Sandy, I'm a fan of your suggested FreeIPA implementation, but some real planning is required ahead of time. You need to dig into the documentation and look at what your real requirements are. I'd suggest you plan yourself with something similar to this: root CA - CentOS 7.x with 389-directory server and dogtag-pki CA configuration (may not be necessary depending on your requirement) - this can be kept offline and secure two or more identity management servers setup to replicated- Centos 7.x with IdM installed (IdM is part of the baseline install for CentOS I've successfully used IdM to support an ovirt virtualization cluster, and I'm told that IdM to Windows AD is relatively painless (but have not done it myself). Clients - IdM will support Fedora, CentOS 6 and CentOS 7 clients, plus all kinds of other capabilities Built this way, you will look a lot like the Redhat upstream solution, and you can even use the upstream documentation to plan - Root CA = RHEL 7 Redhat Certificate Server on Redhat Directory Server - IdM servers = RHEL 7 servers with IdM - ovirt virt cluster = Redhat Enterprise Virtualization Your actual Root CA, IdM servers and test clients can even exist within the ovirt cluster as clients. Steve _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
