On 24 Jan 2018, at 15:17, Rob Crittenden <rcritten@redhat.com> wrote:

This is great feedback, thanks.

You might be able to get away with an IPA client in this case. sssd will
cache credentials. This wouldn't cover the case where someone hasn't
used the door yet, power goes off, and they need to open it though.

Yes, that is the backup plan in case I can’t get the replica to work with the very limited amount of RAM I have (either 256 or 512 MB). It’s a fun project for my hackerspace so the cost of failure is not that high.


I suspect that running without a CA is much more viable, but 389-ds can
be resource-intesive as well depending on how many entries you have.

I’m expecting we won’t have more than 150 users, so it shouldn’t be that big of a problem.


--
Aljaž Srebrnič a.k.a g5pw
My public key:  https://g5pw.me/key
Key fingerprint = 2109 8131 60CA 01AF 75EC  01BF E140 E1EE A54E E677