[web] adding the freeipa admin guide for f15

Ella Lackey elladeon at fedoraproject.org
Mon Jun 13 21:39:39 UTC 2011


commit 52b5cbdaa48ab8bd016ea25d52daa15d48f7b0ef
Author: Deon Lackey <dlackey at redhat.com>
Date:   Mon Jun 13 17:37:38 2011 -0400

    adding the freeipa admin guide for f15

 fedoradocs.db                                      |  Bin 524288 -> 528384 bytes
 public_html/Sitemap                                |   64 +-
 public_html/as-IN/Site_Statistics.html             |    8 +-
 public_html/as-IN/opds-Drafts.xml                  |   34 +
 public_html/as-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/as-IN/opds-Fedora_Core.xml             |    2 +-
 .../as-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/as-IN/opds.xml                         |   18 +-
 public_html/as-IN/toc.html                         |   36 +-
 public_html/bg-BG/Site_Statistics.html             |    8 +-
 public_html/bg-BG/opds-Drafts.xml                  |   34 +
 public_html/bg-BG/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/bg-BG/opds-Fedora_Core.xml             |    2 +-
 .../bg-BG/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/bg-BG/opds.xml                         |   18 +-
 public_html/bg-BG/toc.html                         |   36 +-
 public_html/bn-IN/Site_Statistics.html             |    8 +-
 public_html/bn-IN/opds-Drafts.xml                  |   34 +
 public_html/bn-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/bn-IN/opds-Fedora_Core.xml             |    2 +-
 .../bn-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/bn-IN/opds.xml                         |   18 +-
 public_html/bn-IN/toc.html                         |   36 +-
 public_html/bs-BA/Site_Statistics.html             |    8 +-
 public_html/bs-BA/opds-Drafts.xml                  |   34 +
 public_html/bs-BA/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/bs-BA/opds-Fedora_Core.xml             |    2 +-
 .../bs-BA/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/bs-BA/opds.xml                         |   18 +-
 public_html/bs-BA/toc.html                         |   36 +-
 public_html/ca-ES/Site_Statistics.html             |    8 +-
 public_html/ca-ES/opds-Drafts.xml                  |   34 +
 public_html/ca-ES/opds-Fedora.xml                  |   10 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/ca-ES/opds-Fedora_Core.xml             |    2 +-
 .../ca-ES/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/ca-ES/opds.xml                         |   18 +-
 public_html/ca-ES/toc.html                         |   36 +-
 public_html/cs-CZ/Site_Statistics.html             |    8 +-
 public_html/cs-CZ/opds-Drafts.xml                  |   34 +
 public_html/cs-CZ/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/cs-CZ/opds-Fedora_Core.xml             |    2 +-
 .../cs-CZ/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/cs-CZ/opds.xml                         |   18 +-
 public_html/cs-CZ/toc.html                         |   36 +-
 public_html/da-DK/Site_Statistics.html             |    8 +-
 public_html/da-DK/opds-Drafts.xml                  |   34 +
 public_html/da-DK/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/da-DK/opds-Fedora_Core.xml             |    2 +-
 .../da-DK/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/da-DK/opds.xml                         |   18 +-
 public_html/da-DK/toc.html                         |   36 +-
 public_html/de-DE/Site_Statistics.html             |    8 +-
 public_html/de-DE/opds-Drafts.xml                  |   34 +
 public_html/de-DE/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/de-DE/opds-Fedora_Core.xml             |    2 +-
 .../de-DE/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/de-DE/opds.xml                         |   18 +-
 public_html/de-DE/toc.html                         |   38 +-
 public_html/el-GR/Site_Statistics.html             |    8 +-
 public_html/el-GR/opds-Drafts.xml                  |   34 +
 public_html/el-GR/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/el-GR/opds-Fedora_Core.xml             |    2 +-
 .../el-GR/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/el-GR/opds.xml                         |   18 +-
 public_html/el-GR/toc.html                         |   34 +-
 ...Enterprise_Identity_Management_Guide-en-US.epub |  Bin 0 -> 851194 bytes
 .../Common_Content/css/common.css                  | 1504 ++++++
 .../Common_Content/css/default.css                 |    0
 .../Common_Content/css/lang.css                    |    2 +
 .../Common_Content/css/overrides.css               |   47 +
 .../Common_Content/css/print.css                   |    0
 .../Common_Content/images/1.png                    |  Bin 0 -> 640 bytes
 .../Common_Content/images/1.svg                    |   27 +
 .../Common_Content/images/10.png                   |  Bin 0 -> 942 bytes
 .../Common_Content/images/10.svg                   |   31 +
 .../Common_Content/images/11.png                   |  Bin 0 -> 741 bytes
 .../Common_Content/images/11.svg                   |   31 +
 .../Common_Content/images/12.png                   |  Bin 0 -> 943 bytes
 .../Common_Content/images/12.svg                   |   31 +
 .../Common_Content/images/13.png                   |  Bin 0 -> 983 bytes
 .../Common_Content/images/13.svg                   |   31 +
 .../Common_Content/images/14.png                   |  Bin 0 -> 862 bytes
 .../Common_Content/images/14.svg                   |   31 +
 .../Common_Content/images/15.png                   |  Bin 0 -> 936 bytes
 .../Common_Content/images/15.svg                   |   31 +
 .../Common_Content/images/16.png                   |  Bin 0 -> 975 bytes
 .../Common_Content/images/16.svg                   |   31 +
 .../Common_Content/images/17.png                   |  Bin 0 -> 838 bytes
 .../Common_Content/images/17.svg                   |   31 +
 .../Common_Content/images/18.png                   |  Bin 0 -> 1013 bytes
 .../Common_Content/images/18.svg                   |   31 +
 .../Common_Content/images/19.png                   |  Bin 0 -> 989 bytes
 .../Common_Content/images/19.svg                   |   31 +
 .../Common_Content/images/2.png                    |  Bin 0 -> 814 bytes
 .../Common_Content/images/2.svg                    |   27 +
 .../Common_Content/images/20.png                   |  Bin 0 -> 1086 bytes
 .../Common_Content/images/20.svg                   |   31 +
 .../Common_Content/images/21.png                   |  Bin 0 -> 925 bytes
 .../Common_Content/images/21.svg                   |   31 +
 .../Common_Content/images/22.png                   |  Bin 0 -> 1059 bytes
 .../Common_Content/images/22.svg                   |   31 +
 .../Common_Content/images/23.png                   |  Bin 0 -> 1152 bytes
 .../Common_Content/images/23.svg                   |   31 +
 .../Common_Content/images/24.png                   |  Bin 0 -> 1013 bytes
 .../Common_Content/images/24.svg                   |   31 +
 .../Common_Content/images/25.png                   |  Bin 0 -> 1108 bytes
 .../Common_Content/images/25.svg                   |   31 +
 .../Common_Content/images/26.png                   |  Bin 0 -> 1149 bytes
 .../Common_Content/images/26.svg                   |   31 +
 .../Common_Content/images/27.png                   |  Bin 0 -> 1007 bytes
 .../Common_Content/images/27.svg                   |   31 +
 .../Common_Content/images/28.png                   |  Bin 0 -> 1177 bytes
 .../Common_Content/images/28.svg                   |   31 +
 .../Common_Content/images/29.png                   |  Bin 0 -> 1135 bytes
 .../Common_Content/images/29.svg                   |   31 +
 .../Common_Content/images/3.png                    |  Bin 0 -> 889 bytes
 .../Common_Content/images/3.svg                    |   27 +
 .../Common_Content/images/30.png                   |  Bin 0 -> 1179 bytes
 .../Common_Content/images/30.svg                   |   31 +
 .../Common_Content/images/31.png                   |  Bin 0 -> 1012 bytes
 .../Common_Content/images/31.svg                   |   31 +
 .../Common_Content/images/32.png                   |  Bin 0 -> 1151 bytes
 .../Common_Content/images/32.svg                   |   31 +
 .../Common_Content/images/33.png                   |  Bin 0 -> 1213 bytes
 .../Common_Content/images/33.svg                   |   31 +
 .../Common_Content/images/34.png                   |  Bin 0 -> 1107 bytes
 .../Common_Content/images/34.svg                   |   31 +
 .../Common_Content/images/35.png                   |  Bin 0 -> 1176 bytes
 .../Common_Content/images/35.svg                   |   31 +
 .../Common_Content/images/36.png                   |  Bin 0 -> 1222 bytes
 .../Common_Content/images/36.svg                   |   31 +
 .../Common_Content/images/37.png                   |  Bin 0 -> 1085 bytes
 .../Common_Content/images/37.svg                   |   31 +
 .../Common_Content/images/38.png                   |  Bin 0 -> 1256 bytes
 .../Common_Content/images/38.svg                   |   31 +
 .../Common_Content/images/39.png                   |  Bin 0 -> 1226 bytes
 .../Common_Content/images/39.svg                   |   31 +
 .../Common_Content/images/4.png                    |  Bin 0 -> 783 bytes
 .../Common_Content/images/4.svg                    |   27 +
 .../Common_Content/images/40.png                   |  Bin 0 -> 1082 bytes
 .../Common_Content/images/40.svg                   |   31 +
 .../Common_Content/images/5.png                    |  Bin 0 -> 839 bytes
 .../Common_Content/images/5.svg                    |   27 +
 .../Common_Content/images/6.png                    |  Bin 0 -> 868 bytes
 .../Common_Content/images/6.svg                    |   27 +
 .../Common_Content/images/7.png                    |  Bin 0 -> 757 bytes
 .../Common_Content/images/7.svg                    |   27 +
 .../Common_Content/images/8.png                    |  Bin 0 -> 914 bytes
 .../Common_Content/images/8.svg                    |   27 +
 .../Common_Content/images/9.png                    |  Bin 0 -> 877 bytes
 .../Common_Content/images/9.svg                    |   27 +
 .../Common_Content/images/bkgrnd_greydots.png      |  Bin 157 -> 157 bytes
 .../Common_Content/images/bullet_arrowblue.png     |  Bin 177 -> 177 bytes
 .../Common_Content/images/documentation.png        |  Bin 0 -> 1358 bytes
 .../Common_Content/images/dot.png                  |  Bin 98 -> 98 bytes
 .../Common_Content/images/dot2.png                 |  Bin 98 -> 98 bytes
 .../Common_Content/images/green.png                |  Bin 0 -> 176 bytes
 .../Common_Content/images/h1-bg.png                |  Bin 0 -> 142 bytes
 .../Common_Content/images/image_left.png           |  Bin 0 -> 2278 bytes
 .../Common_Content/images/image_right.png          |  Bin 0 -> 1358 bytes
 .../Common_Content/images/important.png            |  Bin 0 -> 1918 bytes
 .../Common_Content/images/important.svg            |   30 +
 .../Common_Content/images/note.png                 |  Bin 0 -> 1616 bytes
 .../Common_Content/images/note.svg                 |   28 +
 .../Common_Content/images/red.png                  |  Bin 0 -> 163 bytes
 .../Common_Content/images/redhat-logo.svg          |   94 +
 .../Common_Content/images/rhlogo.png               |  Bin 0 -> 2278 bytes
 .../Common_Content/images/shade.png                |  Bin 101 -> 101 bytes
 .../Common_Content/images/shine.png                |  Bin 146 -> 146 bytes
 .../Common_Content/images/stock-go-back.png        |  Bin 0 -> 571 bytes
 .../Common_Content/images/stock-go-forward.png     |  Bin 0 -> 531 bytes
 .../Common_Content/images/stock-go-up.png          |  Bin 0 -> 582 bytes
 .../Common_Content/images/stock-home.png           |  Bin 0 -> 772 bytes
 .../Common_Content/images/title_logo.png           |  Bin 0 -> 2278 bytes
 .../Common_Content/images/title_logo.svg           |   94 +
 .../Common_Content/images/warning.png              |  Bin 0 -> 1940 bytes
 .../Common_Content/images/warning.svg              |   32 +
 .../Common_Content/images/watermark-draft.png      |  Bin 0 -> 32139 bytes
 .../Common_Content/images/yellow.png               |  Bin 0 -> 175 bytes
 .../images/ASCII_Cert_Export.png                   |  Bin 0 -> 125056 bytes
 .../images/Accept_CA_No_Exception.png              |  Bin 0 -> 35762 bytes
 .../images/IPA_Migration_Final_State.png           |  Bin 0 -> 87482 bytes
 .../images/IPA_Migration_Initial_State.png         |  Bin 0 -> 22582 bytes
 .../images/IPA_arch.png                            |  Bin 0 -> 62304 bytes
 .../images/Select_User_WebUI.png                   |  Bin 0 -> 40486 bytes
 .../images/add_user.png                            |  Bin 0 -> 38786 bytes
 .../images/finalstate.svg                          | 3241 +++++++++++++
 .../images/icon.svg                                |    0
 .../images/kinit_admin.png                         |  Bin 0 -> 24636 bytes
 .../index.html                                     | 5002 ++++++++++++++++++++
 .../Common_Content/css/common.css                  | 1504 ++++++
 .../Common_Content/css/default.css                 |    0
 .../Common_Content/css/lang.css                    |    2 +
 .../Common_Content/css/overrides.css               |   47 +
 .../Common_Content/css/print.css                   |    0
 .../Common_Content/images/1.png                    |  Bin 0 -> 640 bytes
 .../Common_Content/images/1.svg                    |   27 +
 .../Common_Content/images/10.png                   |  Bin 0 -> 942 bytes
 .../Common_Content/images/10.svg                   |   31 +
 .../Common_Content/images/11.png                   |  Bin 0 -> 741 bytes
 .../Common_Content/images/11.svg                   |   31 +
 .../Common_Content/images/12.png                   |  Bin 0 -> 943 bytes
 .../Common_Content/images/12.svg                   |   31 +
 .../Common_Content/images/13.png                   |  Bin 0 -> 983 bytes
 .../Common_Content/images/13.svg                   |   31 +
 .../Common_Content/images/14.png                   |  Bin 0 -> 862 bytes
 .../Common_Content/images/14.svg                   |   31 +
 .../Common_Content/images/15.png                   |  Bin 0 -> 936 bytes
 .../Common_Content/images/15.svg                   |   31 +
 .../Common_Content/images/16.png                   |  Bin 0 -> 975 bytes
 .../Common_Content/images/16.svg                   |   31 +
 .../Common_Content/images/17.png                   |  Bin 0 -> 838 bytes
 .../Common_Content/images/17.svg                   |   31 +
 .../Common_Content/images/18.png                   |  Bin 0 -> 1013 bytes
 .../Common_Content/images/18.svg                   |   31 +
 .../Common_Content/images/19.png                   |  Bin 0 -> 989 bytes
 .../Common_Content/images/19.svg                   |   31 +
 .../Common_Content/images/2.png                    |  Bin 0 -> 814 bytes
 .../Common_Content/images/2.svg                    |   27 +
 .../Common_Content/images/20.png                   |  Bin 0 -> 1086 bytes
 .../Common_Content/images/20.svg                   |   31 +
 .../Common_Content/images/21.png                   |  Bin 0 -> 925 bytes
 .../Common_Content/images/21.svg                   |   31 +
 .../Common_Content/images/22.png                   |  Bin 0 -> 1059 bytes
 .../Common_Content/images/22.svg                   |   31 +
 .../Common_Content/images/23.png                   |  Bin 0 -> 1152 bytes
 .../Common_Content/images/23.svg                   |   31 +
 .../Common_Content/images/24.png                   |  Bin 0 -> 1013 bytes
 .../Common_Content/images/24.svg                   |   31 +
 .../Common_Content/images/25.png                   |  Bin 0 -> 1108 bytes
 .../Common_Content/images/25.svg                   |   31 +
 .../Common_Content/images/26.png                   |  Bin 0 -> 1149 bytes
 .../Common_Content/images/26.svg                   |   31 +
 .../Common_Content/images/27.png                   |  Bin 0 -> 1007 bytes
 .../Common_Content/images/27.svg                   |   31 +
 .../Common_Content/images/28.png                   |  Bin 0 -> 1177 bytes
 .../Common_Content/images/28.svg                   |   31 +
 .../Common_Content/images/29.png                   |  Bin 0 -> 1135 bytes
 .../Common_Content/images/29.svg                   |   31 +
 .../Common_Content/images/3.png                    |  Bin 0 -> 889 bytes
 .../Common_Content/images/3.svg                    |   27 +
 .../Common_Content/images/30.png                   |  Bin 0 -> 1179 bytes
 .../Common_Content/images/30.svg                   |   31 +
 .../Common_Content/images/31.png                   |  Bin 0 -> 1012 bytes
 .../Common_Content/images/31.svg                   |   31 +
 .../Common_Content/images/32.png                   |  Bin 0 -> 1151 bytes
 .../Common_Content/images/32.svg                   |   31 +
 .../Common_Content/images/33.png                   |  Bin 0 -> 1213 bytes
 .../Common_Content/images/33.svg                   |   31 +
 .../Common_Content/images/34.png                   |  Bin 0 -> 1107 bytes
 .../Common_Content/images/34.svg                   |   31 +
 .../Common_Content/images/35.png                   |  Bin 0 -> 1176 bytes
 .../Common_Content/images/35.svg                   |   31 +
 .../Common_Content/images/36.png                   |  Bin 0 -> 1222 bytes
 .../Common_Content/images/36.svg                   |   31 +
 .../Common_Content/images/37.png                   |  Bin 0 -> 1085 bytes
 .../Common_Content/images/37.svg                   |   31 +
 .../Common_Content/images/38.png                   |  Bin 0 -> 1256 bytes
 .../Common_Content/images/38.svg                   |   31 +
 .../Common_Content/images/39.png                   |  Bin 0 -> 1226 bytes
 .../Common_Content/images/39.svg                   |   31 +
 .../Common_Content/images/4.png                    |  Bin 0 -> 783 bytes
 .../Common_Content/images/4.svg                    |   27 +
 .../Common_Content/images/40.png                   |  Bin 0 -> 1082 bytes
 .../Common_Content/images/40.svg                   |   31 +
 .../Common_Content/images/5.png                    |  Bin 0 -> 839 bytes
 .../Common_Content/images/5.svg                    |   27 +
 .../Common_Content/images/6.png                    |  Bin 0 -> 868 bytes
 .../Common_Content/images/6.svg                    |   27 +
 .../Common_Content/images/7.png                    |  Bin 0 -> 757 bytes
 .../Common_Content/images/7.svg                    |   27 +
 .../Common_Content/images/8.png                    |  Bin 0 -> 914 bytes
 .../Common_Content/images/8.svg                    |   27 +
 .../Common_Content/images/9.png                    |  Bin 0 -> 877 bytes
 .../Common_Content/images/9.svg                    |   27 +
 .../Common_Content/images/bkgrnd_greydots.png      |  Bin 157 -> 157 bytes
 .../Common_Content/images/bullet_arrowblue.png     |  Bin 177 -> 177 bytes
 .../Common_Content/images/documentation.png        |  Bin 0 -> 1358 bytes
 .../Common_Content/images/dot.png                  |  Bin 98 -> 98 bytes
 .../Common_Content/images/dot2.png                 |  Bin 98 -> 98 bytes
 .../Common_Content/images/green.png                |  Bin 0 -> 176 bytes
 .../Common_Content/images/h1-bg.png                |  Bin 0 -> 142 bytes
 .../Common_Content/images/image_left.png           |  Bin 0 -> 2278 bytes
 .../Common_Content/images/image_right.png          |  Bin 0 -> 1358 bytes
 .../Common_Content/images/important.png            |  Bin 0 -> 1918 bytes
 .../Common_Content/images/important.svg            |   30 +
 .../Common_Content/images/note.png                 |  Bin 0 -> 1616 bytes
 .../Common_Content/images/note.svg                 |   28 +
 .../Common_Content/images/red.png                  |  Bin 0 -> 163 bytes
 .../Common_Content/images/redhat-logo.svg          |   94 +
 .../Common_Content/images/rhlogo.png               |  Bin 0 -> 2278 bytes
 .../Common_Content/images/shade.png                |  Bin 101 -> 101 bytes
 .../Common_Content/images/shine.png                |  Bin 146 -> 146 bytes
 .../Common_Content/images/stock-go-back.png        |  Bin 0 -> 571 bytes
 .../Common_Content/images/stock-go-forward.png     |  Bin 0 -> 531 bytes
 .../Common_Content/images/stock-go-up.png          |  Bin 0 -> 582 bytes
 .../Common_Content/images/stock-home.png           |  Bin 0 -> 772 bytes
 .../Common_Content/images/title_logo.png           |  Bin 0 -> 2278 bytes
 .../Common_Content/images/title_logo.svg           |   94 +
 .../Common_Content/images/warning.png              |  Bin 0 -> 1940 bytes
 .../Common_Content/images/warning.svg              |   32 +
 .../Common_Content/images/watermark-draft.png      |  Bin 0 -> 32139 bytes
 .../Common_Content/images/yellow.png               |  Bin 0 -> 175 bytes
 .../Configuring_an_IPA_Client_on_AIX.html          |  191 +
 .../Configuring_an_IPA_Client_on_HP_UX.html        |  425 ++
 ...onfiguring_an_IPA_Client_on_Macintosh_OS_X.html |  218 +
 .../Configuring_an_IPA_Client_on_Solaris.html      |  123 +
 .../Document_Conventions.html                      |   46 +
 .../Glossary.html                                  |  344 ++
 .../Installing_the_IPA_Server_Packages.html        |   20 +
 .../Migrating_from_a_Directory_Server_to_IPA.html  |  114 +
 .../Preface.html                                   |   28 +
 .../Preparing_for_an_IPA_Installation.html         |  165 +
 .../Uninstalling_IPA_Servers.html                  |   14 +
 .../Using_Microsoft_Windows.html                   |   37 +
 .../active-directory.html                          |   16 +
 .../adding-users.html                              |   47 +
 .../authz.html                                     |   16 +
 .../automount.html                                 |   39 +
 .../basic-usage.html                               |   40 +
 .../certs.html                                     |   26 +
 ...anagement_Guide-Frequently_Asked_Questions.html |   48 +
 ...y_Management_Guide-Setting_up_IPA_Replicas.html |   99 +
