Bug 1167994 - OS-X Configuration Profile Builder for OSX Enrollment
Summary: OS-X Configuration Profile Builder for OSX Enrollment
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: rawhide
Hardware: i686
OS: Mac OS
unspecified
medium
Target Milestone: ---
Assignee: IPA Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-25 20:03 UTC by Brian Topping
Modified: 2014-12-19 09:16 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-19 09:16:45 UTC
Type: Bug


Attachments (Terms of Use)

Description Brian Topping 2014-11-25 20:03:05 UTC
Description of problem:

FreeIPA is looking great in recent versions. Servers add smoothly, Linux clients as well. How about OS-X? Is it reasonable to create a "profile generator" for Macs? http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server demonstrates that it's rather mechanical, but there are a lot of details to cover. http://support.apple.com/kb/PH14274 covers some of the capabilities of configuration profiles.

Expected results:

Adding a machine in the FreeIPA "hosts" UI could allow a configuration profile to be generated. When installed on the target Mac, the machine would be ready to use on the network. Encapsulating the settings like this also means the Mac user should be able to uninstall the configuration by existing means. This maps well to the "ipa-client-install" paradigm that exists for Linux.

Apologies if this is the wrong place to file this kind of thing.

Comment 1 Alexander Bokovoy 2014-11-25 20:08:33 UTC
Hi Brian,

you are welcome to contribute a plugin to 'ipa-advise' tool. These plugins can easily inspect content of IPA database and generate scripts that could be run on the client side.

You can see how we implemented existing plugins in https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/advise/

For example, legacy clients plugin implements a variety of configurations for Linux and FreeBSD systems:
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/advise/plugins/legacy_clients.py

Comment 2 Martin Kosek 2014-12-16 11:34:09 UTC
I will create an upstream ticket for this request. Note that we would still like to encourage you (or anyone else from the OS-X community) to contribute the mentioned ipa-advise plugin if you want to speed things up.

Comment 3 Martin Kosek 2014-12-16 11:34:59 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4813

Comment 4 Martin Kosek 2014-12-19 09:16:45 UTC
The issue is now tracked in upstream Trac as an RFE. We would like to encourage all OS-X users to help us with this use case as we probably won't be able to tackle it ourselves any time soon. Until then, I am closing this bug.


Note You need to log in before you can comment on or make changes to this bug.