From Fedora Project Wiki
(Created page with "<!-- Self Contained or System Wide Change Proposal? Use this guide to determine to which category your proposed change belongs to. Self Contained Changes are: * changes to is...")
 
(Detailed Description)
 
(4 intermediate revisions by one other user not shown)
Line 50: Line 50:
 
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
 
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
 
-->
 
-->
* Tracker bug: <will be assigned by the Wrangler>
+
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=998502 #998502]
  
 
== Detailed Description ==
 
== Detailed Description ==
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to use FreeIPA identities to access resources in Active Directory, for example, to log-on into Windows workstations.
+
FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to access FreeIPA resources from any subdomain of an Active Directory forest.
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
Line 136: Line 136:
 
'''To be completed by the Change Freeze!'''
 
'''To be completed by the Change Freeze!'''
  
[[Category:ChangeReadyForWrangler]]
+
[[Category:ChangeAcceptedF20]]
 
<!-- [[Category:ChangeAnnounced]] -->
 
<!-- [[Category:ChangeAnnounced]] -->
 
<!-- [[Category:ChangePageIncomplete]] -->
 
<!-- [[Category:ChangePageIncomplete]] -->

Latest revision as of 08:54, 11 October 2013


Transitive Trusts with Active Directory support for FreeIPA

Summary

FreeIPA will support transitive trusts with Active Directory

Owner

  • Name: Alexander Bokovoy
  • Email: abokovoy@redhat.com
  • Release notes owner: <To be assigned by docs team>

Current status

Detailed Description

FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to access FreeIPA resources from any subdomain of an Active Directory forest.

Benefit to Fedora

Environments with FreeIPA and cross-realm trusts to Active Directory domains will be fully integrated in both directions (AD -> FreeIPA and FreeIPA -> AD).

Scope

This change requires expansion of logic in FreeIPA-provided database driver to Kerberos KDC. Additionally, it requires development of Global Catalog Service compatible with Active Directory. This is fairly isolated effort within FreeIPA.

  • Other developers: no effect
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)

Upgrade/compatibility impact

Feature should be compatible with existing FreeIPA 3.x installs. Upgrade of LDAP data store is done through existing FreeIPA upgrade functionality.

How To Test

Test instructions are maintained at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup

User Experience

No visible UI changes planned.

Dependencies

Required changes are isolated to FreeIPA.

Contingency Plan

  • Contingency mechanism: no Global Catalog service will be available to users (current state in Fedora 19)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? No

Documentation

  • Development is being planned for FreeIPA 3.4 version

Release Notes

To be completed by the Change Freeze!