 .../config-virt-machines.html                      |   46 +
 .../configuring-active-directory.html              |   28 +
 .../configuring-automount.html                     |  157 +
 .../configuring-sudo.html                          |  201 +
 .../creating-roles.html                            |   49 +
 .../creating-server.html                           |  426 ++
 .../deployment-scenarios.html                      |   12 +
 .../disabling-anon-binds.html                      |   23 +
 .../doc-history.html                               |   16 +
 .../editing-users.html                             |   22 +
 .../enrolling-machines.html                        |  102 +
 .../feedback.html                                  |   24 +
 .../host-groups.html                               |   12 +
 .../hosts.html                                     |   14 +
 .../images/ASCII_Cert_Export.png                   |  Bin 0 -> 125056 bytes
 .../images/Accept_CA_No_Exception.png              |  Bin 0 -> 35762 bytes
 .../images/IPA_Migration_Final_State.png           |  Bin 0 -> 87482 bytes
 .../images/IPA_Migration_Initial_State.png         |  Bin 0 -> 22582 bytes
 .../images/IPA_arch.png                            |  Bin 0 -> 62304 bytes
 .../images/Select_User_WebUI.png                   |  Bin 0 -> 40486 bytes
 .../images/add_user.png                            |  Bin 0 -> 38786 bytes
 .../images/finalstate.svg                          | 3241 +++++++++++++
 .../images/icon.svg                                |    0
 .../images/kinit_admin.png                         |  Bin 0 -> 24636 bytes
 .../index.html                                     |   43 +
 .../installing-ipa.html                            |   20 +
 .../introduction.html                              |  112 +
 .../ipa-apache.html                                |   50 +
 .../ipa-cluster.html                               |   44 +
 .../ipa-components.html                            |   12 +
 .../ipa-files.html                                 |   12 +
 .../Enterprise_Identity_Management_Guide/ix01.html |   10 +
 .../kerb-policies.html                             |   26 +
 .../kerberos.html                                  |   54 +
 .../logging-in.html                                |   28 +
 .../logging.html                                   |   27 +
 .../managing-clients.html                          |  105 +
 .../migrintg-from-nis.html                         |   62 +
 .../Enterprise_Identity_Management_Guide/nis.html  |  161 +
 .../policy.html                                    |   12 +
 .../promoting-replica.html                         |   31 +
 .../renaming-machines.html                         |   64 +
 .../rotating-keys.html                             |   45 +
 .../search-limits.html                             |   55 +
 .../searching.html                                 |  105 +
 ...Authentication-Refreshing_Kerberos_Tickets.html |   41 +
 ...g_Certificates_and_Certificate_Authorities.html |   47 +
 ...-Activating_and_Deactivating_User_Accounts.html |   22 +
 ...e-Configuring_IPA_Users-Deleting_IPA_Users.html |   30 +
 ...IPA_Users-Specifying_Default_User_Settings.html |   43 +
 ...pals-Creating_and_Using_Service_Principals.html |  163 +
 ...guring_the_Network_Information_Service_NIS.html |   49 +
 ...neral_Troubleshooting_Tips-Client_Problems.html |   14 +
 ...neral_Troubleshooting_Tips-Kerberos_Errors.html |   18 +
 ...ccess_Control_Policies-HBAC_Service_Groups.html |   26 +
 ...ased_Access_Control_Policies-HBAC_Services.html |   34 +
 ...Implementing_Unique_UID_and_GID_Attributes.html |   33 +
 ...to_IPA-Performing_a_Client_based_Migration.html |   35 +
 ...to_IPA-Performing_a_Server_based_Migration.html |   70 +
 ...-Prerequisites-Setting_up_Active_Directory.html |   34 +
 ...ectory-Creating_Synchronization_Agreements.html |   27 +
 ...ectory-Deleting_Synchronization_Agreements.html |   18 +
 ...ctory-Modifying_Synchronization_Agreements.html |   29 +
 ...ing_IPA_Servers-Winsync_Agreement_Failures.html |   38 +
 ..._DNS-Creating_DNS_Entries_for_IPA_Replicas.html |   14 +
 ...e-Working_with_certmonger-Using_certmonger.html |   22 +
 ..._with_certmonger-Using_certmonger_with_IPA.html |   19 +
 ..._with_certmonger-Using_certmonger_with_NSS.html |   21 +
 ...y_Management_Guide-Working_with_certmonger.html |   16 +
 .../self-service.html                              |   40 +
 .../server-config.html                             |  134 +
 .../setting-up-clients.html                        |  135 +
 .../Enterprise_Identity_Management_Guide/sudo.html |   30 +
 .../switching-users.html                           |   35 +
 .../uninstalling-clients.html                      |   14 +
 .../user-groups.html                               |   85 +
 .../user-pwdpolicy.html                            |  244 +
 .../users.html                                     |   26 +
 ...-Enterprise_Identity_Management_Guide-en-US.pdf |  Bin 0 -> 1264697 bytes
 .../Fedora-15-FreeIPA_Guide-en-US.epub             |  Bin 0 -> 849244 bytes
 .../FreeIPA_Guide/Common_Content/css/common.css    | 1504 ++++++
 .../FreeIPA_Guide}/Common_Content/css/default.css  |    0
 .../FreeIPA_Guide/Common_Content/css/lang.css      |    2 +
 .../Common_Content/css/overrides.css               |    0
 .../FreeIPA_Guide}/Common_Content/css/print.css    |    0
 .../FreeIPA_Guide}/Common_Content/images/1.png     |  Bin 690 -> 690 bytes
 .../FreeIPA_Guide}/Common_Content/images/1.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/10.png    |  Bin 982 -> 982 bytes
 .../FreeIPA_Guide}/Common_Content/images/10.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/11.png    |  Bin 806 -> 806 bytes
 .../FreeIPA_Guide}/Common_Content/images/11.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/12.png    |  Bin 953 -> 953 bytes
 .../FreeIPA_Guide}/Common_Content/images/12.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/13.png    |  Bin 1015 -> 1015 bytes
 .../FreeIPA_Guide}/Common_Content/images/13.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/14.png    |  Bin 933 -> 933 bytes
 .../FreeIPA_Guide}/Common_Content/images/14.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/15.png    |  Bin 996 -> 996 bytes
 .../FreeIPA_Guide}/Common_Content/images/15.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/16.png    |  Bin 1030 -> 1030 bytes
 .../FreeIPA_Guide}/Common_Content/images/16.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/17.png    |  Bin 870 -> 870 bytes
 .../FreeIPA_Guide}/Common_Content/images/17.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/18.png    |  Bin 1001 -> 1001 bytes
 .../FreeIPA_Guide}/Common_Content/images/18.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/19.png    |  Bin 1013 -> 1013 bytes
 .../FreeIPA_Guide}/Common_Content/images/19.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/2.png     |  Bin 808 -> 808 bytes
 .../FreeIPA_Guide}/Common_Content/images/2.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/20.png    |  Bin 1121 -> 1121 bytes
 .../FreeIPA_Guide}/Common_Content/images/20.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/21.png    |  Bin 981 -> 981 bytes
 .../FreeIPA_Guide}/Common_Content/images/21.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/22.png    |  Bin 1057 -> 1057 bytes
 .../FreeIPA_Guide}/Common_Content/images/22.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/23.png    |  Bin 1120 -> 1120 bytes
 .../FreeIPA_Guide}/Common_Content/images/23.svg    |    0
 .../FreeIPA_Guide/Common_Content/images/24.png     |  Bin 0 -> 1083 bytes
 .../FreeIPA_Guide/Common_Content/images/24.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/25.png     |  Bin 0 -> 1182 bytes
 .../FreeIPA_Guide/Common_Content/images/25.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/26.png     |  Bin 0 -> 1215 bytes
 .../FreeIPA_Guide/Common_Content/images/26.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/27.png     |  Bin 0 -> 1086 bytes
 .../FreeIPA_Guide/Common_Content/images/27.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/28.png     |  Bin 0 -> 1251 bytes
 .../FreeIPA_Guide/Common_Content/images/28.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/29.png     |  Bin 0 -> 1212 bytes
 .../FreeIPA_Guide/Common_Content/images/29.svg     |   31 +
 .../FreeIPA_Guide}/Common_Content/images/3.png     |  Bin 868 -> 868 bytes
 .../FreeIPA_Guide}/Common_Content/images/3.svg     |    0
 .../FreeIPA_Guide/Common_Content/images/30.png     |  Bin 0 -> 1267 bytes
 .../FreeIPA_Guide/Common_Content/images/30.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/31.png     |  Bin 0 -> 1083 bytes
 .../FreeIPA_Guide/Common_Content/images/31.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/32.png     |  Bin 0 -> 1244 bytes
 .../FreeIPA_Guide/Common_Content/images/32.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/33.png     |  Bin 0 -> 1279 bytes
 .../FreeIPA_Guide/Common_Content/images/33.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/34.png     |  Bin 0 -> 1178 bytes
 .../FreeIPA_Guide/Common_Content/images/34.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/35.png     |  Bin 0 -> 1235 bytes
 .../FreeIPA_Guide/Common_Content/images/35.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/36.png     |  Bin 0 -> 1286 bytes
 .../FreeIPA_Guide/Common_Content/images/36.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/37.png     |  Bin 0 -> 1155 bytes
 .../FreeIPA_Guide/Common_Content/images/37.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/38.png     |  Bin 0 -> 1325 bytes
 .../FreeIPA_Guide/Common_Content/images/38.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/39.png     |  Bin 0 -> 1300 bytes
 .../FreeIPA_Guide/Common_Content/images/39.svg     |   31 +
 .../FreeIPA_Guide}/Common_Content/images/4.png     |  Bin 794 -> 794 bytes
 .../FreeIPA_Guide}/Common_Content/images/4.svg     |    0
 .../FreeIPA_Guide/Common_Content/images/40.png     |  Bin 0 -> 1145 bytes
 .../FreeIPA_Guide/Common_Content/images/40.svg     |   31 +
 .../FreeIPA_Guide}/Common_Content/images/5.png     |  Bin 853 -> 853 bytes
 .../FreeIPA_Guide}/Common_Content/images/5.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/6.png     |  Bin 865 -> 865 bytes
 .../FreeIPA_Guide}/Common_Content/images/6.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/7.png     |  Bin 742 -> 742 bytes
 .../FreeIPA_Guide}/Common_Content/images/7.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/8.png     |  Bin 862 -> 862 bytes
 .../FreeIPA_Guide}/Common_Content/images/8.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/9.png     |  Bin 860 -> 860 bytes
 .../FreeIPA_Guide}/Common_Content/images/9.svg     |    0
 .../Common_Content/images/bkgrnd_greydots.png      |  Bin 157 -> 157 bytes
 .../Common_Content/images/bullet_arrowblue.png     |  Bin 177 -> 177 bytes
 .../Common_Content/images/documentation.png        |  Bin 623 -> 623 bytes
 .../FreeIPA_Guide}/Common_Content/images/dot.png   |  Bin 98 -> 98 bytes
 .../FreeIPA_Guide}/Common_Content/images/dot2.png  |  Bin 98 -> 98 bytes
 .../FreeIPA_Guide/Common_Content/images/green.png  |  Bin 0 -> 176 bytes
 .../FreeIPA_Guide}/Common_Content/images/h1-bg.png |  Bin 565 -> 565 bytes
 .../Common_Content/images/image_left.png           |  Bin 1114 -> 1114 bytes
 .../Common_Content/images/image_right.png          |  Bin 4092 -> 4092 bytes
 .../Common_Content/images/important.png            |  Bin 2080 -> 2080 bytes
 .../Common_Content/images/important.svg            |    0
 .../FreeIPA_Guide}/Common_Content/images/logo.png  |  Bin 1114 -> 1114 bytes
 .../FreeIPA_Guide}/Common_Content/images/note.png  |  Bin 1241 -> 1241 bytes
 .../FreeIPA_Guide}/Common_Content/images/note.svg  |    0
 .../FreeIPA_Guide/Common_Content/images/red.png    |  Bin 0 -> 163 bytes
 .../Common_Content/images/redhat-logo.svg          |   94 +
 .../FreeIPA_Guide/Common_Content/images/rhlogo.png |  Bin 0 -> 2278 bytes
 .../FreeIPA_Guide}/Common_Content/images/shade.png |  Bin 101 -> 101 bytes
 .../FreeIPA_Guide}/Common_Content/images/shine.png |  Bin 146 -> 146 bytes
 .../Common_Content/images/stock-go-back.png        |  Bin 828 -> 828 bytes
 .../Common_Content/images/stock-go-forward.png     |  Bin 828 -> 828 bytes
 .../Common_Content/images/stock-go-up.png          |  Bin 760 -> 760 bytes
 .../Common_Content/images/stock-home.png           |  Bin 808 -> 808 bytes
 .../Common_Content/images/title_logo.png           |  Bin 13399 -> 13399 bytes
 .../Common_Content/images/title_logo.svg           |    0
 .../Common_Content/images/warning.png              |  Bin 1340 -> 1340 bytes
 .../Common_Content/images/warning.svg              |    0
 .../Common_Content/images/watermark-draft.png      |  Bin 0 -> 32139 bytes
 .../FreeIPA_Guide/Common_Content/images/yellow.png |  Bin 0 -> 175 bytes
 .../FreeIPA_Guide/images/ASCII_Cert_Export.png     |  Bin 0 -> 125056 bytes
 .../images/Accept_CA_No_Exception.png              |  Bin 0 -> 35762 bytes
 .../images/IPA_Migration_Final_State.png           |  Bin 0 -> 87482 bytes
 .../images/IPA_Migration_Initial_State.png         |  Bin 0 -> 22582 bytes
 .../html-single/FreeIPA_Guide/images/IPA_arch.png  |  Bin 0 -> 62304 bytes
 .../FreeIPA_Guide/images/Select_User_WebUI.png     |  Bin 0 -> 40486 bytes
 .../html-single/FreeIPA_Guide/images/add_user.png  |  Bin 0 -> 38786 bytes
 .../FreeIPA_Guide/images/finalstate.svg            | 3241 +++++++++++++
 .../15/html-single/FreeIPA_Guide}/images/icon.svg  |    0
 .../FreeIPA_Guide/images/kinit_admin.png           |  Bin 0 -> 24636 bytes
 .../Fedora/15/html-single/FreeIPA_Guide/index.html | 4858 +++++++++++++++++++
 .../FreeIPA_Guide/Common_Content/css/common.css    | 1504 ++++++
 .../FreeIPA_Guide}/Common_Content/css/default.css  |    0
 .../html/FreeIPA_Guide/Common_Content/css/lang.css |    2 +
 .../Common_Content/css/overrides.css               |    0
 .../FreeIPA_Guide}/Common_Content/css/print.css    |    0
 .../FreeIPA_Guide}/Common_Content/images/1.png     |  Bin 690 -> 690 bytes
 .../FreeIPA_Guide}/Common_Content/images/1.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/10.png    |  Bin 982 -> 982 bytes
 .../FreeIPA_Guide}/Common_Content/images/10.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/11.png    |  Bin 806 -> 806 bytes
 .../FreeIPA_Guide}/Common_Content/images/11.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/12.png    |  Bin 953 -> 953 bytes
 .../FreeIPA_Guide}/Common_Content/images/12.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/13.png    |  Bin 1015 -> 1015 bytes
 .../FreeIPA_Guide}/Common_Content/images/13.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/14.png    |  Bin 933 -> 933 bytes
 .../FreeIPA_Guide}/Common_Content/images/14.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/15.png    |  Bin 996 -> 996 bytes
 .../FreeIPA_Guide}/Common_Content/images/15.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/16.png    |  Bin 1030 -> 1030 bytes
 .../FreeIPA_Guide}/Common_Content/images/16.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/17.png    |  Bin 870 -> 870 bytes
 .../FreeIPA_Guide}/Common_Content/images/17.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/18.png    |  Bin 1001 -> 1001 bytes
 .../FreeIPA_Guide}/Common_Content/images/18.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/19.png    |  Bin 1013 -> 1013 bytes
 .../FreeIPA_Guide}/Common_Content/images/19.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/2.png     |  Bin 808 -> 808 bytes
 .../FreeIPA_Guide}/Common_Content/images/2.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/20.png    |  Bin 1121 -> 1121 bytes
 .../FreeIPA_Guide}/Common_Content/images/20.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/21.png    |  Bin 981 -> 981 bytes
 .../FreeIPA_Guide}/Common_Content/images/21.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/22.png    |  Bin 1057 -> 1057 bytes
 .../FreeIPA_Guide}/Common_Content/images/22.svg    |    0
 .../FreeIPA_Guide}/Common_Content/images/23.png    |  Bin 1120 -> 1120 bytes
 .../FreeIPA_Guide}/Common_Content/images/23.svg    |    0
 .../FreeIPA_Guide/Common_Content/images/24.png     |  Bin 0 -> 1083 bytes
 .../FreeIPA_Guide/Common_Content/images/24.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/25.png     |  Bin 0 -> 1182 bytes
 .../FreeIPA_Guide/Common_Content/images/25.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/26.png     |  Bin 0 -> 1215 bytes
 .../FreeIPA_Guide/Common_Content/images/26.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/27.png     |  Bin 0 -> 1086 bytes
 .../FreeIPA_Guide/Common_Content/images/27.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/28.png     |  Bin 0 -> 1251 bytes
 .../FreeIPA_Guide/Common_Content/images/28.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/29.png     |  Bin 0 -> 1212 bytes
 .../FreeIPA_Guide/Common_Content/images/29.svg     |   31 +
 .../FreeIPA_Guide}/Common_Content/images/3.png     |  Bin 868 -> 868 bytes
 .../FreeIPA_Guide}/Common_Content/images/3.svg     |    0
 .../FreeIPA_Guide/Common_Content/images/30.png     |  Bin 0 -> 1267 bytes
 .../FreeIPA_Guide/Common_Content/images/30.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/31.png     |  Bin 0 -> 1083 bytes
 .../FreeIPA_Guide/Common_Content/images/31.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/32.png     |  Bin 0 -> 1244 bytes
 .../FreeIPA_Guide/Common_Content/images/32.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/33.png     |  Bin 0 -> 1279 bytes
 .../FreeIPA_Guide/Common_Content/images/33.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/34.png     |  Bin 0 -> 1178 bytes
 .../FreeIPA_Guide/Common_Content/images/34.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/35.png     |  Bin 0 -> 1235 bytes
 .../FreeIPA_Guide/Common_Content/images/35.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/36.png     |  Bin 0 -> 1286 bytes
 .../FreeIPA_Guide/Common_Content/images/36.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/37.png     |  Bin 0 -> 1155 bytes
 .../FreeIPA_Guide/Common_Content/images/37.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/38.png     |  Bin 0 -> 1325 bytes
 .../FreeIPA_Guide/Common_Content/images/38.svg     |   31 +
 .../FreeIPA_Guide/Common_Content/images/39.png     |  Bin 0 -> 1300 bytes
 .../FreeIPA_Guide/Common_Content/images/39.svg     |   31 +
 .../FreeIPA_Guide}/Common_Content/images/4.png     |  Bin 794 -> 794 bytes
 .../FreeIPA_Guide}/Common_Content/images/4.svg     |    0
 .../FreeIPA_Guide/Common_Content/images/40.png     |  Bin 0 -> 1145 bytes
 .../FreeIPA_Guide/Common_Content/images/40.svg     |   31 +
 .../FreeIPA_Guide}/Common_Content/images/5.png     |  Bin 853 -> 853 bytes
 .../FreeIPA_Guide}/Common_Content/images/5.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/6.png     |  Bin 865 -> 865 bytes
 .../FreeIPA_Guide}/Common_Content/images/6.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/7.png     |  Bin 742 -> 742 bytes
 .../FreeIPA_Guide}/Common_Content/images/7.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/8.png     |  Bin 862 -> 862 bytes
 .../FreeIPA_Guide}/Common_Content/images/8.svg     |    0
 .../FreeIPA_Guide}/Common_Content/images/9.png     |  Bin 860 -> 860 bytes
 .../FreeIPA_Guide}/Common_Content/images/9.svg     |    0
 .../Common_Content/images/bkgrnd_greydots.png      |  Bin 157 -> 157 bytes
 .../Common_Content/images/bullet_arrowblue.png     |  Bin 177 -> 177 bytes
 .../Common_Content/images/documentation.png        |  Bin 623 -> 623 bytes
 .../FreeIPA_Guide}/Common_Content/images/dot.png   |  Bin 98 -> 98 bytes
 .../FreeIPA_Guide}/Common_Content/images/dot2.png  |  Bin 98 -> 98 bytes
 .../FreeIPA_Guide/Common_Content/images/green.png  |  Bin 0 -> 176 bytes
 .../FreeIPA_Guide}/Common_Content/images/h1-bg.png |  Bin 565 -> 565 bytes
 .../Common_Content/images/image_left.png           |  Bin 1114 -> 1114 bytes
 .../Common_Content/images/image_right.png          |  Bin 4092 -> 4092 bytes
 .../Common_Content/images/important.png            |  Bin 2080 -> 2080 bytes
 .../Common_Content/images/important.svg            |    0
 .../FreeIPA_Guide}/Common_Content/images/logo.png  |  Bin 1114 -> 1114 bytes
 .../FreeIPA_Guide}/Common_Content/images/note.png  |  Bin 1241 -> 1241 bytes
 .../FreeIPA_Guide}/Common_Content/images/note.svg  |    0
 .../FreeIPA_Guide/Common_Content/images/red.png    |  Bin 0 -> 163 bytes
 .../Common_Content/images/redhat-logo.svg          |   94 +
 .../FreeIPA_Guide/Common_Content/images/rhlogo.png |  Bin 0 -> 2278 bytes
 .../FreeIPA_Guide}/Common_Content/images/shade.png |  Bin 101 -> 101 bytes
 .../FreeIPA_Guide}/Common_Content/images/shine.png |  Bin 146 -> 146 bytes
 .../Common_Content/images/stock-go-back.png        |  Bin 828 -> 828 bytes
 .../Common_Content/images/stock-go-forward.png     |  Bin 828 -> 828 bytes
 .../Common_Content/images/stock-go-up.png          |  Bin 760 -> 760 bytes
 .../Common_Content/images/stock-home.png           |  Bin 808 -> 808 bytes
 .../Common_Content/images/title_logo.png           |  Bin 13399 -> 13399 bytes
 .../Common_Content/images/title_logo.svg           |    0
 .../Common_Content/images/warning.png              |  Bin 1340 -> 1340 bytes
 .../Common_Content/images/warning.svg              |    0
 .../Common_Content/images/watermark-draft.png      |  Bin 0 -> 32139 bytes
 .../FreeIPA_Guide/Common_Content/images/yellow.png |  Bin 0 -> 175 bytes
 .../Configuring_an_IPA_Client_on_AIX.html          |  191 +
 .../Configuring_an_IPA_Client_on_HP_UX.html        |  425 ++
 ...onfiguring_an_IPA_Client_on_Macintosh_OS_X.html |  218 +
 .../Configuring_an_IPA_Client_on_Solaris.html      |  123 +
 .../html/FreeIPA_Guide/Document_Conventions.html   |   46 +
 .../Fedora/15/html/FreeIPA_Guide/Glossary.html     |  344 ++
 .../Installing_the_IPA_Server_Packages.html        |   18 +
 .../Migrating_from_a_Directory_Server_to_IPA.html  |  114 +
