mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
218a261742
The ipa-range-check plugin used to determine the range type depending
on the value of the attributes such as RID or secondary RID base. This
approached caused variety of issues since the portfolio of ID range
types expanded.
The patch makes sure the following rules are implemented:
* No ID range pair can overlap on base ranges, with exception
of two ipa-ad-trust-posix ranges belonging to the same forest
* For any ID range pair of ranges belonging to the same domain:
* Both ID ranges must be of the same type
* For ranges of ipa-ad-trust type or ipa-local type:
* Primary RID ranges can not overlap
* For ranges of ipa-local type:
* Primary and secondary RID ranges can not overlap
* Secondary RID ranges cannot overlap
For the implementation part, the plugin was extended with a domain ID
to forest root domain ID mapping derivation capabilities.
https://fedorahosted.org/freeipa/ticket/4137
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
IPA Server
Overview
--------
FreeIPA allows Linux administrators to centrally manage identity,
authentication and access control aspects of Linux and UNIX systems
by providing simple to install and use command line and web based
managment tools.
FreeIPA is built on top of well known Open Source components and standard
protocols with a very strong focus on ease of management and automation
of installation and configuration tasks.
FreeIPA can seamlessly integrate into an Active Directory environment via
cross-realm Kerberos trust or user synchronization.
Benefits
--------
FreeIPA:
* Allows all your users to access all the machines with the same credentials
and security settings
* Allows users to access personal files transparently from any machine in
an authenticated and secure way
* Uses an advanced grouping mechanism to restrict network access to services
and files only to specific users
* Allows central management of security mechanisms like passwords,
SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
* Enables delegation of selected administrative tasks to other power users
* Integrates into Active Directory environments
Components
----------
The FreeIPA project provides unified installation and management
tools for the following components:
* LDAP Server - based on the 389 project (LDAP)
http://directory.fedoraproject.org/wiki/Main_Page
* KDC - based on MIT Kerberos implementation
http://k5wiki.kerberos.org/wiki/Main_Page
* PKI based on Dogtag project
http://pki.fedoraproject.org/wiki/PKI_Main_Page
* Samba libraries for Active Directory integration
http://www.samba.org/
* DNS Server based on BIND and the Bind-DynDB-LDAP plugin
https://www.isc.org/software/bind
https://fedorahosted.org/bind-dyndb-ldap
Project Website
---------------
Releases, announcements and other information can be found on the IPA
server project page at <http://www.freeipa.org/>.
Documentation
-------------
The most up-to-date documentation can be found at
<http://freeipa.org/page/Documentation>.
Quick Start
-----------
To get started quickly, start here:
<http://www.freeipa.org/page/Quick_Start_Guide>
Licensing
---------
Please see the file called COPYING.
Contacts
--------
* If you want to be informed about new code releases, bug fixes,
security fixes, general news and information about the IPA server
subscribe to the freeipa-announce mailing list at
<https://www.redhat.com/mailman/listinfo/freeipa-interest/>.
* If you have a bug report please submit it at:
<https://bugzilla.redhat.com>
* If you want to participate in actively developing IPA please
subscribe to the freeipa-devel mailing list at
<https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
us in IRC at irc://irc.freenode.net/freeipa