Bug 1026658
Summary: | [RFE] Request to provide IPA as modules | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Frederic Hornain <fhornain> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED WONTFIX | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.6 | CC: | pspacek, rcritten |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-06 10:06:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frederic Hornain
2013-11-05 07:55:13 UTC
Hello Frederic, Thanks for the interest. FreeIPA is an identity, authentication, authorization stack. DNS is a supplementary module supporting it's function. However, with just DNS, there is no FreeIPA - that said, I do not think that this something that FreeIPA team would focus on. You can, however, install a FreeIPA server with DNS support and then consume only the DNS part, but of course, it is quite a heavy machinery for the task. Other option is to use the bind-dyndb-ldap component of FreeIPA stack, which will let you configure a custom LDAP as a DNS data source for BIND name server (as FreeIPA uses it). But of course, you would not have FreeIPA Web UI DNS page. Let me rephrase what Martin told: FreeIPA integrates those components: LDAP Kerberos PKI (optional) DNS Certmonger (optional) Web UI Trusts (optional) Client (optional) NTP (optional) DNS uses those: LDAP DNS Web UI Let me make clear that DNS in FreeIPA depends on LDAP server (389 DS) and BIND anyway. They want to use Web UI (I guess), so there are not much things to extract. They can install FreeIPA without PKI/Dogtag certificate authority and without NTP if they want. So after all, the only 'unnecessary' component for DNS-only use case is Kerberos. Note that nothing forces them to really use the integrated Kerberos server, it will just sit there and authenticate admin user to the Web UI. Dear *, The idea is to propose IPA as modules which could be installed separately and should manage their dependence with other modules. Finally, the module choice will be reflected in the Web UI as well. E.G. If customer decide to use IPA only for as a DNS Sever, the WebUI should only contains DNS related elements and not RBAC, Host and user which are useless in that case. BR /f We implement FreeIPA exactly this way - we have optional functionality like DNS or AD Trust Integration as separate packages with a separate installer. When the optional piece is configured, it is shown in the Web UI. All these optional pieces require FreeIPA core, that is mostly Kerberos, LDAP and HTTP. Without the core, FreeIPA makes no sense. But it does not work the other way around - like IPA AD trust integration with IPA, or IPA DNS without IPA. I am sorry, but I have to close this particular request as WONTFIX. |