 .../Fedora/15/html/FreeIPA_Guide/Preface.html      |   28 +
 .../Preparing_for_an_IPA_Installation.html         |  165 +
 .../FreeIPA_Guide/Uninstalling_IPA_Servers.html    |   14 +
 .../FreeIPA_Guide/Using_Microsoft_Windows.html     |   37 +
 .../15/html/FreeIPA_Guide/active-directory.html    |   16 +
 .../Fedora/15/html/FreeIPA_Guide/adding-users.html |   47 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/authz.html  |   16 +
 .../Fedora/15/html/FreeIPA_Guide/automount.html    |   39 +
 .../Fedora/15/html/FreeIPA_Guide/basic-usage.html  |   40 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/certs.html  |   26 +
 ...anagement_Guide-Frequently_Asked_Questions.html |   48 +
 ...y_Management_Guide-Setting_up_IPA_Replicas.html |   97 +
 .../html/FreeIPA_Guide/config-virt-machines.html   |   46 +
 .../configuring-active-directory.html              |   28 +
 .../html/FreeIPA_Guide/configuring-automount.html  |  157 +
 .../15/html/FreeIPA_Guide/configuring-sudo.html    |  203 +
 .../15/html/FreeIPA_Guide/creating-roles.html      |   49 +
 .../15/html/FreeIPA_Guide/creating-server.html     |  426 ++
 .../html/FreeIPA_Guide/deployment-scenarios.html   |   12 +
 .../html/FreeIPA_Guide/disabling-anon-binds.html   |   23 +
 .../Fedora/15/html/FreeIPA_Guide/doc-history.html  |   16 +
 .../15/html/FreeIPA_Guide/editing-users.html       |   22 +
 .../15/html/FreeIPA_Guide/enrolling-machines.html  |  102 +
 .../Fedora/15/html/FreeIPA_Guide/feedback.html     |   26 +
 .../Fedora/15/html/FreeIPA_Guide/host-groups.html  |   12 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/hosts.html  |   14 +
 .../FreeIPA_Guide/images/ASCII_Cert_Export.png     |  Bin 0 -> 125056 bytes
 .../images/Accept_CA_No_Exception.png              |  Bin 0 -> 35762 bytes
 .../images/IPA_Migration_Final_State.png           |  Bin 0 -> 87482 bytes
 .../images/IPA_Migration_Initial_State.png         |  Bin 0 -> 22582 bytes
 .../15/html/FreeIPA_Guide/images/IPA_arch.png      |  Bin 0 -> 62304 bytes
 .../FreeIPA_Guide/images/Select_User_WebUI.png     |  Bin 0 -> 40486 bytes
 .../15/html/FreeIPA_Guide/images/add_user.png      |  Bin 0 -> 38786 bytes
 .../15/html/FreeIPA_Guide/images/finalstate.svg    | 3241 +++++++++++++
 .../Fedora/15/html/FreeIPA_Guide}/images/icon.svg  |    0
 .../15/html/FreeIPA_Guide/images/kinit_admin.png   |  Bin 0 -> 24636 bytes
 .../en-US/Fedora/15/html/FreeIPA_Guide/index.html  |   29 +
 .../15/html/FreeIPA_Guide/installing-ipa.html      |  167 +
 .../Fedora/15/html/FreeIPA_Guide/introduction.html |  112 +
 .../Fedora/15/html/FreeIPA_Guide/ipa-apache.html   |   50 +
 .../Fedora/15/html/FreeIPA_Guide/ipa-cluster.html  |   44 +
 .../15/html/FreeIPA_Guide/ipa-components.html      |   12 +
 .../Fedora/15/html/FreeIPA_Guide/ipa-files.html    |   12 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/ix01.html   |   10 +
 .../15/html/FreeIPA_Guide/kerb-policies.html       |   26 +
 .../Fedora/15/html/FreeIPA_Guide/kerberos.html     |   54 +
 .../Fedora/15/html/FreeIPA_Guide/logging-in.html   |   28 +
 .../Fedora/15/html/FreeIPA_Guide/logging.html      |   27 +
 .../15/html/FreeIPA_Guide/managing-clients.html    |  105 +
 .../15/html/FreeIPA_Guide/migrintg-from-nis.html   |   62 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/nis.html    |  161 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/policy.html |   12 +
 .../15/html/FreeIPA_Guide/promoting-replica.html   |   31 +
 .../15/html/FreeIPA_Guide/renaming-machines.html   |   64 +
 .../15/html/FreeIPA_Guide/rotating-keys.html       |   45 +
 .../15/html/FreeIPA_Guide/search-limits.html       |   55 +
 .../Fedora/15/html/FreeIPA_Guide/searching.html    |  105 +
 ...Authentication-Refreshing_Kerberos_Tickets.html |   41 +
 ...g_Certificates_and_Certificate_Authorities.html |   47 +
 ...-Activating_and_Deactivating_User_Accounts.html |   22 +
 ...e-Configuring_IPA_Users-Deleting_IPA_Users.html |   30 +
 ...IPA_Users-Specifying_Default_User_Settings.html |   43 +
 ...pals-Creating_and_Using_Service_Principals.html |  163 +
 ...guring_the_Network_Information_Service_NIS.html |   49 +
 ...neral_Troubleshooting_Tips-Client_Problems.html |   14 +
 ...neral_Troubleshooting_Tips-Kerberos_Errors.html |   18 +
 ...ccess_Control_Policies-HBAC_Service_Groups.html |   26 +
 ...ased_Access_Control_Policies-HBAC_Services.html |   34 +
 ...Implementing_Unique_UID_and_GID_Attributes.html |   33 +
 ...to_IPA-Performing_a_Client_based_Migration.html |   35 +
 ...to_IPA-Performing_a_Server_based_Migration.html |   70 +
 ...-Prerequisites-Setting_up_Active_Directory.html |   34 +
 ...ectory-Creating_Synchronization_Agreements.html |   27 +
 ...ectory-Deleting_Synchronization_Agreements.html |   18 +
 ...ctory-Modifying_Synchronization_Agreements.html |   29 +
 ...ing_IPA_Servers-Winsync_Agreement_Failures.html |   38 +
 ..._DNS-Creating_DNS_Entries_for_IPA_Replicas.html |   14 +
 ...e-Working_with_certmonger-Using_certmonger.html |   22 +
 ..._with_certmonger-Using_certmonger_with_IPA.html |   19 +
 ..._with_certmonger-Using_certmonger_with_NSS.html |   21 +
 ...y_Management_Guide-Working_with_certmonger.html |   16 +
 .../Fedora/15/html/FreeIPA_Guide/self-service.html |   40 +
 .../15/html/FreeIPA_Guide/server-config.html       |  134 +
 .../15/html/FreeIPA_Guide/setting-up-clients.html  |  129 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/sudo.html   |   30 +
 .../15/html/FreeIPA_Guide/switching-users.html     |   35 +
 .../html/FreeIPA_Guide/uninstalling-clients.html   |   14 +
 .../Fedora/15/html/FreeIPA_Guide/user-groups.html  |   85 +
 .../15/html/FreeIPA_Guide/user-pwdpolicy.html      |  244 +
 .../en-US/Fedora/15/html/FreeIPA_Guide/users.html  |   26 +
 ...-Enterprise_Identity_Management_Guide-en-US.pdf |  Bin 0 -> 1264697 bytes
 .../Fedora-15-FreeIPA_Guide-en-US.pdf              |  Bin 0 -> 1193833 bytes
 public_html/en-US/Site_Statistics.html             |    8 +-
 public_html/en-US/opds-Drafts.xml                  |   34 +
 public_html/en-US/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/en-US/opds-Fedora_Core.xml             |    2 +-
 .../en-US/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/en-US/opds.xml                         |   18 +-
 public_html/en-US/toc.html                         |   31 +-
 public_html/es-ES/Site_Statistics.html             |    8 +-
 public_html/es-ES/opds-Drafts.xml                  |   34 +
 public_html/es-ES/opds-Fedora.xml                  |   26 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/es-ES/opds-Fedora_Core.xml             |    2 +-
 .../es-ES/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/es-ES/opds.xml                         |   18 +-
 public_html/es-ES/toc.html                         |   30 +-
 public_html/fa-IR/Site_Statistics.html             |    8 +-
 public_html/fa-IR/opds-Drafts.xml                  |   34 +
 public_html/fa-IR/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/fa-IR/opds-Fedora_Core.xml             |    2 +-
 .../fa-IR/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/fa-IR/opds.xml                         |   18 +-
 public_html/fa-IR/toc.html                         |   36 +-
 public_html/fi-FI/Site_Statistics.html             |    8 +-
 public_html/fi-FI/opds-Drafts.xml                  |   34 +
 public_html/fi-FI/opds-Fedora.xml                  |   10 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/fi-FI/opds-Fedora_Core.xml             |    2 +-
 .../fi-FI/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/fi-FI/opds.xml                         |   18 +-
 public_html/fi-FI/toc.html                         |   42 +-
 public_html/fr-FR/Site_Statistics.html             |    8 +-
 public_html/fr-FR/opds-Drafts.xml                  |   34 +
 public_html/fr-FR/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/fr-FR/opds-Fedora_Core.xml             |    2 +-
 .../fr-FR/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/fr-FR/opds.xml                         |   18 +-
 public_html/fr-FR/toc.html                         |   36 +-
 public_html/gu-IN/Site_Statistics.html             |    8 +-
 public_html/gu-IN/opds-Drafts.xml                  |   34 +
 public_html/gu-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/gu-IN/opds-Fedora_Core.xml             |    2 +-
 .../gu-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/gu-IN/opds.xml                         |   18 +-
 public_html/gu-IN/toc.html                         |   36 +-
 public_html/he-IL/Site_Statistics.html             |    8 +-
 public_html/he-IL/opds-Drafts.xml                  |   34 +
 public_html/he-IL/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/he-IL/opds-Fedora_Core.xml             |    2 +-
 .../he-IL/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/he-IL/opds.xml                         |   18 +-
 public_html/he-IL/toc.html                         |   36 +-
 public_html/hi-IN/Site_Statistics.html             |    8 +-
 public_html/hi-IN/opds-Drafts.xml                  |   34 +
 public_html/hi-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/hi-IN/opds-Fedora_Core.xml             |    2 +-
 .../hi-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/hi-IN/opds.xml                         |   18 +-
 public_html/hi-IN/toc.html                         |   36 +-
 public_html/hu-HU/Site_Statistics.html             |    8 +-
 public_html/hu-HU/opds-Drafts.xml                  |   34 +
 public_html/hu-HU/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/hu-HU/opds-Fedora_Core.xml             |    2 +-
 .../hu-HU/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/hu-HU/opds.xml                         |   18 +-
 public_html/hu-HU/toc.html                         |   36 +-
 public_html/id-ID/Site_Statistics.html             |    8 +-
 public_html/id-ID/opds-Drafts.xml                  |   34 +
 public_html/id-ID/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/id-ID/opds-Fedora_Core.xml             |    2 +-
 .../id-ID/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/id-ID/opds.xml                         |   18 +-
 public_html/id-ID/toc.html                         |   36 +-
 public_html/it-IT/Site_Statistics.html             |    8 +-
 public_html/it-IT/opds-Drafts.xml                  |   34 +
 public_html/it-IT/opds-Fedora.xml                  |   12 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    8 +-
 public_html/it-IT/opds-Fedora_Core.xml             |    2 +-
 .../it-IT/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/it-IT/opds.xml                         |   18 +-
 public_html/it-IT/toc.html                         |   40 +-
 public_html/ja-JP/Site_Statistics.html             |    8 +-
 public_html/ja-JP/opds-Drafts.xml                  |   34 +
 public_html/ja-JP/opds-Fedora.xml                  |   16 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/ja-JP/opds-Fedora_Core.xml             |    2 +-
 .../ja-JP/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/ja-JP/opds.xml                         |   18 +-
 public_html/ja-JP/toc.html                         |   36 +-
 public_html/kn-IN/Site_Statistics.html             |    8 +-
 public_html/kn-IN/opds-Drafts.xml                  |   34 +
 public_html/kn-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/kn-IN/opds-Fedora_Core.xml             |    2 +-
 .../kn-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/kn-IN/opds.xml                         |   18 +-
 public_html/kn-IN/toc.html                         |   36 +-
 public_html/ko-KR/Site_Statistics.html             |    8 +-
 public_html/ko-KR/opds-Drafts.xml                  |   34 +
 public_html/ko-KR/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/ko-KR/opds-Fedora_Core.xml             |    2 +-
 .../ko-KR/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/ko-KR/opds.xml                         |   18 +-
 public_html/ko-KR/toc.html                         |   36 +-
 public_html/ml-IN/Site_Statistics.html             |    8 +-
 public_html/ml-IN/opds-Drafts.xml                  |   34 +
 public_html/ml-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/ml-IN/opds-Fedora_Core.xml             |    2 +-
 .../ml-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/ml-IN/opds.xml                         |   18 +-
 public_html/ml-IN/toc.html                         |   36 +-
 public_html/mr-IN/Site_Statistics.html             |    8 +-
 public_html/mr-IN/opds-Drafts.xml                  |   34 +
 public_html/mr-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/mr-IN/opds-Fedora_Core.xml             |    2 +-
 .../mr-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/mr-IN/opds.xml                         |   18 +-
 public_html/mr-IN/toc.html                         |   36 +-
 public_html/nb-NO/Site_Statistics.html             |    8 +-
 public_html/nb-NO/opds-Drafts.xml                  |   34 +
 public_html/nb-NO/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/nb-NO/opds-Fedora_Core.xml             |    2 +-
 .../nb-NO/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/nb-NO/opds.xml                         |   18 +-
 public_html/nb-NO/toc.html                         |   36 +-
 public_html/nl-NL/Site_Statistics.html             |    8 +-
 public_html/nl-NL/opds-Drafts.xml                  |   34 +
 public_html/nl-NL/opds-Fedora.xml                  |    4 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/nl-NL/opds-Fedora_Core.xml             |    2 +-
 .../nl-NL/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/nl-NL/opds.xml                         |   18 +-
 public_html/nl-NL/toc.html                         |   34 +-
 public_html/opds.xml                               |   86 +-
 public_html/or-IN/Site_Statistics.html             |    8 +-
 public_html/or-IN/opds-Drafts.xml                  |   34 +
 public_html/or-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/or-IN/opds-Fedora_Core.xml             |    2 +-
 .../or-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/or-IN/opds.xml                         |   18 +-
 public_html/or-IN/toc.html                         |   36 +-
 public_html/pa-IN/Site_Statistics.html             |    8 +-
 public_html/pa-IN/opds-Drafts.xml                  |   34 +
 public_html/pa-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/pa-IN/opds-Fedora_Core.xml             |    2 +-
 .../pa-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/pa-IN/opds.xml                         |   18 +-
 public_html/pa-IN/toc.html                         |   36 +-
 public_html/pl-PL/Site_Statistics.html             |    8 +-
 public_html/pl-PL/opds-Drafts.xml                  |   34 +
 public_html/pl-PL/opds-Fedora.xml                  |   18 +-
 .../opds-Fedora_Contributor_Documentation.xml      |   10 +-
 public_html/pl-PL/opds-Fedora_Core.xml             |    2 +-
 .../pl-PL/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/pl-PL/opds.xml                         |   18 +-
 public_html/pl-PL/toc.html                         |   36 +-
 public_html/pt-BR/Site_Statistics.html             |    8 +-
 public_html/pt-BR/opds-Drafts.xml                  |   34 +
 public_html/pt-BR/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/pt-BR/opds-Fedora_Core.xml             |    2 +-
 .../pt-BR/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/pt-BR/opds.xml                         |   18 +-
 public_html/pt-BR/toc.html                         |   34 +-
 public_html/pt-PT/Site_Statistics.html             |    8 +-
 public_html/pt-PT/opds-Drafts.xml                  |   34 +
 public_html/pt-PT/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/pt-PT/opds-Fedora_Core.xml             |    2 +-
 .../pt-PT/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/pt-PT/opds.xml                         |   18 +-
 public_html/pt-PT/toc.html                         |   32 +-
 public_html/ru-RU/Site_Statistics.html             |    8 +-
 public_html/ru-RU/opds-Drafts.xml                  |   34 +
 public_html/ru-RU/opds-Fedora.xml                  |   14 +-
 .../opds-Fedora_Contributor_Documentation.xml      |   10 +-
 public_html/ru-RU/opds-Fedora_Core.xml             |    2 +-
 .../ru-RU/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/ru-RU/opds.xml                         |   18 +-
 public_html/ru-RU/toc.html                         |   34 +-
 public_html/sk-SK/Site_Statistics.html             |    8 +-
 public_html/sk-SK/opds-Drafts.xml                  |   34 +
 public_html/sk-SK/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/sk-SK/opds-Fedora_Core.xml             |    2 +-
 .../sk-SK/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/sk-SK/opds.xml                         |   18 +-
 public_html/sk-SK/toc.html                         |   36 +-
 public_html/sr-Latn-RS/Site_Statistics.html        |    8 +-
 public_html/sr-Latn-RS/opds-Drafts.xml             |   34 +
 public_html/sr-Latn-RS/opds-Fedora.xml             |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/sr-Latn-RS/opds-Fedora_Core.xml        |    2 +-
 .../sr-Latn-RS/opds-Fedora_Draft_Documentation.xml |    2 +-
 public_html/sr-Latn-RS/opds.xml                    |   18 +-
 public_html/sr-Latn-RS/toc.html                    |   34 +-
 public_html/sr-RS/Site_Statistics.html             |    8 +-
 public_html/sr-RS/opds-Drafts.xml                  |   34 +
 public_html/sr-RS/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/sr-RS/opds-Fedora_Core.xml             |    2 +-
 .../sr-RS/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/sr-RS/opds.xml                         |   18 +-
 public_html/sr-RS/toc.html                         |   34 +-
 public_html/sv-SE/Site_Statistics.html             |    8 +-
 public_html/sv-SE/opds-Drafts.xml                  |   34 +
 public_html/sv-SE/opds-Fedora.xml                  |   14 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/sv-SE/opds-Fedora_Core.xml             |    2 +-
 .../sv-SE/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/sv-SE/opds.xml                         |   18 +-
 public_html/sv-SE/toc.html                         |   38 +-
 public_html/ta-IN/Site_Statistics.html             |    8 +-
 public_html/ta-IN/opds-Drafts.xml                  |   34 +
 public_html/ta-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/ta-IN/opds-Fedora_Core.xml             |    2 +-
 .../ta-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/ta-IN/opds.xml                         |   18 +-
 public_html/ta-IN/toc.html                         |   36 +-
 public_html/te-IN/Site_Statistics.html             |    8 +-
 public_html/te-IN/opds-Drafts.xml                  |   34 +
 public_html/te-IN/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/te-IN/opds-Fedora_Core.xml             |    2 +-
 .../te-IN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/te-IN/opds.xml                         |   18 +-
 public_html/te-IN/toc.html                         |   36 +-
 public_html/toc.html                               |   57 +-
 public_html/uk-UA/Site_Statistics.html             |    8 +-
 public_html/uk-UA/opds-Drafts.xml                  |   34 +
 public_html/uk-UA/opds-Fedora.xml                  |   26 +-
 .../opds-Fedora_Contributor_Documentation.xml      |   10 +-
 public_html/uk-UA/opds-Fedora_Core.xml             |    2 +-
 .../uk-UA/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/uk-UA/opds.xml                         |   18 +-
 public_html/uk-UA/toc.html                         |   36 +-
 public_html/zh-CN/Site_Statistics.html             |    8 +-
 public_html/zh-CN/opds-Drafts.xml                  |   34 +
 public_html/zh-CN/opds-Fedora.xml                  |   10 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/zh-CN/opds-Fedora_Core.xml             |    2 +-
 .../zh-CN/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/zh-CN/opds.xml                         |   18 +-
 public_html/zh-CN/toc.html                         |   38 +-
 .../images/bootscreen/bootscreen-livecd.png        |  Bin 325562 -> 163840 bytes
 .../images/diskpartauto/autopart.png               |  Bin 40514 -> 0 bytes
 .../images/diskpartitioning/write_changes.png      |  Bin 14370 -> 0 bytes
 .../images/firstboot/fb-createuser.png             |  Bin 35676 -> 0 bytes
 .../images/firstboot/fb-datetime.png               |  Bin 39565 -> 0 bytes
 .../images/firstboot/fb-license.png                |  Bin 45872 -> 0 bytes
 .../images/firstboot/fb-ntp.png                    |  Bin 40224 -> 0 bytes
 .../images/firstboot/fb-profile.png                |  Bin 73621 -> 0 bytes
 .../images/firstboot/fb-welcome.png                |  Bin 79788 -> 0 bytes
 .../images/initializing/initializing.png           |  Bin 13675 -> 0 bytes
 .../images/kbdconfig/keyboard.png                  |  Bin 31583 -> 0 bytes
 .../images/langselection/lang.png                  |  Bin 39463 -> 0 bytes
 .../images/livedesktop/livedesktop-login.png       |  Bin 512488 -> 0 bytes
 .../images/livedesktop/livedesktop.png             |  Bin 634266 -> 0 bytes
 .../images/netconfig/hostname.png                  |  Bin 16862 -> 0 bytes
 .../images/pkgselection/pkg-group-details.png      |  Bin 47878 -> 0 bytes
 .../images/pkgselection/pkg-group.png              |  Bin 42300 -> 0 bytes
 .../images/timezone/timezone.png                   |  Bin 127700 -> 0 bytes
 .../images/upgrading/upgrading.png                 |  Bin 38620 -> 0 bytes
 .../images/welcome/welcome.png                     |  Bin 100412 -> 0 bytes
 .../images/x86-bootloader/x86-bootloader.png       |  Bin 26550 -> 0 bytes
 .../html/Installation_Quick_Start_Guide/index.html |   32 -
 .../s1-diskpartsetup-x86.html                      |   27 -
 .../s1-installpkgs-x86.html                        |    7 -
 .../s1-langselection-x86.html                      |   11 -
 .../s1-pkgselection-x86.html                       |    7 -
 .../s1-timezone-x86.html                           |   15 -
