Changes between Initial Version and Version 1 of Documentation/Manuals/FreeIPA


Ignore:
Timestamp:
Mar 12, 2016 8:18:05 PM (8 years ago)
Author:
Olexander Boretsky
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Documentation/Manuals/FreeIPA

    v1 v1  
     1'''FreeIPA''' is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
     2
     3FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.
     4
     5at KNU Cluster FreeIPA is using for as domain for students accounts for oVirt.
     6
     7It installed in oVirt.vlabs environment as VM with disk on separate LUN with CentOS 7 from standard repos. VM placed in private network of vLabs and has paththrough access from web.
     8
     9We tried to install Let`s Encrypt CA cert`s and not succeed because of bug`s in FreeIPA.
     10
     11In order to integrate freeIPA to ovirt option '''nsslapd-minssf''' need to be set to 1 in file {{{ /etc/dirsrv/slapd-VLABS-KNU-UA/dse.ldif }}}
     12
     13Starting from version 4.0 FreeIPA using One Time Password(OTP). In our installation we doesn`t need this feature so it must be disabled by {{{ ipa config-mod --user-auth-type=disabled }}}
     14
     15users can be created by recommended set of commands
     16{{{
     17kinit admin
     18for i in {<student number in group>}; do echo "<coursname_aspassword><year>" | ipa user-add <courcename>_g<groupnumber>_s$i --first=FIRSTNAME --last=LASTNAME --password --noprivate --gidnumber=<number of existing group>; done
     19
     20ipa group-add-member <groupname> --users=<list of users>
     21}}}
     22