FreeIPA is an integrated security information management solution combining Linux (Fedora), Fedora Directory Server, MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools. Currently it supports identity management with plans to support policy and auditing management.
FreeIPA requres port389 Directory Server
ebuild are on the way in my overlay (details in #104554 )
initial ebuilds are now in my 389 tree
!!! this ebuilds are not for produktion system !!!
they are only there to start the discussion
so my tests will start next week
freeIPA is hardcoded to redhat linux
so we have to find the wrong dependencies
and correct them to gentoo
also the package deeps for the configscripts (they are also hardcoded to redhat) in the server/client/radius package are still not there pam_krb mod_auth_krb mod_nss ...
i am not uploading this ebuilds as they are not for testing
Firstly, I want to say thanks1 FreeIPA looks like just the kind of wrapper Linux needs to compete with Active Directory.
Second, upstream should be informed about their Redhat assumptions and see if they have advice or if they are receptive to decoupling patches. It's been by take that at least the 389 devs would like to see it in distros other than Fedora and RHEL.
(In reply to comment #4)
> Firstly, I want to say thanks1 FreeIPA looks like just the kind of wrapper
> Linux needs to compete with Active Directory.
> Second, upstream should be informed about their Redhat assumptions and see if
> they have advice or if they are receptive to decoupling patches. It's been by
> take that at least the 389 devs would like to see it in distros other than
> Fedora and RHEL.
yes most of my suggestions for port389 has already been approved and a milestone was set so starting with 1.3 version of the dirsrv most of my suggestions for gentoo where realized.
for freeipa first i have to find the the parts that depends on redhat
like filepath assumtions /etc/sysconfig and like that hardcoded path to mod_auth_krb conf and so on
so any help would be appriciated to find this errors
the we can provide patches that are more general
like specifying the the configfile name in a config file
i hope by the end of the week i will have a new gentoo appilance running to test freeipa
IMHO, RH directory stack also contains dogtag-pki system (and more ) - provide CA functionality.I tried to write dogtag-pki ebuild,but I badly writе java ebuild.
Also, free-ipa optional dependent on this package.
Incomplete ebulds for dogtag-pki contained in my private overlay.
P.S Sorry, my english is bad
This bag depend on #321875
Created attachment 238187 [details]
please, only for testing :)
FreeIPA 2.1 has been released, I really hope that someone takes this on.
Personally i would like to run this with all my machines. It also seems like RedHat will be shipping this with their RHEL soonish (as in fully supported)...
It's also the last thing missing wrt propper admin tools for larger networks.
This bug is depend on #299011
2.1 freeipa version have >=1.25.4 xmlrpc-c version.
P.S Mario. please, add block in depend
Created attachment 285823 [details]
This ebuild only for testing ( need more deps). Quality unknown
Created attachment 291221 [details]
I started another effort to create a working ebuild for freeipa. So far, I managed to get full IPA client support on a Gentoo box. I won't flood the bugzilla with my ebuilds (yet), as they are likely to change a lot when I try to get the server side up too.
People who are interested can have a look at https://github.com/ganto/freeipa
I also opened (and partially fixed) some bugs which could be added do the "Depends on" list: #445394, #445478