 .../s1-x86-bootloader.html                         |   25 -
 .../sn-account_configuration.html                  |    9 -
 .../sn-firstboot-datetime.html                     |    9 -
 .../sn-firstboot-license.html                      |    9 -
 .../sn-firstboot-systemuser.html                   |    7 -
 .../sn-initialize-hdd.html                         |    7 -
 .../sn-networkconfig-fedora.html                   |    9 -
 .../Installation_Quick_Start_Guide/sn-smolt.html   |    9 -
 .../sn-upgrading-system.html                       |    7 -
 .../sn-welcome-x86.html                            |    9 -
 .../Common_Content/css/common.css                  | 1471 ------
 .../Common_Content/images/watermark-draft.png      |  Bin 25365 -> 0 bytes
 ...-Virtualization_Guide-Additional_resources.html |   31 -
 .../appe-Virtualization_Guide-Colophon.html        |   71 -
 ...appe-Virtualization_Guide-Revision_History.html |    9 -
 ...tion_Guide-Creating_custom_libvirt_scripts.html |   23 -
 ...t_operating_system_installation_procedures.html |  151 -
 ...ide-Installing_the_virtualization_packages.html |   28 -
 ...ization_Guide-KVM_Para_virtualized_Drivers.html |  115 -
 ...lization_Guide-KVM_guest_timing_management.html |   52 -
 ...ap-Virtualization_Guide-KVM_live_migration.html |   49 -
 ...h_the_Virtual_Machine_Manager_virt_manager.html |   21 -
 ...alization_Guide-Managing_guests_with_virsh.html |  428 --
 ...ualization_Guide-Managing_guests_with_xend.html |  197 -
 ...Virtualization_Guide-Network_Configuration.html |   55 -
 ...de-Remote_management_of_virtualized_guests.html |   47 -
 ...lization_Guide-Security_for_virtualization.html |   48 -
 ...Virtualization_Guide-Server_best_practices.html |   21 -
 ...on_Guide-Shared_storage_and_virtualization.html |   19 -
 .../chap-Virtualization_Guide-Tips_and_tricks.html |   21 -
 .../chap-Virtualization_Guide-Troubleshooting.html |   11 -
 ...-Virtualization_Guide-Virtualization_tools.html |   99 -
 ...ualization_Guide-Virtualized_block_devices.html |   44 -
 ...de-Virtualized_guest_installation_overview.html |   30 -
 .../Fedora/12/html/Virtualization_Guide/go01.html  |   89 -
 .../Virtualization_Guide/images/2003finished-9.png |  Bin 49788 -> 0 bytes
 .../Virtualization_Guide/images/2008installing.png |  Bin 82998 -> 0 bytes
 .../html/Virtualization_Guide/images/Create-1.png  |  Bin 43573 -> 0 bytes
 .../Virtualization_Guide/images/EL5finished.png    |  Bin 49135 -> 0 bytes
 .../Virtualization_Guide/images/EL5media-5.png     |  Bin 32752 -> 0 bytes
 .../Virtualization_Guide/images/EL5method-4.png    |  Bin 49976 -> 0 bytes
 .../Virtualization_Guide/images/EL5naming-2.png    |  Bin 22160 -> 0 bytes
 .../Virtualization_Guide/images/EL5storage-6.png   |  Bin 57271 -> 0 bytes
 .../images/Edit_Properties.png                     |  Bin 27001 -> 0 bytes
 .../12/html/Virtualization_Guide/images/KVM-3.png  |  Bin 46141 -> 0 bytes
 .../images/Main_System_Screen.png                  |  Bin 176344 -> 0 bytes
 .../images/Memory_and_CPU-8.png                    |  Bin 56113 -> 0 bytes
 .../images/Method-select-2003-4.png                |  Bin 41972 -> 0 bytes
 .../images/Method-select-2008.png                  |  Bin 42123 -> 0 bytes
 .../images/Method-select-xp.png                    |  Bin 51352 -> 0 bytes
 .../12/html/Virtualization_Guide/images/Name-2.png |  Bin 23131 -> 0 bytes
 .../html/Virtualization_Guide/images/Network-7.png |  Bin 44114 -> 0 bytes
 .../images/RHELKVMpackages.png                     |  Bin 119784 -> 0 bytes
 .../images/RHELXenCustomize.png                    |  Bin 117251 -> 0 bytes
 .../Virtualization_Guide/images/RHELXenSelect.png  |  Bin 87003 -> 0 bytes
 .../images/RHELcustomize14.png                     |  Bin 85139 -> 0 bytes
 .../Virtualization_Guide/images/RHELkvmSelect.png  |  Bin 86378 -> 0 bytes
 .../Virtualization_Guide/images/SelectISO-5.1.png  |  Bin 53742 -> 0 bytes
 .../Virtualization_Guide/images/Storage2003-6.png  |  Bin 57778 -> 0 bytes
 .../Virtualization_Guide/images/Storage2008-6.png  |  Bin 57764 -> 0 bytes
 .../12/html/Virtualization_Guide/images/System.png |  Bin 126806 -> 0 bytes
 .../images/Win2003Selected-5.2.png                 |  Bin 32524 -> 0 bytes
 .../images/Windows-2008-finished-9.png             |  Bin 52023 -> 0 bytes
 .../images/Windows2008-selected-5.png              |  Bin 34075 -> 0 bytes
 .../Xen_full_virtualization_architecture.png       |  Bin 117156 -> 0 bytes
 .../Xen_para-virtualization_architecture.png       |  Bin 108579 -> 0 bytes
 .../Virtualization_Guide/images/acquiring_ip.png   |  Bin 9586 -> 0 bytes
 .../images/additional_software.png                 |  Bin 16487 -> 0 bytes
 .../images/allocate_mem_cpu.png                    |  Bin 11350 -> 0 bytes
 .../Virtualization_Guide/images/assign_storage.png |  Bin 12028 -> 0 bytes
 .../Virtualization_Guide/images/begin_install.png  |  Bin 23898 -> 0 bytes
 .../html/Virtualization_Guide/images/bridgePXE.png |  Bin 49955 -> 0 bytes
 .../Virtualization_Guide/images/bridgefinish.png   |  Bin 46504 -> 0 bytes
 .../Virtualization_Guide/images/bridgeshare.png    |  Bin 46340 -> 0 bytes
 .../images/check_dependencies.png                  |  Bin 19482 -> 0 bytes
 .../Virtualization_Guide/images/config_tcp1.png    |  Bin 9834 -> 0 bytes
 .../Virtualization_Guide/images/confirm_beta.png   |  Bin 20890 -> 0 bytes
 .../Virtualization_Guide/images/confirm_rhn.png    |  Bin 34424 -> 0 bytes
 .../images/confirm_storage.png                     |  Bin 11786 -> 0 bytes
 .../images/continue_boot_process.png               |  Bin 38860 -> 0 bytes
 .../Virtualization_Guide/images/create_new.png     |  Bin 10573 -> 0 bytes
 .../Virtualization_Guide/images/create_user.png    |  Bin 20809 -> 0 bytes
 .../html/Virtualization_Guide/images/data_time.png |  Bin 21291 -> 0 bytes
 .../html/Virtualization_Guide/images/date_time.png |  Bin 21291 -> 0 bytes
 .../images/disable_firewall.png                    |  Bin 20729 -> 0 bytes
 .../images/disable_selinux.png                     |  Bin 23157 -> 0 bytes
 .../images/display_vmm_menu.png                    |  Bin 41572 -> 0 bytes
 .../12/html/Virtualization_Guide/images/done.png   |  Bin 18168 -> 0 bytes
 .../Virtualization_Guide/images/enable_kdump.png   |  Bin 21358 -> 0 bytes
 .../Virtualization_Guide/images/erase_storage.png  |  Bin 6098 -> 0 bytes
 .../Virtualization_Guide/images/example_tcp.png    |  Bin 13322 -> 0 bytes
 .../html/Virtualization_Guide/images/firewall.png  |  Bin 20135 -> 0 bytes
 .../images/first_boot_welcome.png                  |  Bin 35442 -> 0 bytes
 .../images/fullvirt_install_media.png              |  Bin 8364 -> 0 bytes
 .../images/guest-console-small.png                 |  Bin 10643 -> 0 bytes
 .../images/guest_initial_boot.png                  |  Bin 26916 -> 0 bytes
 .../images/guest_network_settings.png              |  Bin 17255 -> 0 bytes
 .../images/guest_rebooting.png                     |  Bin 18501 -> 0 bytes
 .../images/hardware_vmm_tab.png                    |  Bin 68759 -> 0 bytes
 .../images/initial_graphic_install.png             |  Bin 29104 -> 0 bytes
 .../images/initial_guest_booting.png               |  Bin 28026 -> 0 bytes
 .../images/initial_guest_booting2.png              |  Bin 17720 -> 0 bytes
 .../html/Virtualization_Guide/images/install1.png  |  Bin 21781 -> 0 bytes
 .../html/Virtualization_Guide/images/install2.png  |  Bin 207361 -> 0 bytes
 .../html/Virtualization_Guide/images/install3.png  |  Bin 150476 -> 0 bytes
 .../images/install_language.png                    |  Bin 10771 -> 0 bytes
 .../Virtualization_Guide/images/install_number.png |  Bin 18424 -> 0 bytes
 .../images/install_number_vs.png                   |  Bin 18209 -> 0 bytes
 .../images/installing_packages.png                 |  Bin 17258 -> 0 bytes
 .../12/html/Virtualization_Guide/images/ioemu.png  |  Bin 6264 -> 0 bytes
 .../Virtualization_Guide/images/ioemufixed.png     |  Bin 6378 -> 0 bytes
 .../images/license_agreement.png                   |  Bin 43581 -> 0 bytes
 .../images/location_media_install.png              |  Bin 27809 -> 0 bytes
 .../Virtualization_Guide/images/login_screen.png   |  Bin 34709 -> 0 bytes
 .../Virtualization_Guide/images/manual_tcp.png     |  Bin 12542 -> 0 bytes
 .../html/Virtualization_Guide/images/naming_vm.png |  Bin 23277 -> 0 bytes
 .../Virtualization_Guide/images/netconfig3.png     |  Bin 9560 -> 0 bytes
 .../Virtualization_Guide/images/netconfig4.png     |  Bin 8797 -> 0 bytes
 .../Virtualization_Guide/images/netconfig5.png     |  Bin 12800 -> 0 bytes
 .../Virtualization_Guide/images/netconfig6.png     |  Bin 7521 -> 0 bytes
 .../Virtualization_Guide/images/netconfig7.png     |  Bin 12669 -> 0 bytes
 .../12/html/Virtualization_Guide/images/no_rhn.png |  Bin 21501 -> 0 bytes
 .../images/personal_user_account.png               |  Bin 10408 -> 0 bytes
 .../images/processor_hw_panel.png                  |  Bin 61111 -> 0 bytes
 .../images/ready_to_install.png                    |  Bin 10066 -> 0 bytes
 .../Virtualization_Guide/images/reboot_guest.png   |  Bin 21205 -> 0 bytes
 .../Virtualization_Guide/images/redhat_desktop.png |  Bin 46499 -> 0 bytes
 .../images/restore_vmm_menu.png                    |  Bin 26615 -> 0 bytes
 .../Virtualization_Guide/images/retrieve_image.png |  Bin 8043 -> 0 bytes
 .../Virtualization_Guide/images/review_storage.png |  Bin 18289 -> 0 bytes
 .../12/html/Virtualization_Guide/images/rhn.png    |  Bin 25405 -> 0 bytes
 .../Virtualization_Guide/images/root_password.png  |  Bin 12816 -> 0 bytes
 .../images/select_keyboard.png                     |  Bin 10059 -> 0 bytes
 .../Virtualization_Guide/images/select_type.png    |  Bin 26246 -> 0 bytes
 .../html/Virtualization_Guide/images/selinux1.png  |  Bin 19943 -> 0 bytes
 .../images/software_selection1.png                 |  Bin 18351 -> 0 bytes
 .../images/software_selection2.png                 |  Bin 18085 -> 0 bytes
 .../Virtualization_Guide/images/sound_card.png     |  Bin 19795 -> 0 bytes
 .../html/Virtualization_Guide/images/step1-1.png   |  Bin 48636 -> 0 bytes
 .../html/Virtualization_Guide/images/step1-2.png   |  Bin 39965 -> 0 bytes
 .../html/Virtualization_Guide/images/step2-1.png   |  Bin 43289 -> 0 bytes
 .../html/Virtualization_Guide/images/step2-2.png   |  Bin 37606 -> 0 bytes
 .../html/Virtualization_Guide/images/step2-3.png   |  Bin 46672 -> 0 bytes
 .../html/Virtualization_Guide/images/step2-4.png   |  Bin 80972 -> 0 bytes
 .../html/Virtualization_Guide/images/step3-1.png   |  Bin 58724 -> 0 bytes
 .../html/Virtualization_Guide/images/step4-1.png   |  Bin 51857 -> 0 bytes
 .../html/Virtualization_Guide/images/step4-2.png   |  Bin 406095 -> 0 bytes
 .../html/Virtualization_Guide/images/step5-1.png   |  Bin 50392 -> 0 bytes
 .../html/Virtualization_Guide/images/step5-2.png   |  Bin 55595 -> 0 bytes
 .../html/Virtualization_Guide/images/step5-3.png   |  Bin 13926 -> 0 bytes
 .../html/Virtualization_Guide/images/step6-1.png   |  Bin 55067 -> 0 bytes
 .../html/Virtualization_Guide/images/step6-2.png   |  Bin 406084 -> 0 bytes
 .../html/Virtualization_Guide/images/time_zone.png |  Bin 29174 -> 0 bytes
 .../Virtualization_Guide/images/type_assigned.png  |  Bin 42761 -> 0 bytes
 .../Virtualization_Guide/images/virt_method.png    |  Bin 9961 -> 0 bytes
 .../Virtualization_Guide/images/virtiodisk.png     |  Bin 51596 -> 0 bytes
 .../html/Virtualization_Guide/images/virtionet.png |  Bin 44697 -> 0 bytes
 .../Virtualization_Guide/images/virtionetdone.png  |  Bin 22857 -> 0 bytes
 .../images/virtual_machine_details.png             |  Bin 37954 -> 0 bytes
 .../Virtualization_Guide/images/vm_network.png     |  Bin 38143 -> 0 bytes
 .../html/Virtualization_Guide/images/vmm_disk.png  |  Bin 33250 -> 0 bytes
 .../html/Virtualization_Guide/images/vmm_main.png  |  Bin 24167 -> 0 bytes
 .../Virtualization_Guide/images/vmm_memory.png     |  Bin 41750 -> 0 bytes
 .../Virtualization_Guide/images/vmm_network.png    |  Bin 27322 -> 0 bytes
 .../html/Virtualization_Guide/images/vmm_new.png   |  Bin 8448 -> 0 bytes
 .../images/vmm_preferences2.png                    |  Bin 21187 -> 0 bytes
 .../images/vmm_preferences_menu.png                |  Bin 41699 -> 0 bytes
 .../Virtualization_Guide/images/vmm_processor.png  |  Bin 19470 -> 0 bytes
 .../Virtualization_Guide/images/vmm_viewcpu.png    |  Bin 19616 -> 0 bytes
 .../images/vmm_viewcpu_menu.png                    |  Bin 24963 -> 0 bytes
 .../Virtualization_Guide/images/vmm_viewdomid.png  |  Bin 18141 -> 0 bytes
 .../images/vmm_viewdomid_menu.png                  |  Bin 27973 -> 0 bytes
 .../images/vmm_viewdomstatus.png                   |  Bin 20048 -> 0 bytes
 .../images/vmm_viewdomstatus_menu.png              |  Bin 24175 -> 0 bytes
 .../Virtualization_Guide/images/vmm_viewmem.png    |  Bin 21262 -> 0 bytes
 .../images/vmm_viewmem_menu.png                    |  Bin 24419 -> 0 bytes
 .../Virtualization_Guide/images/vmm_viewvcpus.png  |  Bin 19161 -> 0 bytes
 .../images/vmm_viewvcpus_menu.png                  |  Bin 24447 -> 0 bytes
 .../images/vmm_vnet_create1.png                    |  Bin 32983 -> 0 bytes
 .../images/vmm_vnet_create2.png                    |  Bin 17713 -> 0 bytes
 .../images/vmm_vnet_create3_ipv4addspace.png       |  Bin 29434 -> 0 bytes
 .../images/vmm_vnet_create4_dhcprange.png          |  Bin 23915 -> 0 bytes
 .../images/vmm_vnet_create5_connectphysnet.png     |  Bin 19253 -> 0 bytes
 .../images/vmm_vnet_create6_finish.png             |  Bin 25115 -> 0 bytes
 .../images/vmm_vnet_create7_maintab.png            |  Bin 35871 -> 0 bytes
 .../images/vmm_vnet_maintab.png                    |  Bin 34603 -> 0 bytes
 .../images/vmm_vnet_menuselect.png                 |  Bin 41561 -> 0 bytes
 .../images/win2003_select_hal.png                  |  Bin 14332 -> 0 bytes
 .../images/win2003_setup_part1.png                 |  Bin 10071 -> 0 bytes
 .../images/win2003_setup_part2.png                 |  Bin 7657 -> 0 bytes
 .../images/win2003_setup_part3.png                 |  Bin 12471 -> 0 bytes
 .../images/windows_boot_screen.png                 |  Bin 11724 -> 0 bytes
 .../images/windows_continue_setup.png              |  Bin 26154 -> 0 bytes
 .../images/windows_copy_files.png                  |  Bin 8687 -> 0 bytes
 .../images/windows_copy_files_2.png                |  Bin 7248 -> 0 bytes
 .../images/windows_desktop.png                     |  Bin 48663 -> 0 bytes
 .../images/windows_install_1.png                   |  Bin 11566 -> 0 bytes
 .../images/windows_install_2.png                   |  Bin 29355 -> 0 bytes
 .../images/windows_install_setup.png               |  Bin 24008 -> 0 bytes
 .../images/windows_install_start.png               |  Bin 6338 -> 0 bytes
 .../images/windows_partition_1.png                 |  Bin 13865 -> 0 bytes
 .../images/windows_partition_2.png                 |  Bin 17208 -> 0 bytes
 .../Virtualization_Guide/images/windows_reboot.png |  Bin 10432 -> 0 bytes
 .../images/windows_setup_restart.png               |  Bin 7141 -> 0 bytes
 .../images/windows_storage_space.png               |  Bin 55127 -> 0 bytes
 .../images/windows_summary.png                     |  Bin 47950 -> 0 bytes
 .../images/windows_system_name.png                 |  Bin 6065 -> 0 bytes
 .../images/windows_virt_method.png                 |  Bin 9997 -> 0 bytes
 .../Fedora/12/html/Virtualization_Guide/index.html |   26 -
 .../part-Virtualization_Guide-Administration.html  |    5 -
 .../part-Virtualization_Guide-Configuration.html   |    5 -
 .../part-Virtualization_Guide-Installation.html    |    5 -
 .../part-Virtualization_Guide-Tips_and_Tricks.html |    5 -
 .../part-Virtualization_Guide-Troubleshooting.html |    7 -
 ...ation_Guide-Virtualization_Reference_Guide.html |    5 -
 .../12/html/Virtualization_Guide/pr01s02.html      |   55 -
 .../12/html/Virtualization_Guide/pr01s02s02.html   |   32 -
 .../12/html/Virtualization_Guide/pr01s02s03.html   |   11 -
 .../12/html/Virtualization_Guide/pr01s03.html      |    9 -
 .../pref-Virtualization_Guide-Preface.html         |   23 -
 ...ditional_resources-Installed_documentation.html |   15 -
 ...een_the_KVM_and_Xen_hypervisors-KVM_to_Xen.html |   57 -
 ...erprise_Linux_as_a_fully_virtualized_guest.html |   74 -
 ...s_Server_2003_as_a_fully_virtualized_guest.html |   19 -
 ...s_Server_2008_as_a_fully_virtualized_guest.html |   73 -
 ...ng_Windows_XP_as_a_fully_virtualized_guest.html |   80 -
 ..._KVM_packages_on_an_existing_Fedora_system.html |   27 -
 ...ve_migration-Live_KVM_migration_with_virsh.html |   41 -
 ...live_migration-Migrating_with_virt_manager.html |   59 -
 ...storage_example_NFS_for_a_simple_migration.html |   29 -
 ...er_virt_manager-Creating_a_virtual_network.html |   25 -
 ..._Manager_virt_manager-Displaying_CPU_usage.html |    9 -
 ...r_virt_manager-Displaying_a_guests_status_.html |    9 -
 ...ager_virt_manager-Displaying_guest_details.html |   25 -
 ..._virt_manager-Displaying_guest_identifiers.html |    9 -
 ...ager_virt_manager-Displaying_memory_usage_.html |    9 -
 ...ager_virt_manager-Displaying_virtual_CPUs_.html |    9 -
 ...er_virt_manager-Managing_a_virtual_network.html |   11 -
 ...er_virt_manager-Restoring_a_saved_machine_.html |   17 -
 ...Manager_virt_manager-Starting_virt_manager.html |   13 -
 ...ine_Manager_virt_manager-Status_monitoring.html |   15 -
 ...he_Virtual_Machine_Manager_details_window_.html |    5 -
 ...er-The_Virtual_Machine_Manager_main_window.html |    5 -
 ...manager-Virtual_Machine_graphical_console_.html |   11 -
 ...figuration-Bridged_networking_with_libvirt.html |   83 -
 ..._guests-Remote_management_over_TLS_and_SSL.html |   41 -
 ...ment_of_virtualized_guests-Transport_modes.html |  107 -
 ..._for_virtualization-SELinux_considerations.html |   10 -
 ...rtualization-Using_GFS2_for_storing_guests.html |    5 -
 ...irtualization-Using_NFS_for_storing_guests.html |    5 -
 ...anging_between_the_KVM_and_Xen_hypervisors.html |   62 -
 ...d_tricks-Cloning_guest_configuration_files.html |    9 -
 ...ips_and_tricks-Configuring_LUN_Persistence.html |   51 -
 ...s-Disable_SMART_disk_monitoring_for_guests.html |   10 -
 ..._existing_guest_and_its_configuration_file.html |   26 -
 ...tricks-Generating_a_new_unique_MAC_address.html |   39 -
 ...-Identifying_guest_type_and_implementation.html |   41 -
 ...ide-Tips_and_tricks-Modifying_etcgrub.conf.html |   39 -
 ...de-Tips_and_tricks-Overcommitting_with_KVM.html |   35 -
 ...ation_Guide-Tips_and_tricks-Using_qemu_img.html |   45 -
 ...tricks-Verifying_virtualization_extensions.html |   27 -
 ...ion_Guide-Tips_and_tricks-Very_Secure_ftpd.html |   28 -
 ...virtualization_hardware_extensions_in_BIOS.html |   25 -
 ...irtualized_CD_ROM_or_DVD_device_to_a_guest.html |    8 -
 ...k_devices-Adding_storage_devices_to_guests.html |  130 -
 ...ock_devices-Configuring_persistent_storage.html |   82 -
 ...overview-Creating_guests_with_virt_manager.html |   63 -
 ...lation_overview-Installing_guests_with_PXE.html |   89 -
 ...ora-12-Installation_Quick_Start_Guide-zh-TW.pdf |  Bin 2451169 -> 0 bytes
 .../Fedora-12-Virtualization_Guide-zh-TW.pdf       |  Bin 6075820 -> 0 bytes
 public_html/zh-TW/Site_Statistics.html             |    8 +-
 public_html/zh-TW/Site_Tech.html                   |   50 -
 public_html/zh-TW/images/SQLite_Logo_4.png         |  Bin 3448 -> 0 bytes
 public_html/zh-TW/images/brew_logo.png             |  Bin 5370 -> 0 bytes
 public_html/zh-TW/images/gimp_logo.png             |  Bin 2886 -> 0 bytes
 public_html/zh-TW/images/inkscape_logo.png         |  Bin 8243 -> 0 bytes
 public_html/zh-TW/images/perl_logo.png             |  Bin 1683 -> 0 bytes
 public_html/zh-TW/images/publican_logo.png         |  Bin 6469 -> 0 bytes
 public_html/zh-TW/images/publican_logo.svg         |   96 -
 public_html/zh-TW/images/rpm_logo.png              |  Bin 3743 -> 0 bytes
 public_html/zh-TW/images/rpmlogo.png               |  Bin 6041 -> 0 bytes
 public_html/zh-TW/images/subversion_logo.png       |  Bin 3474 -> 0 bytes
 public_html/zh-TW/images/subversion_logo.svg       |  122 -
 public_html/zh-TW/images/web_logo.png              |  Bin 13752 -> 0 bytes
 public_html/zh-TW/index.html                       |   34 -
 public_html/zh-TW/opds-Drafts.xml                  |   34 +
 public_html/zh-TW/opds-Fedora.xml                  |    6 +-
 .../opds-Fedora_Contributor_Documentation.xml      |    6 +-
 public_html/zh-TW/opds-Fedora_Core.xml             |    2 +-
 .../zh-TW/opds-Fedora_Draft_Documentation.xml      |    2 +-
 public_html/zh-TW/opds.xml                         |   18 +-
 public_html/zh-TW/toc.html                         |   40 +-
 1328 files changed, 48927 insertions(+), 6629 deletions(-)
---
diff --git a/fedoradocs.db b/fedoradocs.db
index 707ca55..05274e6 100644
Binary files a/fedoradocs.db and b/fedoradocs.db differ
diff --git a/public_html/Sitemap b/public_html/Sitemap
index af3ea0d..7b04c5e 100644
--- a/public_html/Sitemap
+++ b/public_html/Sitemap
@@ -1441,6 +1441,30 @@
 	<priority>0.8</priority>
 </url>
 <url>
+	<loc>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</loc>
+	<lastmod>2011-06-13</lastmod>
+	<changefreq>monthly</changefreq>
+	<priority>0.8</priority>
+</url>
+<url>
+	<loc>http://docs.fedoraproject.org/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html</loc>
+	<lastmod>2011-06-13</lastmod>
+	<changefreq>monthly</changefreq>
+	<priority>0.8</priority>
+</url>
+<url>
+	<loc>http://docs.fedoraproject.org/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html</loc>
+	<lastmod>2011-06-13</lastmod>
+	<changefreq>monthly</changefreq>
+	<priority>0.8</priority>
+</url>
+<url>
+	<loc>http://docs.fedoraproject.org/en-US/Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf</loc>
+	<lastmod>2011-06-13</lastmod>
+	<changefreq>monthly</changefreq>
+	<priority>0.8</priority>
+</url>
+<url>
 	<loc>http://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/index.html</loc>
