On Wed, 2012-11-14 at 16:47 -0200, Andre Rodrigues wrote: > thanks for the info Simo! > I work at a university and the current structure is: > a meta-directory that feeds a master 389-ds, and the master replicates > the data to two read-only directories, that are accessible to > customers. > any changes in the directory should be sent to the meta-directory, > which will apply the changes on the master. > Now I'm studying FreeIPA to see a possible exchange of 389DS for > FreeIPA (primarily by trust with ad). > This is not an appropriate structure for FreeIPA(nor a directory > actually) but a read-only FreeIPA would be best for us.
Oh so you would want a completely read-only setup, no changes at all on any server in orer to drive everything from the meta-directory ? Don't think that will be possible. You can certainly use metadirectories to synchronize stuff but enforcing read-only behavior for everything simply does not cope with the feature set unless you want to strip freeipa of all the reasons to use it :) Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
