I am assuming the question is "Has anyone used freeipa on the internet". Which I think may be a better question for freeipa-users than here since they know more about their access controls and configuration and if that would be safe. >From a 389 point of view, the 389 LDAP server is fine to put on the internet - I myself run an internet facing demonstration instance for my blog-tutorials. So I would suggest you ask on the freeipa-users list, and as a general piece of advice, more information is better about what you are trying to achieve - it means I can give better and informed answers if you provide more information. Thanks, > On 5 Nov 2019, at 20:35, Subin Dangol <subindangol@xxxxxxxxxxxxxxxx> wrote: > > I am trying to use freeipa server so that i can authenticate all my server using that. Freeipa server uses 389Directory Services kerberos for that . I want to authenticate all my server in a different location to be authenticated through that. Has any one tried that. > > SUBIN DANGOL > Network Administrator > tel: 9841733827 > email: subindangol@xxxxxxxxxxxxxxxx > web: http://www.lftechnology.com > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. > > > On Tue, Nov 5, 2019 at 11:43 AM William Brown <wbrown@xxxxxxx> wrote: > Hi there, > > Sorry, but I don't understand the question - what do you mean here by "IDM serve"? > > Saying something is safe to expose to WAN is a really complex question - While we have a lot of security hardening in the code, but you have to asses but also your configuration such as anonymous or information disclosure risks and acis. > > I think to answer this we need to know more about your deployment and what you plan to do here to really answer your question. Can you elaborate more? > > Thanks, > > > On 5 Nov 2019, at 15:52, Subin Dangol <subindangol@xxxxxxxxxxxxxxxx> wrote: > > > > Hi , > > > > Has any implemented Idm serve . Is it safe to expose it to WAN network. > > > > SUBIN DANGOL > > Network Administrator > > tel: 9841733827 > > email: subindangol@xxxxxxxxxxxxxxxx > > web: http://www.lftechnology.com > > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. > > > > > > On Mon, Nov 4, 2019 at 7:52 PM Mark Reynolds <mreynolds@xxxxxxxxxx> wrote: > > 389 Directory Server 1.4.0.30 > > > > The 389 Directory Server team is proud to announce 389-ds-base version 1.4.0.30 > > > > Fedora packages are available on Fedora 29 > > > > Fedora 29 > > > > https://koji.fedoraproject.org/koji/taskinfo?taskID=38715661 > > > > Bodhi > > > > F29 https://bodhi.fedoraproject.org/updates/FEDORA-2019-01a5328b48 > > > > The new packages and versions are: > > > > • 389-ds-base-1.4.0.30-1 > > Source tarballs are available for download at Download 389-ds-base Source > > > > Highlights in 1.4.0.30 > > > > Bug fixes > > > > Installation and Upgrade > > > > See Download for information about setting up your yum repositories. > > > > To install, use dnf install 389-ds-base, then run dscreate. > > > > To install the Cockpit UI plugin use dnf install cockpit-389-ds > > > > See Install_Guide for more information about the initial installation, setup, and upgrade > > > > See Source for information about source tarballs and SCM (git) access. > > > > New UI Progress (Cockpit plugin) > > > > The new UI is fully functional! There are still parts that need to be converted to ReactJS, but everything works. > > > > Configuration Tab Functional Written in ReactJS > > Server Tab Yes No > > Security Tab Yes Yes > > Database Tab Yes Yes > > Replication Tab Yes Yes > > Schema Tab Yes No > > Plugin Tab Yes Yes > > Monitor Tab Yes Yes > > Feedback > > > > We are very interested in your feedback! > > > > Please provide feedback and comments to the 389-users mailing list: https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject.org > > > > If you find a bug, or would like to see a new feature, file it in our Pagure project: https://pagure.io/389-ds-base > > > > • Bump version to 1.4.0.30 > > • Fix cherry-pick error in lib389 > > • Bump version to 1.4.0.29 > > • Issue 50592 - Port Replication Tab to ReactJS > > • Issue 50067 - Fix krb5 dependency in a specfile > > • Issue 50545 - Port repl-monitor.pl to lib389 CLI > > • Issue 50497 - Port cl-dump.pl tool to Python using lib389 > > • Issue 49850 - cont -fix crash in ldbm_non_leaf > > • Issue 50634 - Clean up CLI errors output - Fix wrong exception > > • Issue 50634 - Clean up CLI errors output > > • Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries > > • Issue 50655 - access log etime is not properly formatted > > • Issue 50653 - objectclass parsing fails to log error message text > > • Issue 50646 - Improve task handling during shutdowns > > • Issue 50622 - ds_selinux_enabled may crash on suse > > -- > > > > 389 Directory Server Development Team > > > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx