Date: Sat, 14 Mar 2020 13:09:49 -0400 From: Chris Gordon <freebsd@theory14.net> To: hartzell@alerce.com Cc: Matthew Seaman <matthew@FreeBSD.org>, freebsd-questions@freebsd.org Subject: Re: Centralized user/group/whatever management Message-ID: <5AAC1545-4BF4-4395-9CB5-E880AE207D63@theory14.net> In-Reply-To: <24173.939.499988.382240@alice.local> References: <20200313091923.GA98495@admin.sibptus.ru> <2F4CA1FD-FB90-4B2E-A2C3-9C009A67A5EE@theory14.net> <20200314055541.GF27346@admin.sibptus.ru> <41ff5211-2ec5-d027-bb12-183afc4ad397@FreeBSD.org> <24173.939.499988.382240@alice.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 14, 2020, at 12:17 PM, George Hartzell <hartzell@alerce.com> = wrote: >=20 > Matthew Seaman writes: >> [...] >> That's where things like FreeIPA come in: it's a pre-packaged setup = with >> all the stuff you hadn't realized you needed yet already dealt with. >> [...] >=20 > What is the status of FreeIPA on FreeBSD? I don't see it on > FreshPorts. Server side or as a client? Here's an article about full client implementation (sssd and all): = https://blog.hostileadmin.com/2016/03/24/integrating-freebsd-w-freeipasssd= / I would recommend avoiding the full client "experience" -- it's really = painful for what feels like very little gain. On the server side, I would avoid FreeIPA like the plague. The 389 = directory server is at the heart of everything and is "less than great" = IMHO. Look at the bug and feature requests for the project to get an = idea. I've seen significant performance and scaling problems requiring = a lot of adjustments and client customizations to bring the platform = under control (this is at the scale of thousands of clients globally = distributed). Some of the problems probably stem back to ignorance/lack = of experience when initially setup as a pilot, but you don't know what = you don't know until you start. =20 FreeIPA is trying to be Active Directory. I've not run AD so I don't = know what problems and scaling issues one runs into with that platform, = but I'm pretty sure the time we've had to invest dealing with FreeIPA = would more than have paid for AD. If you need the type of features offered by FreeIPA, I would consider = Samba as a free choice or just buying AD if money is available. In any = case, do your testing and testing at some representative scale to really = understand what you're getting into. =20 Hope that helps. If you have more details on your environment and the = problem you're trying to solve, I'm happy to provide more commentary. Chris=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5AAC1545-4BF4-4395-9CB5-E880AE207D63>