directory-server (a successor of LDAP) related packages in REVU so that 389 can make it into Karmic

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: Stephen Gallagher <sgallagh@xxxxxxxxxx>
Date: Wed, 22 Jul 2009 11:20:53 -0400
In-reply-to: <cb69cb8f0907220803p5db5504fj4a02dbcd26b86896@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Lightning/1.0pre Thunderbird/3.0b2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/22/2009 11:03 AM, Mathias Gug wrote:
> Hi,
> 
> On Tue, Jul 21, 2009 at 10:11 PM, Kai-Cheung
> Leung<kcleung@xxxxxxxxxxxxxxxxxxxxx> wrote:
>> Actually, 389 *is* part of the FreeIPA and the FreeIPA team (which I
>> am an admin of)  has also decided to get 389 in first, then include
>> other parts of the FreeIPA so that Ubuntu can have the full FreeIPA
>> system.
>>
>> Our long term goal is to have the full FreeIPA implementation in
>> Ubuntu, and therefore as a first step, we now include 389 directory
>> server in Karmic.
>>
> 
> I agree that having the FreeIPA project part of Ubuntu would be a
> great step forward. There are multiple components from the FreeIPA
> project and 389 Directory is only one of them. As there is already a
> similar component available from the Ubuntu archive I'm not convinced
> that packaging 389 Directory is the quickest way to get the
> functionality of FreeIPA in Ubuntu.
> 
> IMO the most useful components of FreeIPA are the new client daemon
> (SSSD) and the admin tools: xmlrpc server and the web interface based
> on turbogears. These don't have similar components in the archive and
> provide the glue for the Directory, Kerberos and Dns server.
> 
> Has anyone tried to load the default FreeIPA DIT in openldap, setup
> the MIT krb5 package to connect to openldap and experiment with the
> admin tools?
> 

There's a great deal more to FreeIPA's integration with 389 than just
the DIT. In order for FreeIPA to function properly, there are several
389 plugins that had to be written, most notably for support of changing
kerberos passwords and for doing dynamic numeric assignment of UID/GIDs.

We've previously discussed this with the Debian/Ubuntu developers and
explained that the effort needed to port FreeIPA to openldap FAR exceeds
the effort of including 389 in Debian/Ubuntu.

> --
> Mathias Gug
> Ubuntu Developer  http://www.ubuntu.com
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~freeipa
> Post to     : freeipa@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~freeipa
> More help   : https://help.launchpad.net/ListHelp


- -- 
Stephen Gallagher
RHCE 804006346421761

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkpnLk8ACgkQeiVVYja6o6OoqQCfdEL9bwlk5Kd33auBadrF5d4p
+zMAnAnCoxujwy4JpL/fRdEI0byPC3IR
=fdA6
-----END PGP SIGNATURE-----

Follow ups

Re: Please review and advocate 389-directory-server (a successor of LDAP) related packages in REVU so that 389 can make it into Karmic
From: Mathias Gug, 2009-07-22

References

Re: Please review and advocate 389-directory-server (a successor of LDAP) related packages in REVU so that 389 can make it into Karmic
From: Kai-Cheung Leung, 2009-07-22
Re: Please review and advocate 389-directory-server (a successor of LDAP) related packages in REVU so that 389 can make it into Karmic
From: Mathias Gug, 2009-07-22