'''FreeIPA''' is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools. FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers. at KNU Cluster FreeIPA is using for as domain for students accounts for oVirt. It installed in oVirt.vlabs environment as VM with disk on separate LUN with CentOS 7 from standard repos. VM placed in private network of vLabs and has paththrough access from web. We tried to install Let`s Encrypt CA cert`s and not succeed because of bug`s in FreeIPA. In order to integrate freeIPA to ovirt option '''nsslapd-minssf''' need to be set to 1 in file {{{ /etc/dirsrv/slapd-VLABS-KNU-UA/dse.ldif }}} Starting from version 4.0 FreeIPA using One Time Password(OTP). In our installation we doesn`t need this feature so it must be disabled by {{{ ipa config-mod --user-auth-type=disabled }}} users can be created by recommended set of commands {{{ kinit admin for i in {}; do echo "" | ipa user-add _g_s$i --first=FIRSTNAME --last=LASTNAME --password --noprivate --gidnumber=; done ipa group-add-member --users= }}}