I have a FreeIPA server for my local lab domain (lets say lab.domain-a.com) which works fine. I have another domain (domain-b.net) which I would like an LDAP server for. I would like to use FreeIPA for domain-b.net as well, but I do not want to spin up another server for domain-b.net as of right now. Does FreeIPA have a way for me to setup more then one Kerberos realm and LDAP domains? In other words, can one FreeIPA server have LDAP objects in either "dc=lab,dc=domain-a,dc=com" or "dc=domain-b,dc=org" and Kerberos realms for "LAB.DOMAIN-A.COM" and "DOMAIN-B.COM"?
I do not need to have the same objects in both domains/realms, although that would be a nice feature. As I understand it, I am basically asking for two FreeIPA instances on the same server. Is this possible as of right now? If so, how would I go about setting this up?
Just to clarify, I am not asking for multiple DNS zones, I am asking for independent Kerberos Realms and LDAP domain components.
Minecraft Chest1 via FreeIPA-users wrote:
I have a FreeIPA server for my local lab domain (lets say lab.domain-a.com) which works fine. I have another domain (domain-b.net) which I would like an LDAP server for. I would like to use FreeIPA for domain-b.net as well, but I do not want to spin up another server for domain-b.net as of right now. Does FreeIPA have a way for me to setup more then one Kerberos realm and LDAP domains? In other words, can one FreeIPA server have LDAP objects in either "dc=lab,dc=domain-a,dc=com" or "dc=domain-b,dc=org" and Kerberos realms for "LAB.DOMAIN-A.COM" and "DOMAIN-B.COM"?
I do not need to have the same objects in both domains/realms, although that would be a nice feature. As I understand it, I am basically asking for two FreeIPA instances on the same server. Is this possible as of right now? If so, how would I go about setting this up?
Just to clarify, I am not asking for multiple DNS zones, I am asking for independent Kerberos Realms and LDAP domain components.
This is not supported and quite likely never will be.
rob
I was afraid of that, but I figured I would ask anyways.
freeipa-users@lists.fedorahosted.org