Proposed F19 Feature: FreeIPA v3 Trust Improvements

Jaroslav Reznik jreznik at
Wed Jan 23 13:48:08 UTC 2013

As decided by FESCo on 2012-12-05 meeting, all proposed Features are required
to pass through the community review by announcing them on devel-announce list.
FESCo votes on new features no sooner than a week from the announcement.

= Features/IPAv3TrustImprovements =

Feature owner(s): Alexander Bokovoy <abokovoy at>

Multiple Domain Controllers and multiple additional DNS domains managed by 
FreeIPA can now be accessible via trusting relationship by Active Directory 
domain members. Additionally, Global Catalog service is provided for use by 
AD clients, allowing FreeIPA users to be included into access-control lists 
of AD resources. 

== Detailed description ==
In Fedora 18 only a single designated Domain Controller in FreeIPA realm is 
supported for interoperability with Active Directory and only a primary DNS 
domain associated with the FreeIPA realm is advertised to the trusted party.
With the changes coming in future FreeIPA release, support for multiple 
domain controllers per FreeIPA realm and multiple DNS domain suffixes associated
 with the realm will be available. FreeIPA will also provide Global Catalog 
service implementation which is key feature to allow discretionary access to 
Active Directory resources for FreeIPA users --- making possible, for example, 
interactive logon to Windows machines under a FreeIPA identity. 

More information about the devel-announce mailing list