Hi everyone,
We're currently in the process of deploying FreeIPA within our
organization and I'd like to ask a few questions before we actually do
deploy it to make sure I'm not getting anything wrong.
We don't have an ActiveDirectory system, and our preference for
OpenSource means we most likely never will.
1. Is there any requirement for FreeIPA to have a public (internet
facing) connection if we already have an existing P2P link with our
data-centers?
2. We are placing all IPA servers under a separate sub-domain of our
primary domain. Are there any pitfalls to this or anything we should
look out for before doing this?
3. We thought of changing the ca-subject and subject bases to
CN=Certificate Authority,OU=IPA,OU=Identity Management,OU=<IT
OU>,O=<OUR ORGANIZATION>,C=LK
and
OU=IPA,OU=Identity Management,OU=<IT OU>,O=<OUR ORGANIZATION>,C=LK
respectively. Will there be any problems in doing this?
Thanks in advance for any replies,
Chathranga Wijekoon.
Show replies by date