Sorry, new to all this. My intent is to add an IPA environment to an existing local openldap 389server test environment.
The Deployment Recommendations document warns about overlaps with existing active directory domains but does not mention 389server domains. My intention is to share a local subnet and the same domain name with an existing 389server configuration.
The environments will made up of separate systems and have their own dns servers(each have their own LDAP) but will need to ssh back and forth.
These are CentOS 6.5(389 1.2.11-15) and CentOS 7.6(ipa-server 4.6.4-10.el7) environments using dnsmasq(2.48-13 and 2.76-7)
Hosts files:
389server(dns: dnsvr1.test.hfgs.net) server1.test.company.net server2.test.company.net server11.test.company.net server12.test.company.net
IPA(dns: ipasvr1.test.hfgs.net) server11.test.company.net server12.test.company.net server1.test.company.net server2.test.company.net
Is this viable? If not, What do i need to do to get add this second IPA environment?
Thanks.
phil.barone--- via FreeIPA-users wrote:
Sorry, new to all this. My intent is to add an IPA environment to an existing local openldap 389server test environment.
The Deployment Recommendations document warns about overlaps with existing active directory domains but does not mention 389server domains. My intention is to share a local subnet and the same domain name with an existing 389server configuration.
The environments will made up of separate systems and have their own dns servers(each have their own LDAP) but will need to ssh back and forth.
These are CentOS 6.5(389 1.2.11-15) and CentOS 7.6(ipa-server 4.6.4-10.el7) environments using dnsmasq(2.48-13 and 2.76-7)
Hosts files:
389server(dns: dnsvr1.test.hfgs.net) server1.test.company.net server2.test.company.net server11.test.company.net server12.test.company.net
IPA(dns: ipasvr1.test.hfgs.net) server11.test.company.net server12.test.company.net server1.test.company.net server2.test.company.net
Is this viable? If not, What do i need to do to get add this second IPA environment?
You seem to be using the terms openldap and 389 interchangably. They are different things.
Are you advertising the LDAP SRV records in your existing infrastructure, or do you plan to? If not then it would probably work fine.
rob
phil.barone--- via FreeIPA-users wrote:
You seem to be using the terms openldap and 389 interchangably. They are different things.
Hmm, that shows what I know. Sorry, just disregard openldap.
Are you advertising the LDAP SRV records in your existing infrastructure,
I'm not sure what is meant by advertising. We use dnsmasq because it dumbs down a lot of the details so am not familiar with the term. Can you show me how to tell if I am?
or do you plan to? If not then it would probably work fine.
rob
Thanks Rob.
freeipa-users@lists.fedorahosted.org