 	<lastmod>2011-05-24</lastmod>
 	<changefreq>monthly</changefreq>
@@ -1903,7 +1927,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/en-US/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf</loc>
+	<loc>http://docs.fedoraproject.org/en-US/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf</loc>
 	<lastmod>2010-07-23</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -2695,7 +2719,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/en-US/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf</loc>
+	<loc>http://docs.fedoraproject.org/en-US/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf</loc>
 	<lastmod>2009-11-17</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -2959,7 +2983,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/en-US/Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf</loc>
+	<loc>http://docs.fedoraproject.org/en-US/Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf</loc>
 	<lastmod>2008-05-13</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -3133,7 +3157,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</loc>
+	<loc>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</loc>
 	<lastmod>2010-11-23</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -3199,7 +3223,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf</loc>
+	<loc>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf</loc>
 	<lastmod>2010-07-07</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -3577,7 +3601,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf</loc>
+	<loc>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf</loc>
 	<lastmod>2011-04-03</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -5191,7 +5215,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf</loc>
+	<loc>http://docs.fedoraproject.org/fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf</loc>
 	<lastmod>2010-06-14</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -5239,7 +5263,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf</loc>
+	<loc>http://docs.fedoraproject.org/fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf</loc>
 	<lastmod>2010-06-14</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -5263,7 +5287,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf</loc>
+	<loc>http://docs.fedoraproject.org/fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf</loc>
 	<lastmod>2010-06-14</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -6463,7 +6487,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/it-IT/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-it-IT.pdf</loc>
+	<loc>http://docs.fedoraproject.org/it-IT/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-it-IT.pdf</loc>
 	<lastmod>2010-05-22</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -8407,7 +8431,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/nl-NL/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf</loc>
+	<loc>http://docs.fedoraproject.org/nl-NL/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf</loc>
 	<lastmod>2010-05-22</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -9079,7 +9103,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/nl-NL/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-nl-NL.pdf</loc>
+	<loc>http://docs.fedoraproject.org/nl-NL/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-nl-NL.pdf</loc>
 	<lastmod>2010-06-13</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -14071,7 +14095,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/uk-UA/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf</loc>
+	<loc>http://docs.fedoraproject.org/uk-UA/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf</loc>
 	<lastmod>2010-05-22</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -14611,7 +14635,7 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/zh-CN/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf</loc>
+	<loc>http://docs.fedoraproject.org/zh-CN/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf</loc>
 	<lastmod>2010-05-22</lastmod>
 	<changefreq>monthly</changefreq>
 	<priority>0.8</priority>
@@ -15283,12 +15307,6 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/zh-TW/Fedora/12/pdf/Installation_Quick_Start_Guide/Fedora-12-Installation_Quick_Start_Guide-zh-TW.pdf</loc>
-	<lastmod>2010-06-04</lastmod>
-	<changefreq>monthly</changefreq>
-	<priority>0.8</priority>
-</url>
-<url>
 	<loc>http://docs.fedoraproject.org/zh-TW/Fedora/12/epub/Virtualization_Guide/Fedora-12-Virtualization_Guide-zh-TW.epub</loc>
 	<lastmod>2010-05-22</lastmod>
 	<changefreq>monthly</changefreq>
@@ -15307,12 +15325,6 @@
 	<priority>0.8</priority>
 </url>
 <url>
-	<loc>http://docs.fedoraproject.org/zh-TW/Fedora/12/pdf/Virtualization_Guide/Fedora-12-Virtualization_Guide-zh-TW.pdf</loc>
-	<lastmod>2010-05-22</lastmod>
-	<changefreq>monthly</changefreq>
-	<priority>0.8</priority>
-</url>
-<url>
 	<loc>http://docs.fedoraproject.org/zh-TW/Fedora/11/epub/Burning_ISO_images_to_disc/Fedora-11-Burning_ISO_images_to_disc-zh-TW.epub</loc>
 	<lastmod>2009-11-17</lastmod>
 	<changefreq>monthly</changefreq>
diff --git a/public_html/as-IN/Site_Statistics.html b/public_html/as-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/as-IN/Site_Statistics.html
+++ b/public_html/as-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/as-IN/opds-Drafts.xml b/public_html/as-IN/opds-Drafts.xml
new file mode 100644
index 0000000..88f352c
--- /dev/null
+++ b/public_html/as-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/as-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/as-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:34</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>as-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/as-IN/opds-Fedora.xml b/public_html/as-IN/opds-Fedora.xml
index 97e6a18..a5d8b59 100644
--- a/public_html/as-IN/opds-Fedora.xml
+++ b/public_html/as-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/as-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:36</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>as-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
index 401d78e..e9001a8 100644
--- a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:36</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/as-IN/opds-Fedora_Core.xml b/public_html/as-IN/opds-Fedora_Core.xml
index 8716cd7..162044a 100644
--- a/public_html/as-IN/opds-Fedora_Core.xml
+++ b/public_html/as-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:36</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
index b23aab2..3e8f79f 100644
--- a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/as-IN/opds.xml b/public_html/as-IN/opds.xml
index 782f5cb..a1dfdf1 100644
--- a/public_html/as-IN/opds.xml
+++ b/public_html/as-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/as-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/as-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:34</updated>
+    <dc:language>as-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/as-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:36</updated>
     <dc:language>as-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/as-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:36</updated>
     <dc:language>as-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/as-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:36</updated>
     <dc:language>as-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/as-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>as-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/as-IN/toc.html b/public_html/as-IN/toc.html
index 46cff1d..e25d50e 100644
--- a/public_html/as-IN/toc.html
+++ b/public_html/as-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/bg-BG/Site_Statistics.html b/public_html/bg-BG/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/bg-BG/Site_Statistics.html
+++ b/public_html/bg-BG/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/bg-BG/opds-Drafts.xml b/public_html/bg-BG/opds-Drafts.xml
new file mode 100644
index 0000000..bdc6781
--- /dev/null
+++ b/public_html/bg-BG/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/bg-BG/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/bg-BG/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:37</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>bg-BG</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/bg-BG/opds-Fedora.xml b/public_html/bg-BG/opds-Fedora.xml
index c718b6a..28cc839 100644
--- a/public_html/bg-BG/opds-Fedora.xml
+++ b/public_html/bg-BG/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bg-BG/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>bg-BG</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
index 8a42a62..c89f048 100644
--- a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/bg-BG/opds-Fedora_Core.xml b/public_html/bg-BG/opds-Fedora_Core.xml
index 21d42b0..5905ba7 100644
--- a/public_html/bg-BG/opds-Fedora_Core.xml
+++ b/public_html/bg-BG/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
index 830fce9..ca947e5 100644
--- a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/bg-BG/opds.xml b/public_html/bg-BG/opds.xml
index 3a7ce74..fd6fa8c 100644
--- a/public_html/bg-BG/opds.xml
+++ b/public_html/bg-BG/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/bg-BG/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:37</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/bg-BG/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:37</updated>
+    <dc:language>bg-BG</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/bg-BG/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>bg-BG</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/bg-BG/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>bg-BG</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/bg-BG/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>bg-BG</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/bg-BG/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>bg-BG</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bg-BG/toc.html b/public_html/bg-BG/toc.html
index f54a6a3..cf136b6 100644
--- a/public_html/bg-BG/toc.html
+++ b/public_html/bg-BG/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/bn-IN/Site_Statistics.html b/public_html/bn-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/bn-IN/Site_Statistics.html
+++ b/public_html/bn-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/bn-IN/opds-Drafts.xml b/public_html/bn-IN/opds-Drafts.xml
new file mode 100644
index 0000000..48fc686
--- /dev/null
+++ b/public_html/bn-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/bn-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/bn-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:37</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>bn-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/bn-IN/opds-Fedora.xml b/public_html/bn-IN/opds-Fedora.xml
index 0222dd7..7dfdae1 100644
--- a/public_html/bn-IN/opds-Fedora.xml
+++ b/public_html/bn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bn-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>bn-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
index c1f4d70..546b4cd 100644
--- a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/bn-IN/opds-Fedora_Core.xml b/public_html/bn-IN/opds-Fedora_Core.xml
index d174504..8055070 100644
--- a/public_html/bn-IN/opds-Fedora_Core.xml
+++ b/public_html/bn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
index ae14007..834bf2f 100644
--- a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:24</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/bn-IN/opds.xml b/public_html/bn-IN/opds.xml
index 4031f62..3d9c8a5 100644
--- a/public_html/bn-IN/opds.xml
+++ b/public_html/bn-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/bn-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/bn-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:37</updated>
+    <dc:language>bn-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/bn-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/bn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/bn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/bn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bn-IN/toc.html b/public_html/bn-IN/toc.html
index 6b31d20..21a5cd3 100644
--- a/public_html/bn-IN/toc.html
+++ b/public_html/bn-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/bs-BA/Site_Statistics.html b/public_html/bs-BA/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/bs-BA/Site_Statistics.html
+++ b/public_html/bs-BA/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/bs-BA/opds-Drafts.xml b/public_html/bs-BA/opds-Drafts.xml
new file mode 100644
index 0000000..760ecba
--- /dev/null
+++ b/public_html/bs-BA/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/bs-BA/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/bs-BA/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:38</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>bs-BA</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/bs-BA/opds-Fedora.xml b/public_html/bs-BA/opds-Fedora.xml
index c96429d..12154d9 100644
--- a/public_html/bs-BA/opds-Fedora.xml
+++ b/public_html/bs-BA/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bs-BA/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>bs-BA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
index 15237e1..7d2d3fd 100644
--- a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/bs-BA/opds-Fedora_Core.xml b/public_html/bs-BA/opds-Fedora_Core.xml
index c43b014..52db497 100644
--- a/public_html/bs-BA/opds-Fedora_Core.xml
+++ b/public_html/bs-BA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
index 32a23ac..6f29e81 100644
--- a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/bs-BA/opds.xml b/public_html/bs-BA/opds.xml
index e59c13b..2fc7f28 100644
--- a/public_html/bs-BA/opds.xml
+++ b/public_html/bs-BA/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/bs-BA/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/bs-BA/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:38</updated>
+    <dc:language>bs-BA</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/bs-BA/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bs-BA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/bs-BA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bs-BA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/bs-BA/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bs-BA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/bs-BA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bs-BA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bs-BA/toc.html b/public_html/bs-BA/toc.html
index 0c75356..949c3eb 100644
--- a/public_html/bs-BA/toc.html
+++ b/public_html/bs-BA/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -608,7 +632,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/ca-ES/Site_Statistics.html b/public_html/ca-ES/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/ca-ES/Site_Statistics.html
+++ b/public_html/ca-ES/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/ca-ES/opds-Drafts.xml b/public_html/ca-ES/opds-Drafts.xml
new file mode 100644
index 0000000..cc33022
--- /dev/null
+++ b/public_html/ca-ES/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/ca-ES/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/ca-ES/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:38</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>ca-ES</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/ca-ES/opds-Fedora.xml b/public_html/ca-ES/opds-Fedora.xml
index c4a1ad3..47f04dd 100644
--- a/public_html/ca-ES/opds-Fedora.xml
+++ b/public_html/ca-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ca-ES/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -137,9 +137,9 @@
     <dc:language>ca-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Com utilitzar la imatge autònoma de Fedora
+    <summary>Com utilitzar la imatge autònoma de Fedora
 </summary>
-    <content type="text">Com utilitzar la imatge autònoma de Fedora</content>
+    <content type="text">Com utilitzar la imatge autònoma de Fedora</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ca-ES/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-ca-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>ca-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
index 07eb7c1..52fe915 100644
--- a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:38</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/ca-ES/opds-Fedora_Core.xml b/public_html/ca-ES/opds-Fedora_Core.xml
index 3170861..61ce902 100644
--- a/public_html/ca-ES/opds-Fedora_Core.xml
+++ b/public_html/ca-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
index 8ac3f3e..4602cd2 100644
--- a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ca-ES/opds.xml b/public_html/ca-ES/opds.xml
index b16bc6d..6ec4df1 100644
--- a/public_html/ca-ES/opds.xml
+++ b/public_html/ca-ES/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/ca-ES/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/ca-ES/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:38</updated>
+    <dc:language>ca-ES</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/ca-ES/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>ca-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/ca-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>ca-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/ca-ES/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>ca-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/ca-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>ca-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ca-ES/toc.html b/public_html/ca-ES/toc.html
index 144ab6d..aba490d 100644
--- a/public_html/ca-ES/toc.html
+++ b/public_html/ca-ES/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/cs-CZ/Site_Statistics.html b/public_html/cs-CZ/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/cs-CZ/Site_Statistics.html
+++ b/public_html/cs-CZ/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/cs-CZ/opds-Drafts.xml b/public_html/cs-CZ/opds-Drafts.xml
new file mode 100644
index 0000000..577f38d
--- /dev/null
+++ b/public_html/cs-CZ/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/cs-CZ/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/cs-CZ/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:39</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>cs-CZ</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/cs-CZ/opds-Fedora.xml b/public_html/cs-CZ/opds-Fedora.xml
index 42720cd..9ed7a20 100644
--- a/public_html/cs-CZ/opds-Fedora.xml
+++ b/public_html/cs-CZ/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>cs-CZ</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
index edc95f1..cf8b551 100644
--- a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/cs-CZ/opds-Fedora_Core.xml b/public_html/cs-CZ/opds-Fedora_Core.xml
index c86dd2f..635d2e2 100644
--- a/public_html/cs-CZ/opds-Fedora_Core.xml
+++ b/public_html/cs-CZ/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
index b9447f7..372cdfa 100644
--- a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/cs-CZ/opds.xml b/public_html/cs-CZ/opds.xml
index 86c7ba6..a056f5c 100644
--- a/public_html/cs-CZ/opds.xml
+++ b/public_html/cs-CZ/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/cs-CZ/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:39</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/cs-CZ/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:39</updated>
+    <dc:language>cs-CZ</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/cs-CZ/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>cs-CZ</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/cs-CZ/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>cs-CZ</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/cs-CZ/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>cs-CZ</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/cs-CZ/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>cs-CZ</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/cs-CZ/toc.html b/public_html/cs-CZ/toc.html
index 83eed47..b11e79d 100644
--- a/public_html/cs-CZ/toc.html
+++ b/public_html/cs-CZ/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -309,7 +333,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.13.Fedora_Live_Images.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/da-DK/Site_Statistics.html b/public_html/da-DK/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/da-DK/Site_Statistics.html
+++ b/public_html/da-DK/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/da-DK/opds-Drafts.xml b/public_html/da-DK/opds-Drafts.xml
new file mode 100644
index 0000000..276d2f2
--- /dev/null
+++ b/public_html/da-DK/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/da-DK/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/da-DK/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:39</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>da-DK</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/da-DK/opds-Fedora.xml b/public_html/da-DK/opds-Fedora.xml
index c1163bb..05805df 100644
--- a/public_html/da-DK/opds-Fedora.xml
+++ b/public_html/da-DK/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/da-DK/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>da-DK</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
index e2a5fc4..78558dd 100644
--- a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/da-DK/opds-Fedora_Core.xml b/public_html/da-DK/opds-Fedora_Core.xml
index 89a1fd6..c9f6ca5 100644
--- a/public_html/da-DK/opds-Fedora_Core.xml
+++ b/public_html/da-DK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
index 35785b8..759ab9f 100644
--- a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/da-DK/opds.xml b/public_html/da-DK/opds.xml
index dec3bde..0077d4e 100644
--- a/public_html/da-DK/opds.xml
