Hello, Thank you for the information. I was not following the SSSD-users mailing list that closely and the topic is very interesting.
I was already considering FreeIPA as the best-maintained full-blown AD alternative. Now that they want to deliver that to Debian-based systems, that would be highly beneficial. Cheers, Ballock On 02/09/13 09:32, Longina Przybyszewska wrote: > Hi , > This is nice posting about FreeIPA status in Debian world. > If we discuss Enterprise it should come on the top of the Top 10 or Top 20... > > Best > Longina > > -----Original Message----- > From: sssd-users-boun...@lists.fedorahosted.org > [mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Dmitri Pal > Sent: 1. september 2013 02:52 > To: Michał Dwużnik > Cc: freeipa-devel; End-user discussions about the System Security Services > Daemon; Development of the System Security Services Daemon; > freeipa-us...@redhat.com > Subject: Re: [SSSD-users] [Freeipa-users] FreeIPA on Debian > > On 08/31/2013 03:50 PM, Michał Dwużnik wrote: >> Hi guys, >> >> >> I do not know whether it will reach ALL the lists Dmitri put in, but anyway: >> >> I do am interested heavily in getting a nice inter distro product (and >> if sth works both on RH-like and Deb-like distros that's quite some >> bases covered...) I'm afraid I'm not able to take the responsibility >> of building the deb support myself (no skills, no time), but feel like >> I do need it and I can spent some considerable time testing (I'm still >> having a production NIS around and I would like to test the >> interoperability when it stops being 'production'...) builds if they >> appear... >> >> I feel like IPA is getting the well established components and builds >> an added value ON them and not AGAINST them, making life easier (and >> hiding the not so beatiful guts under a nice interface, too...): >> Integrating KRB5 and LDAP is something people do every now and then, >> but it comes with cnsiderable pain of reading contradictory guides not >> updated for 10 years, dealing with examples using crypto mechanism >> that should be long forgotten... >> ('first, before configuring LDAP set up KRB5, having a test principal >> get back to this LDAP guide' >> and some two links away: >> 'first, get the your LDAP feet wet, when you're able to do ldapsearch >> get back and construct those ldifs to build krb5 database in ldap' >> followed by 'make a new realm, but don't use krb5_newrealm'...). >> >> Freeipa gives hope of NOT having to deal with cn=config manually, >> (it's a really nice thing, but ldifs are sth that should be hidden >> from view, and most guides for ldap/krb5 integration require creating >> LOTS of those 'by hand', which makes quite a steep learning curve...). >> The abundance of PAM modules for ldap/krb5 does not make it any easier >> (shishi? heimdall? MIT?; libpam-ldap or libpam-ldapd?), nor the >> multitude of different caching tools. >> (to mention only nslcd, nsscache, libpam-ccreds, nss_updatedb...). >> >> Having something solid to start with todays hordes of products >> requiring some auth integration thingie would be really nice >> >> OTOH that would be nice to have some documentation without EXAMPLE.COM >> inside :> >> >> I think getting freeipa working on Debian would be a great 'social' >> move, sure to be valued among the Linux community (ok, at least the >> part of community not centered on their own personal computers...), >> but the transition to 'Freeipa is wideely adopted product for ...' >> would surely need more people than a couple of guys in RH raising the >> Debian cause and a few Debian users like me. >> >> Thanks to work by Alexandre Ellert it's possible to get freeipa >> working with wheezy with relatively no hassle, but I'm afraid the >> world needs more than him :> >> >> Trying that I haven't seen any obvious 'fedorisms' inside... >> >> As for 'let's have a dream' part -> I would like to see sth similar to >> nsscache included with the freeipa suite for some really lightweight >> clients, for more than one reason... >> >> Dmitri, thanks for raising the flag! >> >> Michał >> >> PS:Any idea for some advertisement on Debian side? > I have no idea but where and how this effort can be advertised but any ideas > are welcome! > I think it would be great if someone passes it on to other lists that might > be interested in joining the effort. > >> On Fri, Aug 30, 2013 at 11:04 PM, Dmitri Pal <d...@redhat.com> wrote: >>> Hello, >>> >>> Sorry for cross posting to 4 different lists but it seems that this >>> is the best way to include most of people who might be interested in >>> this discussion. >>> >>> The question of "When FreeIPA will be available on Debian?" has been >>> coming up periodically on the list(s) without any resolution. However >>> it is clear that it would be beneficial for the community and the project. >>> >>> May be it is time to try again? >>> Let us see why it yet has not happened? >>> >>> 1) Some components need to be ported to Debian especially Dogtag and >>> a slew of its new RESTEasy dependencies. This requires time and quite >>> an effort from someone familiar with the domain. >>> 2) The code needs to be changed in installer and potentially in other >>> places as it might have had some Fedorizms blended in >>> 3) Someone needs to own packages in Debian and maintain them, someone >>> with good knowledge of the distro and time to take ownership of about >>> 50 packages. >>> >>> Can we pull it off together this time? >>> Say we plan for some Dogtag and IPA domain experts to work on the >>> port during Nov 13 - Feb 14 and address 1) and 2). Would there be any >>> interest to join forces with them? Would there be anyone to take on >>> item >>> 3) from the list above? >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager for IdM portfolio Red Hat Inc. >>> >>> >>> ------------------------------- >>> Looking to carve out IT costs? >>> www.redhat.com/carveoutcosts/ >>> >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> freeipa-us...@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> > -- Mailing list: https://launchpad.net/~enterprise-ubuntu Post to : enterprise-ubuntu@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-ubuntu More help : https://help.launchpad.net/ListHelp
