Changes/IPAv3TransitiveTrusts

From FedoraProject

< Changes(Difference between revisions)
Jump to: navigation, search
(Add tracker bug)
(Detailed Description)
 
Line 54: Line 54:
 
== Detailed Description ==
 
== Detailed Description ==
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
 
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to use FreeIPA identities to access resources in Active Directory, for example, to log-on into Windows workstations.
+
FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to access FreeIPA resources from any subdomain of an Active Directory forest.
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==

Latest revision as of 08:54, 11 October 2013


Contents

[edit] Transitive Trusts with Active Directory support for FreeIPA

[edit] Summary

FreeIPA will support transitive trusts with Active Directory

[edit] Owner

  • Name: Alexander Bokovoy
  • Email: abokovoy@redhat.com
  • Release notes owner: <To be assigned by docs team>

[edit] Current status

[edit] Detailed Description

FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to access FreeIPA resources from any subdomain of an Active Directory forest.

[edit] Benefit to Fedora

Environments with FreeIPA and cross-realm trusts to Active Directory domains will be fully integrated in both directions (AD -> FreeIPA and FreeIPA -> AD).

[edit] Scope

This change requires expansion of logic in FreeIPA-provided database driver to Kerberos KDC. Additionally, it requires development of Global Catalog Service compatible with Active Directory. This is fairly isolated effort within FreeIPA.

  • Other developers: no effect
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)

[edit] Upgrade/compatibility impact

Feature should be compatible with existing FreeIPA 3.x installs. Upgrade of LDAP data store is done through existing FreeIPA upgrade functionality.

[edit] How To Test

Test instructions are maintained at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup

[edit] User Experience

No visible UI changes planned.

[edit] Dependencies

Required changes are isolated to FreeIPA.

[edit] Contingency Plan

  • Contingency mechanism: no Global Catalog service will be available to users (current state in Fedora 19)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? No

[edit] Documentation

  • Development is being planned for FreeIPA 3.4 version

[edit] Release Notes

To be completed by the Change Freeze!