+++ b/public_html/da-DK/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/da-DK/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:25</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/da-DK/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:39</updated>
+    <dc:language>da-DK</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/da-DK/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>da-DK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/da-DK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>da-DK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/da-DK/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>da-DK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/da-DK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>da-DK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/da-DK/toc.html b/public_html/da-DK/toc.html
index 4e91de2..6b48142 100644
--- a/public_html/da-DK/toc.html
+++ b/public_html/da-DK/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/de-DE/Site_Statistics.html b/public_html/de-DE/Site_Statistics.html
index 93d1182..d990f75 100644
--- a/public_html/de-DE/Site_Statistics.html
+++ b/public_html/de-DE/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Sprachen gesamt: </b>42<br />
-	<b>Pakete gesamt: </b>658
+	<b>Pakete gesamt: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/de-DE/opds-Drafts.xml b/public_html/de-DE/opds-Drafts.xml
new file mode 100644
index 0000000..21d0335
--- /dev/null
+++ b/public_html/de-DE/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/de-DE/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/de-DE/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:40</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>de-DE</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/de-DE/opds-Fedora.xml b/public_html/de-DE/opds-Fedora.xml
index acc8b91..8420403 100644
--- a/public_html/de-DE/opds-Fedora.xml
+++ b/public_html/de-DE/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/de-DE/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>de-DE</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
index 962c447..49a4893 100644
--- a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:40</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/de-DE/opds-Fedora_Core.xml b/public_html/de-DE/opds-Fedora_Core.xml
index a2cacb2..7c52143 100644
--- a/public_html/de-DE/opds-Fedora_Core.xml
+++ b/public_html/de-DE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
index 6b5d267..2ec768b 100644
--- a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/de-DE/opds.xml b/public_html/de-DE/opds.xml
index 3eb1c25..d48ea3a 100644
--- a/public_html/de-DE/opds.xml
+++ b/public_html/de-DE/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/de-DE/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/de-DE/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:40</updated>
+    <dc:language>de-DE</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/de-DE/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>de-DE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/de-DE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>de-DE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/de-DE/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>de-DE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/de-DE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>de-DE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/de-DE/toc.html b/public_html/de-DE/toc.html
index 5a0f1c0..17441e7 100644
--- a/public_html/de-DE/toc.html
+++ b/public_html/de-DE/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Nicht übersetzt</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -300,7 +324,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -699,7 +723,7 @@
 									<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -800,7 +824,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
@@ -882,7 +906,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -903,7 +927,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1149,7 +1173,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/el-GR/Site_Statistics.html b/public_html/el-GR/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/el-GR/Site_Statistics.html
+++ b/public_html/el-GR/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/el-GR/opds-Drafts.xml b/public_html/el-GR/opds-Drafts.xml
new file mode 100644
index 0000000..39efd64
--- /dev/null
+++ b/public_html/el-GR/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/el-GR/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/el-GR/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:41</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>el-GR</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/el-GR/opds-Fedora.xml b/public_html/el-GR/opds-Fedora.xml
index 986895d..f061249 100644
--- a/public_html/el-GR/opds-Fedora.xml
+++ b/public_html/el-GR/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/el-GR/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>el-GR</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
index 1c09d01..94a12c2 100644
--- a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/el-GR/opds-Fedora_Core.xml b/public_html/el-GR/opds-Fedora_Core.xml
index 116a45e..bc3a611 100644
--- a/public_html/el-GR/opds-Fedora_Core.xml
+++ b/public_html/el-GR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
index 3ad5dbe..44e6e7c 100644
--- a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/el-GR/opds.xml b/public_html/el-GR/opds.xml
index 3aa4559..1a5d0b6 100644
--- a/public_html/el-GR/opds.xml
+++ b/public_html/el-GR/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/el-GR/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/el-GR/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:41</updated>
+    <dc:language>el-GR</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/el-GR/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>el-GR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/el-GR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>el-GR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/el-GR/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>el-GR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/el-GR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>el-GR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/el-GR/toc.html b/public_html/el-GR/toc.html
index 632a0a3..2491b2f 100644
--- a/public_html/el-GR/toc.html
+++ b/public_html/el-GR/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub b/public_html/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub
new file mode 100644
index 0000000..b06edf2
Binary files /dev/null and b/public_html/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/common.css b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..e0090e2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/common.css
@@ -0,0 +1,1504 @@
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+	line-height: 1.29em;
+}
+
+body {
+	background-color: white;
+	margin:0 auto;
+	font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size:12px;
+	max-width:55em;
+	color:black;
+}
+
+body.toc_embeded {
+	/*for web hosting system only*/
+	margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+	/*for web hosting system only*/
+	border-style:none;
+	position:fixed;
+	width:290px;
+	height:99.99%;
+	top:0;
+	left:0;
+	z-index: 100;
+	border-style:none;
+	border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+	margin-left: 3em;
+}
+
+iframe.notoc {
+	border-style:none;
+	border: none;
+	padding: 0em;
+	position:fixed;
+	width: 21px;
+	height: 29px;
+	top: 0px;
+	left:0;
+	overflow: hidden;
+	margin: 0em;
+	margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+	margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+	display:block;
+	width:24em;
+	height:99%;
+	position:fixed;
+	overflow:auto;
+	top:0px;
+	left:0px;
+	padding-left:1em;
+	background-color:#EEEEEE;
+}
+
+.toc {
+	line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+	margin-top:1em;
+}
+
+.toc .part {
+	margin-top:1em;
+	display:block;
+}
+
+span.glossary,
+span.appendix {
+	display:block;
+	margin-top:0.5em;
+}
+
+div {
+	padding-top:0px;
+}
+
+div.section {
+	padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+	padding-top:0px;
+	margin-top:0.3em;
+	padding-bottom:0px;
+	margin-bottom:1em;
+}
+
+/*Links*/
+a {
+	outline: none;
+}
+
+a:link {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#3366cc;
+}
+
+a:visited {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#003366;
+}
+
+div.longdesc-link {
+	float:right;
+	color:#999;
+}
+
+.toc a, .qandaset a {
+	font-weight:normal;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+	color: #336699;
+	margin-top: 0em;
+	margin-bottom: 0em;
+	background-color: transparent;
+}
+
+h1 {
+	font-size:2.0em;
+}
+
+.titlepage h1.title {
+	font-size: 3.0em;
+	padding-top: 1em;
+	text-align:left;
+}
+
+.book > .titlepage h1.title {
+	text-align:center;
+}
+
+.article > .titlepage h1.title {
+	text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+	text-align:center;
+}
+
+.producttitle {
+	margin-top: 0em;
+	margin-bottom: 0em;
+	font-size: 3.0em;
+	font-weight: bold;
+	background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+	color: white;
+	text-align: center;
+	padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+	margin-top: 1em;
+	text-align: center;
+}
+
+.section h1.title {
+	font-size: 1.6em;
+	padding: 0em;
+	color: #336699;
+	text-align: left;
+	background: white;
+}
+
+h2 {
+	font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+.appendix h2 {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+
+
+h3 {
+	font-size:1.3em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+h4 {
+	font-size:1.1em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+
+h5 {
+	font-size:1em;
+}
+
+h6 {
+	font-size:1em;
+}
+
+h5.formalpara {
+	font-size:1em;
+	margin-top:2em;
+	margin-bottom:.8em;
+}
+
+.abstract h6 {
+	margin-top:1em;
+	margin-bottom:.5em;
+	font-size:2em;
+}
+
+/*element rules*/
+hr {
+	border-collapse: collapse;
+	border-style:none;
+	border-top: 1px dotted #ccc;
+	width:100%;
+	margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+	display:inline;
+	padding:0em;
+}
+
+.languages li a {
+	padding:0em .5em;
+	text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+	display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+	color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+	color:black;
+}
+
+ul.languages {
+	display:block;
+	background-color:#eee;
+	padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+	position:relative;
+}
+
+.versions li {
+	width:100%;
+	clear:both;
+	display:block;
+}
+
+a.version {
+	font-size:2em;
+	text-decoration:none;
+	width:100%;
+	display:block;
+	padding:1em 0em .2em 0em;
+	clear:both;
+}
+
+a.version:before {
+	content:"Version";
+	font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+	color:#666;
+}
+
+a.version:focus, a.version:hover {
+	color:black;
+}
+
+.books {
+	display:block;
+	position:relative;
+	clear:both;
+	width:100%;
+}
+
+.books li {
+	display:block;
+	width:200px;
+	float:left;
+	position:relative;
+	clear: none ;
+}
+
+.books .html {
+	width:170px;
+	display:block;
+}
+
+.books .pdf {
+	position:absolute;
+	left:170px;
+	top:0px;
+	font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+	color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+	color:#000;
+}
+
+.books li a {
+	text-decoration:none;
+}
+
+.books li a:hover {
+	color:black;
+}
+
+/*products*/
+.products li {
+	display: block;
+	width:300px;
+	float:left;
+}
+
+.products li a {
+	width:300px;
+	padding:.5em 0em;
+}
+
+.products ul {
+	clear:both;
+}
+
+/*revision history*/
+.revhistory {
+	display:block;
+}
+
+.revhistory table {
+	background-color:transparent;
+	border-color:#fff; 
+	padding:0em;
+	margin: 0;
+	border-collapse:collapse;
+	border-style:none; 
+}
+
+.revhistory td {
+	text-align :left;
+	padding:0em;
+	border: none; 
+	border-top: 1px solid #fff;
+	font-weight: bold;
+}
+
+.revhistory .itemizedlist {
+	font-weight: normal;
+}
+
+.revhistory ul {
+	margin-top: 0;
+	margin-left: 1em;
+}
+
+.revhistory .simplelist td {
+	font-weight: normal;
+}
+
+.revhistory .simplelist {
+	margin-bottom: 0em;
+	margin-left: 1em;
+}
+
+.revhistory table th {
+	display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+	clear:both;
+	text-align: center;
+}
+
+h3.author {
+	margin: 0em;
+	padding: 0em;
+	padding-top: 1em;
+}
+
+.authorgroup h4 {
+	padding: 0em;
+	margin: 0em;
+	padding-top: 1em;
+	margin-top: 1em;
+}
+
+.author, 
+.editor, 
+.translator, 
+.othercredit,
+.contrib {
+	display: block;
+}
+
+.revhistory .author {
+	display: inline;
+}
+
+.othercredit h3 {
+	padding-top: 1em;
+}
+
+
+.othercredit {
+	margin:0em;
+	padding:0em;
+}
+
+.releaseinfo {
+	clear: both;
+}
+
+.copyright {
+	margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+	margin-bottom:1em;
+	border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+	border-bottom:1px dotted #ccc;
+}
+
+.question {
+	font-weight:bold;
+}
+
+.answer .data, .question .data {
+	padding-left: 2.6em;
+}
+
+.answer label, .question label {
+	float:left;
+	font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+	color: #0000ff;
+}
+
+.perl_BaseN {
+	color: #007f00;
+}
+
+.perl_BString {
+	color: #5C3566;
+}
+
+.perl_Char {
+	color: #ff00ff;
+}
+
+.perl_Comment {
+	color: #FF00FF;
+}
+
+
+.perl_DataType {
+	color: #0000ff;
+}
+
+
+.perl_DecVal {
+	color: #00007f;
+}
+
+
+.perl_Error {
+	color: #ff0000;
+}
+
+
+.perl_Float {
+	color: #00007f;
+}
+
+
+.perl_Function {
+	color: #007f00;
+}
+
+
+.perl_IString {
+	color: #5C3566;
+}
+
+
+.perl_Keyword {
+	color: #002F5D;
+}
+
+
+.perl_Operator {
+	color: #ffa500;
+}
+
+
+.perl_Others {
+	color: #b03060;
+}
+
+
+.perl_RegionMarker {
+	color: #96b9ff;
+}
+
+
+.perl_Reserved {
+	color: #9b30ff;
+}
+
+
+.perl_String {
+	color: #5C3566;
+}
+
+
+.perl_Variable {
+	color: #0000ff;
+}
+
+
+.perl_Warning {
+	color: #0000ff;
+}
+
+/*Lists*/
+ul {
+	padding-left:1.6em;
+	list-style-image:url(../images/dot.png);
+	list-style-type: circle;
+}
+
+ul ul {
+	list-style-image:url(../images/dot2.png);
+	list-style-type: circle;
+}
+
+ol {
+	list-style-image:none;
+	list-style-type: decimal;
+}
+
+ol ol {
+	list-style-type: lower-alpha;
+}
+
+ol.arabic {
+	list-style-type: decimal;
+}
+
+ol.loweralpha {
+	list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+	list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+	list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+	list-style-type: upper-roman;
+}
+
+dt {
+	font-weight:bold;
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+dd {
+	margin:0em;
+	margin-left:2em;
+	padding-top:0em;
+	padding-bottom: 1em;
+}
+
+li {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.4em;
+}
+
+li p, li div.para {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+	display:block;
+	margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+	display:inline;
+	margin:0em;
+}
+
+.figure img {
+	display:block;
+	margin:0;
+}
+
+.figure .title {
+	margin:0em;
+	margin-bottom:2em;
+	padding:0px;
+}
+
+/*document modes*/
+.confidential {
+	background-color:#900;
+	color:White;
+	padding:.5em .5em;
+	text-transform:uppercase;
+	text-align:center;
+}
+
+.longdesc-link {
+	display:none;
+}
+
+.longdesc {
+	display:none;
+}
+
+.prompt {
+	padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+	font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight: bold;
+	white-space: nowrap;
+}
+
+.example {
+	background-color: #ffffff;
+	border-left: 3px solid #aaaaaa;
+	padding-top: 1em;
+	padding-bottom: 0.1em;
+}
+
+.example h6 {
+	padding-left: 10px;
+}
+
+.example-contents {
+	padding-left: 10px;
+	background-color: #ffffff;
+}
+
+.example-contents .para {
+/*	 padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput, 
+.option {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+.replaceable {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+	font-weight: inherit;
+}
+
+pre {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	display:block;
+	background-color: #f5f5f5;
+	color: #000000;
+	border: 1px solid #aaaaaa;
+	margin-bottom: 0.3em;
+	padding:.5em 1em;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+	font-size: 0.9em;
+}
+
+pre .replaceable, 
+pre .keycap {
+}
+
+code {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	white-space: nowrap;
+	font-weight:bold;
+}
+
+.parameter code {
+	display: inline;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+	content:url(../images/warning.png);
+	padding-left: 5px;
+}
+
+div.note:before {
+	content:url(../images/note.png);
+	padding-left: 5px;
+}
+
+div.important:before {
+	content:url(../images/important.png);
+	padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+	color: black;
+	margin: 0em;
+	padding: 0em;
+	background: none;
+	background-color: white;
+	margin-bottom: 1em;
+	border-bottom: 1px solid #aaaaaa;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+	margin: 0em;
+	padding: 0em;
+	color: #eeeeec;
+	padding-top: 0px;
+	padding-bottom: 0px;
+	height: 1.4em;
+	line-height: 1.4em;
+	font-size: 1.4em;
+	display:inline;
+}
+
+div.admonition_header {
+	clear: both;
+	margin: 0em;
+	padding: 0em;
+	margin-top: -3.3em;
+	padding-left: 58px;
+	line-height: 1.0em;
+	font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+	background: url(../images/red.png) top left repeat-x;
+	background-color: #590000;
+}
+
+div.note div.admonition_header {
+	background: url(../images/green.png) top right repeat-x;
+	background-color: #597800;
+}
+
+div.important div.admonition_header {
+	background: url(../images/yellow.png) top right repeat-x;
+	background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+	padding: 0em;
+	margin: 0em;
+}
+
+div.admonition {
+	border: none;
+	border-left: 1px solid #aaaaaa;
+	border-right: 1px solid #aaaaaa;
+	padding:0em;
+	margin:0em;
+	padding-top: 1.5em;
+	padding-bottom: 1em;
+	padding-left: 2em;
+	padding-right: 1em;
+	background-color: #eeeeec;
+	-moz-border-radius: 0px;
+	-webkit-border-radius: 0px;
+	border-radius: 0px;
+}
+
+/*Page Title*/
+#title  {
+	display:block;
+	height:45px;
+	padding-bottom:1em;
+	margin:0em;
+}
+
+#title a.left{
+	display:inline;
+	border:none;
+}
+
+#title a.left img{
+	border:none;
+	float:left;
+	margin:0em;
+	margin-top:.7em;
+}
+
+#title a.right {
+	padding-bottom:1em;
+}
+
+#title a.right img {
+	border:none;
+	float:right;
+	margin:0em;
+	margin-top:.7em;
+}
+
+/*Table*/
+table {
+	border:1px solid #6c614b;
+	width:100%;
+	border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+	border-style: none;
+}
+
+table th {
+	text-align:left;
+	background-color:#6699cc;
+	padding:.3em .5em;
+	color:white;
+}
+
+table td {
+	padding:.15em .5em;
+}
+
+table tr.even td {
+	background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table  li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table  li div.para:first-child {
+	margin-top:0em;
+	padding-top:0em;
+	display:inline;
+}
+
+th, td {
+	border-style:none;
+	vertical-align: top;
+	border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+	border: none;
+}
+
+table table td {
+	border-bottom:1px dotted #aaa;
+	background-color:white;
+	padding:.6em 0em;
+}
+
+table table {
+	border:1px solid white;
+}
+
+td.remarkval {
+	color:#444;
+}
+
+td.fieldval {
+	font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+	color:white;
+	font-weight:bold;
+	background-color:#999;
+	width:120px;
+}
+
+td.remarkval {
+	width:230px;
+}
+
+td.tname {
+	font-weight:bold;
+}
+
+th.dbfield {
+	width:120px;
+}
+
+th.dbtype {
+	width:70px;
+}
+
+th.dbdefault {
+	width:70px;
+}
+
+th.dbnul {
+	width:70px;
+}
+
+th.dbkey {
+	width:70px;
+}
+
+span.book {
+	margin-top:4em;
+	display:block;
+}
+
+span.chapter {
+	display:block;
+	margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+	border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+	content:" ";
+}
+
+#breadcrumbs {
+	color:#900;
+	padding:3px;
+	margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+	margin-left:0;
+	padding-left:0;
+	display:inline;
+	border:none;
+}
+
+#breadcrumbs ul li {
+	margin-left:0;
+	padding-left:2px;
+	border:none;
+	list-style:none;
+	display:inline;
+}
+
+#breadcrumbs ul li:before {
+	content:"\0020 \0020 \0020 \00BB \0020";
+	color:#333;
+}
+
+/*index*/
+.glossary h3, 
+.index h3 {
+	font-size: 2em;
+	color:#aaa;
+	margin:0em;
+}
+
+.indexdiv {
+	margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+	color:#444;
+	padding-top:.5em;
+}
+
+.glossary dl dl dt, 
+.index dl dl dt {
+	color:#777;
+	font-weight:normal;
+	padding-top:0em;
+}
+
+.index dl dl dt:before {
+	content:"- ";
+	color:#ccc;
+}
+
+/*changes*/
+.footnote {
+	font-size: .7em;
+	margin:0em;
+	color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+	color:#999;
+	margin:0em;
+	padding:0em;
+	line-height: .4em;
+	font-size: 1em;
+	padding-left:0em;
+}
+
+.footnote {
+	position:relative;
+}
+
+.footnote sup  {
+	color:#e3dcc0;
+	position:absolute;
+	left: .4em;
+}
+
+.footnote sup a:link, 
+.footnote sup a:visited {
+	color:#92917d;
+	text-decoration:none;
+}
+
+.footnote:hover sup a {
+	text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+	padding-left:2em;
+}
+
+.footnote a:link, 
+.footnote a:visited {
+	color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+	margin-top:3em;
+}
+
+div.section {
+	margin-top:1em;
+}
+
+div.note .replaceable, 
+div.important .replaceable, 
+div.warning .replaceable, 
+div.note .keycap, 
+div.important .keycap, 
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+	border:none;
+	text-decoration:none;
+	font-weight:normal;
+}
+
+.docnav {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	position:relative;
+	width:100%;
+	padding-bottom:2em;
+	padding-top:1em;
+	border-top:1px dotted #ccc;
+}
+
+.docnav li {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	display:inline;
