1

If we want to use the FreeIPA Active Directory Trust Integration Option, can we use an existing implementation of SunLDAP to store the Policies (e.g. sudo, hbac etc.)

Essentially we don't to create another LDAP Directory just for storing the Policies.

Saqib Ali
  • 410
  • 2
  • 7
  • 19
  • The purpose of the IPA/AD trust is to store user accounts in AD, and policy in IPA. If you don't want policy in IPA, what do you want IPA to do? – Andy Jun 16 '16 at 05:07
  • Hi Andy, we do want IPA to maintain the policies, but just want to use SunLDAP instead of 389 Directory Server for storing the policies. AD would be System of Records for the User Accounts. – Saqib Ali Jun 16 '16 at 14:14

1 Answers1

1

This is not possible as Alexander explained on freeipa-users: http://www.redhat.com/archives/freeipa-users/2016-June/msg00294.html

jhrozek
  • 1,320
  • 6
  • 5
  • I guess my question is why it can't be done. Both 389DS and SunLDAP are LDAP complaint. So it should be possible. Right? – Saqib Ali Jun 16 '16 at 15:37
  • FreeIPA has a ton of plugins that only work with 389DS and IPA depends on them. – jhrozek Jun 20 '16 at 16:32