Comments on Installing FreeIPA With Replication

>FreeIPA is a project backed by RedHat, so it's no suprise that this article is about an installation on this platform.

 

 

well, there are other distributions , you know.

so is it possible on, let's say ubuntu?

 

thank you!

hi sles,

 A quick Google search didn't get me anything useful you could use, you could search the apt-repositories on your machine for IPA. 

Spent the last 45 minutes reading about IPA and looking for an Ubuntu Server solution. It does not exist. Debian doesn't have a port, though a few people are working on it. It appears that will fail due to all the different languages involved in IPA. It is not a 1-language tool. Most of the dependency issues appear to be in java code. So - don't hold your breath. If you really want IPA as a solution, running a CentOS server and buggy Ubuntu clients appears to be the only answer for now. For a small network with minimal security concerns, plain NIS is probably the easiest solution. Sadly, NIS+/NISplus doesn't seem a viable option on Linux. Or just use carefully managed /etc/group, passwd files .... since most computer-to-computer connections will be over ssh (hopefully using ssh-keys), maintaining passwds on each isn't too important. It is just about having the uid/gid numbers match.

Maybe this link can help:

https://wiki.ubuntu.com/Server/IdentityManagement

 Kind regards

Rob

Calling OpenLDAP badly documented explains easily the other ridiculous claim in the article, i.e. that it's hard to configure. Perhaps the esteemed author should actually try to read the documentation OpenLDAP comes with?

Good point, the thing I'm mentioning is, have you ever tried to install OpenLDAP on say CentOS 6/RHEL 6? It's ridiculous when you look at the amount of config files and how they are layed out, and I have searched a lot until I found this site http://www.computerglitch.net/bin/texts/CentOS6_LDAP.php, which explains the process (but again, not documented by the project itself). 

Let's try not to get too bent out of shape over a subjective assertion.  If OpenLDAP has buttered your bread and been your go to software stack, there is no reason to change.  But, what if you are someone, who has had difficulty in installing and configuring.  Perhaps not even wanting to try IPA as you figure it is more of the same.  The OPs post does a good job at saying hey this can do what you want, and it is different enough from OpenLDAP that if you had trouble with it, maybe try FreeIPA.  

 In the article below, instead of jumping to the line number it states, just do a search for "cannot use IP network address" as the line numbers have changed.

 https://www.redhat.com/archives/freeipa-users/2012-February/msg00064.html

 Marl

I am trying to configure replication between two FreeIPA centos 7 servers. As per the document i need same FreeIPA version running on both the machines, i have v 4.2.0 on both, and run ipa-replica-prepare on the master and then simply run ipa-replica-install on the replica server along with replica file. But i am unable to get pass the below error message:

[root@ip-172-31-23-230 ipa]# ipa-replica-install /var/lib/ipa/replica-info-replica.ipa.com.gpg ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA client is already configured on this system. Please uninstall it first before configuring the replica, using 'ipa-client-install --uninstall'.

when i try 'ipa-client-install --uninstall' then i am getting bellow message:

ipa-client-install --uninstall IPA client is configured as a part of IPA server on this system. Refer to ipa-server-install for uninstallation.

What should i be doing to get around these annoying errors? has any one got freeIPA replication working on centos? the documentation has pretty simple steps but certainly it does not work for me.

Thanks, Deepak

so how are the clients configured to see the replica?  what file and what variable is set to see the replica?