+	font-size:.8em;
+}
+
+.docnav li:before {
+	content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+	position:absolute;
+	top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+	margin:0em 1.5em;
+}
+
+.docnav li.previous {
+	left:0px;
+	text-align:left;
+}
+
+.docnav li.next {
+	right:0px;
+	text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+	height:22px;
+	display:block;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+.docnav li.next a strong {
+	background:  url(../images/stock-go-forward.png) top right no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-right:28px;
+	font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+	background: url(../images/stock-go-back.png) top left no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-left:28px;
+	padding-right:0.5em;
+	font-size:1.2em;
+}
+
+.docnav li.home a strong {
+	background: url(../images/stock-home.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav li.up a strong {
+	background: url(../images/stock-go-up.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+	color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+	color:black;
+}
+
+.docnav a {
+	max-width: 10em;
+	overflow:hidden;
+}
+
+.docnav a:link strong {
+	text-decoration:none;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+ul.docnav {
+	margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.reports li{
+	margin:0em;
+	padding:0em;
+}
+
+.reports li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.reports dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.reports div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+	max-width:57em ;
+	padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+	display:block;
+	float:left;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	height:1em;
+}
+
+div.progress span {
+	height:1em;
+	float:left;
+}
+
+div.progress span.translated {
+	background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+	background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.results li{
+	margin:0em;
+	padding:0em;
+}
+
+.results li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.results dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.results dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.results dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.results h2, .results h3 {
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.results div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+	-moz-border-radius:11px;
+	-webkit-border-radius:11px;
+	border-radius: 11px;
+}
+
+.example {
+	-moz-border-radius:0px;
+	-webkit-border-radius:0px;
+	border-radius: 0px;
+}
+
+.package, .citetitle {
+	font-style: italic;
+}
+
+.titlepage .edition {
+	color: #336699;
+	background-color: transparent;
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	font-weight: bold;
+	text-align: center;
+}
+
+span.remark {
+	background-color: #ff00ff;
+}
+
+.draft {
+	background-image: url(../images/watermark-draft.png);
+	background-repeat: repeat-y;
+        background-position: center;
+}
+
+.foreignphrase {
+	font-style: inherit;
+}
+
+dt {
+	clear:both;
+}
+
+dt img {
+	border-style: none;
+	max-width: 112px;
+}
+
+dt object {
+	max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+	display: inline;
+	float: left;
+	margin-bottom: 1em;
+	padding-right: 1em;
+	width: 112px;
+}
+
+dl:after {
+	display: block;
+	clear: both;
+	content: "";
+}
+
+.toc dd {
+	padding-bottom: 0em;
+	margin-bottom: 1em;
+	padding-left: 1.3em;
+	margin-left: 0em;
+}
+
+div.toc > dl > dt {
+	padding-bottom: 0em;
+	margin-bottom: 0em;
+	margin-top: 1em;
+}
+
+
+.strikethrough {
+	text-decoration: line-through;
+}
+
+.underline {
+	text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+	padding: 0em;
+	margin: 0em;
+	width: 12pt;
+	display: inline;
+	vertical-align: middle;
+}
+
+.stepalternatives {
+	list-style-image: none;
+	list-style-type: none;
+}
+
+
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/default.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/default.css
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/lang.css b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/overrides.css b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..bd5f3c7
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,47 @@
+a:link {
+	color:#0066cc;
+}
+
+a:visited {
+	color:#6699cc;
+}
+
+h1 {
+	color:#a70000;
+}
+
+.producttitle {
+	background: #a70000 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+	color:#a70000;
+}
+
+h2,h3,h4,h5,h6 {
+	color:#a70000;
+}
+
+table {
+	border:1px solid #aaa;
+}
+
+table th {
+	background-color:#900;
+}
+
+table tr.even td {
+	background-color:#f5f5f5;
+}
+
+.revhistory table th {
+	color:#a70000;
+}
+
+.titlepage .edition {
+	color: #a70000;
+}
+
+span.remark{
+	background-color: #ffff00;
+}
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/print.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/css/print.css
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/1.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..270707b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/1.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/1.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..0a7036e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/10.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..ec548f3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/10.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/10.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..d1c32c7
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/11.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..f59d84b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/11.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/11.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..872d14a
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/12.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..c8a3906
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/12.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/12.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..6bc95d2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/13.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..2db6743
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/13.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/13.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..cf105bc
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/14.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..1a12fb3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/14.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/14.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..1009bce
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/15.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..2532d13
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/15.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/15.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..52daf8d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2839"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2841"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/16.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..3b3f17f
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/16.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/16.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..95dedc2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/17.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d0f12f7
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/17.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/17.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..7b3e327
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/18.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..ed2f1fe
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/18.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/18.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..fc744d5
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/19.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..a145b4a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/19.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/19.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..69c6f5f
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/2.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..126f8fd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/2.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/2.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..15424b2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
 9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/20.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b23618f
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/20.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/20.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..7abd11e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/21.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..91b602b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/21.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/21.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..8d33472
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/22.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..33e0374
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/22.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/22.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..0224965
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/23.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..cc961c1
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/23.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/23.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..72609f4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/24.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..17b1531
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/24.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/24.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..5b34c33
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/25.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..193686c
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/25.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/25.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..4f57373
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/26.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..e8bf82a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/26.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/26.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..aff5a90
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/27.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..06dfc67
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/27.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/27.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..0769006
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/28.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..065ce1a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/28.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/28.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..60cf157
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/29.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..8f28d5b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/29.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/29.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..6dc6635
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/3.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..9e3ae40
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/3.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/3.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..2e88abd
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
 0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
 9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/30.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..d583185
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/30.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/30.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..717ae1c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/31.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..9146925
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/31.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/31.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..25c7b52
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/32.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..cbc972e
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/32.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/32.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..79866e8
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/33.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..7c1ab6a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/33.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/33.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..01c3222
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/34.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..2585ddc
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/34.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/34.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..cf9cf7c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/35.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..86ff09c
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/35.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/35.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..948ed84
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/36.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..c4a7f79
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/36.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/36.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..cff32b5
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/37.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..91cf6ae
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/37.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/37.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..6694ee4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/38.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..882f8cd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/38.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/38.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..26ded93
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/39.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..cc0726d
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/39.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/39.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..082c1b1
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/4.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..266e714
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/4.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/4.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..25888e4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/40.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..b92fd2f
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/40.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/40.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..33ef96a
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/5.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..94153bd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/5.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/5.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..7d1dabd
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
 49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/6.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..792940e
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/6.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/6.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..3ab7c39
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
 7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
 98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+       id="path2846"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/7.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..59eaefd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/7.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/7.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..ab9cb5d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+       id="path2832"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/8.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..6aad94b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/8.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/8.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..23b1e20
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
 9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
 096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
 8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/9.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..2478355
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/9.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/9.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..80db11b
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
 154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
 9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/bkgrnd_greydots.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/bkgrnd_greydots.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/bullet_arrowblue.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/bullet_arrowblue.png
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/documentation.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..7ae45bd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/dot.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/dot.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/dot2.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/dot2.png
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/green.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/green.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/h1-bg.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..31397b5
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/image_left.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/image_right.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..7ae45bd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/important.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..eb42966
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/important.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/important.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..064c783
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/important.svg
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="48"
+   height="48"
+   id="svg2">
+  <defs
+     id="defs5" />
+  <path
+     d="M 255.25,-411.29002 L 261.86798,-400.85887 L 273.83367,-397.7882 L 265.95811,-388.27072 L 266.73534,-375.94179 L 255.25,-380.49082 L 243.76466,-375.94179 L 244.54189,-388.27072 L 236.66633,-397.7882 L 248.63202,-400.85887 L 255.25,-411.29002 z "
+     transform="matrix(1.1071323,0,0,1.1071323,-258.4137,459.98052)"
+     style="fill:#2e3436;fill-opacity:1;stroke:#2e3436;stroke-width:4.25880718;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path4450" />
+  <path
+     d="M 255.25,-411.29002 L 261.86798,-400.85887 L 273.83367,-397.7882 L 265.95811,-388.27072 L 266.73534,-375.94179 L 255.25,-380.49082 L 243.76466,-375.94179 L 244.54189,-388.27072 L 236.66633,-397.7882 L 248.63202,-400.85887 L 255.25,-411.29002 z "
+     transform="matrix(1.1071323,0,0,1.1071323,-258.4137,459.98052)"
+     style="fill:#fac521;fill-opacity:1;stroke-width:3.4070456;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path4452" />
+  <path
+     d="M 24.175987,4.476098 L 16.980534,16.087712 L 3.9317841,19.443104 L 16.980534,20.076901 L 24.175987,10.383543 L 31.408721,20.076901 L 44.457471,19.443104 L 31.468862,16.027571 L 24.175987,4.476098 z "
+     style="fill:#feeaab;fill-opacity:1;stroke-width:3.4070456;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path4531" />
+  <path
+     d="M 12.456856,24.055852 C 11.65845,24.299685 14.436112,29.177769 14.436112,32.041127 C 14.436112,37.343117 13.010825,39.831516 15.971742,37.364645 C 18.711008,35.08244 21.184735,34.873512 24.195894,34.873512 C 27.207053,34.873512 29.646656,35.08244 32.38592,37.364645 C 35.346837,39.831516 33.921551,37.343117 33.92155,32.041127 C 33.92155,28.223316 38.868232,20.827013 33.682674,25.591482 C 31.458295,27.635233 27.413886,29.481744 24.195894,29.481744 C 20.977903,29.481744 16.933493,27.635233 14.709113,25.591482 C 13.412724,24.400365 12.722992,23.974574 12.456856,24.055852 z "
+     style="fill:#fcd867;fill-opacity:1;stroke-width:3.4070456;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path2185" />
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/note.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..2b421d2
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/note.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/note.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..abe5a60
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/note.svg
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="48"
+   height="48"
+   id="svg2">
+  <defs
+     id="defs5" />
+  <path
