On pe, 20 touko 2022, Leo O via FreeIPA-users wrote:
Yes I know and in case I continue on that, I will of course upload my findings and results (maybe on my public GitHub account or get in touch with you to find a good place). I mean that's the least I can do. The only issue right now is, I'm working on weekdays in an external freelancer project, on weekends for my own company. Unfortunately I can't make up some time for another project like a deep dive into e.g. FreeIPA. Nevertheless, maybe a bit off but still connected to this topic. I saw you are also involved in the alternative to FreeIPA, Samba AD DC (with cockpit UI). In terms of stability, security and of course extensibility compared to FreeIPA. Any preference here from you? My personal feeling is, FreeIPA super easy setup (at least when using the docker container), but as soon as you have to extend it, it's getting tricky. Cannot say that much about security and stability so far. Hope this is not too off, and looking forward to hear your personal opinion about samba AD DC + cockpit compared to FreeIPA.
I think you'd need to separate the two. Samba AD DC is a fine solution to handle Windows systems. FreeIPA does not address that part at all, intentionally, to avoid doing double work. Cockpit plugin to Samba AD is not ready for any production use, it is a prototype at best. FreeIPA relies in a lot of areas on the work of Samba Team, so we are tightly collaborating here and there but at the same time we focus on different target audiences. FreeIPA is focused on making Linux systems usable with all the features you'd need from them in today's world. Samba AD solves a problem of making the life with Windows workstations scalable to different directions than what Microsoft intended. It has less integration for features that might be more needed in a Linux-only environments. They both can integrate through the forest trust support, with FreeIPA treating Samba AD as, well, Active Directory deployment, and vice versa. There are few missing bits to complete this integration but the point is that FreeIPA intentionally is not focusing on those Windows systems that can be put at Samba AD control instead. We choose what to focus on and coordinate a lot. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
