On 10/28/25 11:49, Ronald Wimmer via FreeIPA-users wrote:
Is it feasible to operate a single central IPA instance (with one IPA
realm) that serves several IPA domains?
Since we have firewalls between the central instance and the individual
domains, what do we need to take into account besides what’s mentioned
in Red Hat solution 357673? We no longer have any AD trusts in place.
As far as I understand, IPA clients in each domain would need to
communicate directly with the central instance, since the IPA
architecture doesn’t support proxy or relay servers in each domain — is
that correct?
Any insights or experiences on this setup would be greatly appreciated!
Follow-up question:
Would it work to place one FreeIPA replica per site (per DNS domain), so
that the central instance communicates with these replicas, and clients
in each site only talk to their local replica?
The goal would be to keep all clients within a single FreeIPA realm but
reduce cross-site traffic through the firewalls.
Is this a supported / recommended setup?
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