+     d="M 30.27396,4.1232594 L 18.765811,4.1232594 C 11.476786,4.1232594 5.5574109,10.546411 5.5574109,19.960741 C 5.5574109,24.746615 7.0844878,29.075948 9.5403943,32.177328 C 9.4616811,32.681104 9.414455,33.200619 9.414455,33.720144 C 9.414455,39.308917 13.554865,43.591015 18.891751,44.267966 C 17.506371,42.693663 16.656245,40.914707 16.656245,38.616218 C 16.656245,38.01799 16.719219,37.419752 16.82942,36.837262 C 17.459135,36.963202 18.104599,37.026176 18.750063,37.026176 L 30.258211,37.026176 C 37.547237,37.026176 43.466612,29.39081 43.466612,19.960741 C 43.466612,10.530672 37.578724,4.1232594 30.27396,4.1232594 z "
+     style="fill:#2e3436;fill-opacity:1;stroke:#2e3436;stroke-width:4.7150631;stroke-miterlimit:4;stroke-dasharray:none"
+     id="path4317" />
+  <path
+     d="M 30.27396,4.1232594 L 18.765811,4.1232594 C 11.476786,4.1232594 5.5574109,10.546411 5.5574109,19.960741 C 5.5574109,24.746615 7.0844878,29.075948 9.5403943,32.177328 C 9.4616811,32.681104 9.414455,33.200619 9.414455,33.720144 C 9.414455,39.308917 13.554865,43.591015 18.891751,44.267966 C 17.506371,42.693663 16.656245,40.914707 16.656245,38.616218 C 16.656245,38.01799 16.719219,37.419752 16.82942,36.837262 C 17.459135,36.963202 18.104599,37.026176 18.750063,37.026176 L 30.258211,37.026176 C 37.547237,37.026176 43.466612,29.39081 43.466612,19.960741 C 43.466612,10.530672 37.578724,4.1232594 30.27396,4.1232594 z "
+     style="fill:#bfdce8;fill-opacity:1"
+     id="path142" />
+  <path
+     d="M 19.200879,5.5648899 C 12.490241,5.5648899 7.0622987,11.295775 7.0622987,19.690323 C 7.0622987,22.890926 7.8418023,25.879852 9.1910836,28.332288 C 8.6113289,26.599889 8.2852163,24.667826 8.2852163,22.673336 C 8.2852163,14.629768 13.495502,9.1620492 19.925575,9.1620492 L 30.071259,9.1620492 C 36.515213,9.1620492 41.711609,14.616311 41.711609,22.673336 C 41.864688,21.709218 41.983366,20.710908 41.983366,19.690323 C 41.983366,11.281743 36.524624,5.5648899 29.799492,5.5648899 L 19.200879,5.5648899 z "
+     style="fill:#ffffff"
+     id="path2358" />
+  <path
+     d="M 28.241965,33.725087 L 20.792252,33.725087 C 16.073756,33.725087 12.241894,32.944782 12.241894,26.850486 C 12.241894,25.10387 12.368512,23.572125 15.515722,23.567487 L 33.508301,23.540969 C 36.182481,23.537028 36.782127,24.950794 36.782127,26.850486 C 36.782127,32.95497 32.970649,33.725087 28.241965,33.725087 z "
+     style="fill:#d0ecf9;fill-opacity:1"
+     id="path2173" />
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/red.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/red.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/redhat-logo.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/redhat-logo.svg
new file mode 100644
index 0000000..1001776
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/redhat-logo.svg
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="140"
+   id="svg2812"
+   sodipodi:version="0.32"
+   inkscape:version="0.45+devel"
+   version="1.0"
+   sodipodi:docname="redhat-logo.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     inkscape:document-units="mm"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="174.26394"
+     inkscape:cy="40.358463"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="722"
+     inkscape:window-height="523"
+     inkscape:window-x="71"
+     inkscape:window-y="636"
+     width="300px"
+     height="140px" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-13.714282,-252.57246)">
+    <g
+       transform="matrix(2.1166666,0,0,2.1166666,-32.193429,187.76029)"
+       id="shadowman">
+      <path
+         d="M 55.68466,68.503937 C 55.68466,79.688581 46.617715,88.755526 35.433071,88.755526 C 24.248427,88.755526 15.181482,79.688581 15.181482,68.503937 C 15.181482,57.319293 24.248427,48.252348 35.433071,48.252348 C 46.617715,48.252348 55.68466,57.319293 55.68466,68.503937 z"
+         transform="matrix(1.10693,0,0,1.10693,5.005761,-12.00975)"
+         style="fill:#ffffff"
+         id="path4548" />
+      <path
+         d="M 147.81332,72.126073 C 147.81332,73.329962 147.86057,74.57586 148.03519,75.740362 L 146.64882,75.740362 L 146.42826,73.559712 L 146.35605,73.559712 C 145.61822,74.733404 143.92333,76.086957 141.50635,76.086957 C 138.4461,76.086957 137.02164,73.933874 137.02164,71.904202 C 137.02164,68.394942 140.11998,66.27862 146.30878,66.34295 L 146.30878,65.937278 C 146.30878,64.432747 146.01471,61.431561 142.41879,61.45388 C 141.08756,61.45388 139.70118,61.810976 138.5997,62.588186 L 138.1205,61.494579 C 139.51083,60.551948 141.20703,60.180411 142.58291,60.180411 C 146.97178,60.180411 147.81201,63.475677 147.81201,66.194597 L 147.81201,72.126073 L 147.81332,72.126073 z M 146.30878,67.609855 C 142.99645,67.514016 138.62333,68.015527 138.62333,71.667888 C 138.62333,73.853791 140.06616,74.835806 141.65077,74.835806 C 144.1859,74.835806 145.62742,73.266945 146.15124,71.786044 C 146.26152,71.460456 146.3101,71.134869 146.3101,70.874924 L 146.3101,67.609855 L 146.30878,67.609855 z
  M 153.80387,57.175286 L 153.80387,60.527004 L 158.13891,60.527004 L 158.13891,61.747959 L 153.80387,61.747959 L 153.80387,71.635066 C 153.80387,73.568902 154.40385,74.780665 156.03835,74.780665 C 156.82343,74.780665 157.37877,74.676951 157.76606,74.541727 L 157.94856,75.707542 C 157.45754,75.912347 156.76567,76.072514 155.84798,76.072514 C 154.73862,76.072514 153.81831,75.723296 153.22358,74.994662 C 152.53566,74.195133 152.29934,72.917726 152.29934,71.365932 L 152.29934,61.746646 L 149.7314,61.746646 L 149.7314,60.525692 L 152.29934,60.525692 L 152.29934,57.729312 L 153.80387,57.175286 z M 129.02767,60.179099 C 127.87105,60.179099 126.8339,60.512563 125.96348,61.052146 C 125.05891,61.581226 124.3224,62.399135 123.88522,63.247239 L 123.8222,63.247239 L 123.8222,55.719331 L 122.31767,55.309721 L 122.31767,75.740362 L 123.8222,75.740362 L 123.8222,66.437475 C 123.8222,65.819121 123.86947,65.39113 124.02832,64.938196 C 124.67818,63.046372 126.45974,61.493265 128.61545,61.49326
 5 C 131.72953,61.493265 132.80739,63.990315 132.80739,66.730242 L 132.80739,75.73905 L 134.31191,75.73905 L 134.31191,66.564822 C 134.31191,60.899855 130.4692,60.179099 129.02767,60.179099 z"
+         id="path620" />
+      <path
+         d="M 78.208384,65.270348 C 78.208384,63.205228 78.16506,61.686255 78.08235,60.311696 L 81.460325,60.311696 L 81.604739,63.240675 L 81.713705,63.240675 C 82.473849,61.069213 84.273772,59.961164 85.938472,59.961164 C 86.319199,59.961164 86.541071,59.976918 86.853532,60.045187 L 86.853532,63.719867 C 86.488557,63.648972 86.147215,63.609587 85.677213,63.609587 C 83.819525,63.609587 82.528988,64.792469 82.181081,66.560884 C 82.115438,66.904852 82.079992,67.318401 82.079992,67.738514 L 82.079992,75.73905 L 78.176875,75.73905 L 78.208384,65.270348 z M 91.56274,69.076313 C 91.666455,71.871381 93.83004,73.093647 96.328402,73.093647 C 98.123074,73.093647 99.405732,72.814009 100.58599,72.379455 L 101.16365,75.064243 C 99.842914,75.623519 98.010169,76.042319 95.771752,76.042319 C 90.763211,76.042319 87.82767,72.949234 87.82767,68.220332 C 87.82767,63.961432 90.411366,59.933594 95.372644,59.933594 C 100.38906,59.933594 102.02225,64.059896 102.02225,67.436558 C 102.02225,68.16256
 6 101.95792,68.744161 101.88309,69.103883 L 91.56274,69.076313 z M 98.348885,66.358704 C 98.365952,64.929006 97.743659,62.59869 95.129766,62.59869 C 92.728556,62.59869 91.730785,64.778027 91.554863,66.358704 L 98.348885,66.358704 z M 118.82942,54.363153 L 114.93024,53.307617 L 114.93024,61.97377 L 114.8659,61.97377 C 114.17665,60.834212 112.65375,59.962477 110.54268,59.962477 C 106.83386,59.962477 103.60162,63.033244 103.62656,68.201952 C 103.62656,72.945296 106.54372,76.086957 110.22759,76.086957 C 112.45288,76.086957 114.31582,75.024857 115.23745,73.297141 L 115.30703,73.297141 L 115.48164,75.73905 L 118.95675,75.73905 C 118.88586,74.690078 118.82809,72.991246 118.82809,71.411881 L 118.82809,54.363153 L 118.82942,54.363153 z M 114.92893,69.050056 C 114.92893,69.459667 114.90136,69.840395 114.81077,70.189614 C 114.41823,71.877945 113.0371,72.966301 111.44198,72.966301 C 108.98563,72.966301 107.57957,70.894617 107.57957,68.060164 C 107.57957,65.198141 108.97382,62.983355 111
 .48662,62.983355 C 113.2406,62.983355 114.49568,64.220064 114.84228,65.72197 C 114.90922,66.038368 114.92893,66.428286 114.92893,66.738119 L 114.92893,69.050056 L 114.92893,69.050056 z"
+         id="path616" />
+      <path
+         d="M 161.80517,73.528501 C 160.90479,73.528501 160.18937,74.243893 160.18939,75.144292 C 160.18939,76.044668 160.90478,76.760094 161.80517,76.760081 C 162.70554,76.760081 163.42095,76.041202 163.42097,75.144292 C 163.42097,74.24046 162.70554,73.528501 161.80517,73.528501 z M 161.80517,73.803529 C 162.54687,73.803529 163.14594,74.402585 163.14593,75.144292 C 163.14593,75.882533 162.54342,76.485053 161.80517,76.485053 C 161.06348,76.485053 160.46441,75.882523 160.46441,75.144292 C 160.46441,74.402596 161.06346,73.80354 161.80517,73.803529 z M 161.25512,74.319207 L 161.25512,75.969376 L 161.49577,75.969376 L 161.49577,75.247426 L 161.80517,75.247426 L 162.2521,75.969376 L 162.52712,75.969376 L 162.04582,75.247426 C 162.29078,75.216382 162.49274,75.06625 162.49274,74.766128 C 162.49273,74.438393 162.30159,74.319207 161.90832,74.319207 L 161.25512,74.319207 z M 161.49577,74.525479 L 161.83955,74.525479 C 162.0155,74.525467 162.21771,74.562596 162.21771,74.766128 C 162.21
 773,75.02142 162.01906,75.041156 161.80517,75.041156 L 161.49577,75.041156 L 161.49577,74.525479 z"
+         id="path650" />
+      <path
+         d="M 63.115808,76.090895 C 60.810796,75.504093 58.522203,75.797079 56.285026,76.486064 C 56.010655,76.526189 56.159301,76.830359 56.114355,76.953441 C 56.240389,77.319727 56.032958,77.717522 54.998429,77.944646 C 53.465014,78.282048 52.496128,79.864039 51.942103,80.389181 C 51.290927,81.007536 49.45293,81.388262 49.729943,81.01935 C 49.946565,80.730522 50.773662,79.83253 51.276485,78.861018 C 51.726795,77.99322 52.127215,77.746405 52.678614,76.919305 C 52.841408,76.676428 53.46764,75.824385 53.650127,75.149578 C 53.854932,74.490525 53.786663,73.663427 53.865435,73.323398 C 53.97834,72.83239 54.440465,71.767665 54.477226,71.166377 C 54.496918,70.825035 53.056716,71.650821 52.372719,71.650821 C 51.688722,71.650821 51.024417,71.242523 50.412627,71.21364 C 49.657736,71.17688 49.17198,71.795235 48.489295,71.68758 C 48.098065,71.625877 47.769852,71.281909 47.087167,71.255652 C 46.115654,71.220205 44.928834,71.795235 42.698294,71.724341 C 40.507139,71.653447 38.480092,68.9
 52905 38.204394,68.523601 C 37.880118,68.019465 37.484949,68.019465 37.054333,68.414634 C 36.622404,68.809804 36.090697,68.498657 35.939718,68.234773 C 35.652203,67.73195 34.882871,66.258927 33.692111,65.951719 C 32.044479,65.523729 31.210817,66.864153 31.31847,67.928878 C 31.427438,69.010669 32.127189,69.31394 32.451465,69.887656 C 32.77574,70.462687 32.94116,70.834225 33.54901,71.088919 C 33.980939,71.267467 34.142421,71.53529 34.013762,71.888448 C 33.900856,72.198281 33.451859,72.269175 33.156467,72.282304 C 31.933813,72.291845 31.468231,71.67907 30.76576,70.807968 C 30.388969,70.188301 29.79556,69.919166 29.103685,69.919166 C 28.774159,69.919166 28.465638,70.005814 28.191252,70.147603 C 27.106833,70.710817 25.817611,71.045595 24.429922,71.045595 L 22.863688,71.045595 C 22.102232,68.784859 21.688683,66.365268 21.688683,63.847213 C 21.688683,51.409229 31.770093,41.32782 44.208077,41.32782 C 56.646061,41.32782 66.72747,51.410542 66.72747,63.847213 C 66.730097,68.36212 65.40
 1488,72.565881 63.115808,76.090895 z M 49.170707,74.025807 C 49.286239,74.138712 49.485793,74.518127 49.241602,75.001258 C 49.105065,75.257265 48.956712,75.437126 48.694141,75.647183 C 48.37643,75.900564 47.758075,76.194643 46.908658,75.65506 C 46.451785,75.364919 46.424215,75.267768 45.794044,75.349165 C 45.343735,75.408243 45.163874,74.953995 45.326668,74.575893 C 45.488149,74.199104 46.152454,73.893208 46.980865,74.378965 C 47.353716,74.598211 47.932685,75.059024 48.44076,74.649413 C 48.65213,74.481367 48.778164,74.368462 49.069618,74.031058 C 49.082746,74.015304 49.101126,74.007427 49.122132,74.007427 C 49.140512,74.007427 49.157579,74.013991 49.170707,74.025807 z"
+         id="path632" />
+      <path
+         d="M 63.115853,76.089615 C 65.401534,72.564599 66.72883,68.36215 66.72883,63.849868 C 66.72883,51.411879 56.647417,41.330466 44.209428,41.330466 C 31.77144,41.330466 21.690027,51.413192 21.690027,63.849868 C 21.690027,66.367923 22.103576,68.787515 22.865032,71.046939 C 25.868844,79.95466 34.290809,86.367957 44.209428,86.367957 C 52.133821,86.367957 59.101143,82.275788 63.115853,76.089615 z"
+         style="fill:none"
+         id="path646" />
+      <path
+         d="M 56.917822,57.857972 C 56.694636,58.606299 56.378238,59.562056 54.970858,60.285439 C 54.766053,60.390468 54.687282,60.218483 54.781807,60.057003 C 55.313513,59.151133 55.409352,58.925322 55.562956,58.568226 C 55.779577,58.047022 55.892482,57.303946 55.463179,55.754779 C 54.615075,52.707643 52.849285,48.633855 51.564001,47.31181 C 50.32598,46.037029 48.079686,45.677306 46.050011,46.19851 C 45.302998,46.390186 43.839164,47.151642 41.126807,46.539852 C 36.433353,45.483004 35.738853,47.833013 35.468405,48.857041 C 35.197956,49.881066 34.552032,52.791666 34.552032,52.791666 C 34.33541,53.977174 34.05446,56.038354 41.342116,57.426043 C 44.737158,58.071966 44.910455,58.950266 45.060119,59.58175 C 45.329254,60.712117 45.761183,61.360667 46.245627,61.682316 C 46.731383,62.006591 46.245627,62.274414 45.707356,62.329554 C 44.260592,62.480532 38.917273,60.947118 35.754607,59.151133 C 33.168283,57.570457 33.124958,56.147322 33.717056,54.939495 C 29.808689,54.516756 26.877084
 ,55.304469 26.345378,57.155594 C 25.431631,60.330077 33.324513,65.752165 42.311003,68.473712 C 51.741236,71.329172 61.440606,69.336258 62.519772,63.40872 C 63.012093,60.71343 60.74348,58.721829 56.917822,57.857972 z M 42.458041,52.053841 C 39.857276,52.241579 39.586829,52.52253 39.099759,53.041108 C 38.411824,53.772368 37.507268,52.090601 37.507268,52.090601 C 36.965059,51.976382 36.306006,51.100708 36.661789,50.2828 C 37.012321,49.474082 37.658246,49.71696 37.860425,49.969029 C 38.107242,50.274923 38.633697,50.777747 39.315068,50.759366 C 39.997753,50.7423 40.785465,50.597886 41.884324,50.597886 C 42.998938,50.597886 43.745953,51.014061 43.789276,51.371156 C 43.823411,51.675739 43.698689,51.964567 42.458041,52.053841 z M 45.191406,47.754243 C 45.187466,47.754243 45.183528,47.755556 45.179589,47.755556 C 45.138891,47.755556 45.107383,47.72536 45.107383,47.687287 C 45.107383,47.659717 45.123137,47.636085 45.14808,47.625583 C 45.652218,47.359073 46.404482,47.147704 47.265715,4
 7.059743 C 47.524347,47.032172 47.776416,47.019045 48.019294,47.016418 C 48.062617,47.016418 48.103316,47.016418 48.147954,47.017731 C 49.592094,47.04924 50.746092,47.622957 50.729025,48.299078 C 50.711958,48.973884 49.527763,49.495088 48.084936,49.46358 C 47.617561,49.453076 47.179067,49.384807 46.800965,49.275842 C 46.756328,49.264025 46.723506,49.225952 46.723506,49.181315 C 46.723506,49.135365 46.756328,49.097292 46.802278,49.08679 C 47.702895,48.878046 48.310747,48.538016 48.268737,48.215055 C 48.212283,47.788376 47.03334,47.557315 45.637776,47.696476 C 45.484171,47.713544 45.334507,47.733237 45.191406,47.754243 z"
+         style="fill:#cc0000"
+         id="path648" />
+      <use
+         transform="translate(-94.61853,1.913321)"
+         id="use4312"
+         x="0"
+         y="0"
+         width="744.09448"
+         height="1052.3622"
+         xlink:href="#path650" />
+    </g>
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/rhlogo.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/rhlogo.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/rhlogo.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/shade.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/shade.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/shine.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/shine.png
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-back.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..8160290
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-forward.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..be86474
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-up.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..52a31ed
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-home.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..b9ce2b8
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..1001776
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="140"
+   id="svg2812"
+   sodipodi:version="0.32"
+   inkscape:version="0.45+devel"
+   version="1.0"
+   sodipodi:docname="redhat-logo.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     inkscape:document-units="mm"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="174.26394"
+     inkscape:cy="40.358463"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="722"
+     inkscape:window-height="523"
+     inkscape:window-x="71"
+     inkscape:window-y="636"
+     width="300px"
+     height="140px" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-13.714282,-252.57246)">
+    <g
+       transform="matrix(2.1166666,0,0,2.1166666,-32.193429,187.76029)"
+       id="shadowman">
+      <path
+         d="M 55.68466,68.503937 C 55.68466,79.688581 46.617715,88.755526 35.433071,88.755526 C 24.248427,88.755526 15.181482,79.688581 15.181482,68.503937 C 15.181482,57.319293 24.248427,48.252348 35.433071,48.252348 C 46.617715,48.252348 55.68466,57.319293 55.68466,68.503937 z"
+         transform="matrix(1.10693,0,0,1.10693,5.005761,-12.00975)"
+         style="fill:#ffffff"
+         id="path4548" />
+      <path
+         d="M 147.81332,72.126073 C 147.81332,73.329962 147.86057,74.57586 148.03519,75.740362 L 146.64882,75.740362 L 146.42826,73.559712 L 146.35605,73.559712 C 145.61822,74.733404 143.92333,76.086957 141.50635,76.086957 C 138.4461,76.086957 137.02164,73.933874 137.02164,71.904202 C 137.02164,68.394942 140.11998,66.27862 146.30878,66.34295 L 146.30878,65.937278 C 146.30878,64.432747 146.01471,61.431561 142.41879,61.45388 C 141.08756,61.45388 139.70118,61.810976 138.5997,62.588186 L 138.1205,61.494579 C 139.51083,60.551948 141.20703,60.180411 142.58291,60.180411 C 146.97178,60.180411 147.81201,63.475677 147.81201,66.194597 L 147.81201,72.126073 L 147.81332,72.126073 z M 146.30878,67.609855 C 142.99645,67.514016 138.62333,68.015527 138.62333,71.667888 C 138.62333,73.853791 140.06616,74.835806 141.65077,74.835806 C 144.1859,74.835806 145.62742,73.266945 146.15124,71.786044 C 146.26152,71.460456 146.3101,71.134869 146.3101,70.874924 L 146.3101,67.609855 L 146.30878,67.609855 z
  M 153.80387,57.175286 L 153.80387,60.527004 L 158.13891,60.527004 L 158.13891,61.747959 L 153.80387,61.747959 L 153.80387,71.635066 C 153.80387,73.568902 154.40385,74.780665 156.03835,74.780665 C 156.82343,74.780665 157.37877,74.676951 157.76606,74.541727 L 157.94856,75.707542 C 157.45754,75.912347 156.76567,76.072514 155.84798,76.072514 C 154.73862,76.072514 153.81831,75.723296 153.22358,74.994662 C 152.53566,74.195133 152.29934,72.917726 152.29934,71.365932 L 152.29934,61.746646 L 149.7314,61.746646 L 149.7314,60.525692 L 152.29934,60.525692 L 152.29934,57.729312 L 153.80387,57.175286 z M 129.02767,60.179099 C 127.87105,60.179099 126.8339,60.512563 125.96348,61.052146 C 125.05891,61.581226 124.3224,62.399135 123.88522,63.247239 L 123.8222,63.247239 L 123.8222,55.719331 L 122.31767,55.309721 L 122.31767,75.740362 L 123.8222,75.740362 L 123.8222,66.437475 C 123.8222,65.819121 123.86947,65.39113 124.02832,64.938196 C 124.67818,63.046372 126.45974,61.493265 128.61545,61.49326
 5 C 131.72953,61.493265 132.80739,63.990315 132.80739,66.730242 L 132.80739,75.73905 L 134.31191,75.73905 L 134.31191,66.564822 C 134.31191,60.899855 130.4692,60.179099 129.02767,60.179099 z"
+         id="path620" />
+      <path
+         d="M 78.208384,65.270348 C 78.208384,63.205228 78.16506,61.686255 78.08235,60.311696 L 81.460325,60.311696 L 81.604739,63.240675 L 81.713705,63.240675 C 82.473849,61.069213 84.273772,59.961164 85.938472,59.961164 C 86.319199,59.961164 86.541071,59.976918 86.853532,60.045187 L 86.853532,63.719867 C 86.488557,63.648972 86.147215,63.609587 85.677213,63.609587 C 83.819525,63.609587 82.528988,64.792469 82.181081,66.560884 C 82.115438,66.904852 82.079992,67.318401 82.079992,67.738514 L 82.079992,75.73905 L 78.176875,75.73905 L 78.208384,65.270348 z M 91.56274,69.076313 C 91.666455,71.871381 93.83004,73.093647 96.328402,73.093647 C 98.123074,73.093647 99.405732,72.814009 100.58599,72.379455 L 101.16365,75.064243 C 99.842914,75.623519 98.010169,76.042319 95.771752,76.042319 C 90.763211,76.042319 87.82767,72.949234 87.82767,68.220332 C 87.82767,63.961432 90.411366,59.933594 95.372644,59.933594 C 100.38906,59.933594 102.02225,64.059896 102.02225,67.436558 C 102.02225,68.16256
 6 101.95792,68.744161 101.88309,69.103883 L 91.56274,69.076313 z M 98.348885,66.358704 C 98.365952,64.929006 97.743659,62.59869 95.129766,62.59869 C 92.728556,62.59869 91.730785,64.778027 91.554863,66.358704 L 98.348885,66.358704 z M 118.82942,54.363153 L 114.93024,53.307617 L 114.93024,61.97377 L 114.8659,61.97377 C 114.17665,60.834212 112.65375,59.962477 110.54268,59.962477 C 106.83386,59.962477 103.60162,63.033244 103.62656,68.201952 C 103.62656,72.945296 106.54372,76.086957 110.22759,76.086957 C 112.45288,76.086957 114.31582,75.024857 115.23745,73.297141 L 115.30703,73.297141 L 115.48164,75.73905 L 118.95675,75.73905 C 118.88586,74.690078 118.82809,72.991246 118.82809,71.411881 L 118.82809,54.363153 L 118.82942,54.363153 z M 114.92893,69.050056 C 114.92893,69.459667 114.90136,69.840395 114.81077,70.189614 C 114.41823,71.877945 113.0371,72.966301 111.44198,72.966301 C 108.98563,72.966301 107.57957,70.894617 107.57957,68.060164 C 107.57957,65.198141 108.97382,62.983355 111
 .48662,62.983355 C 113.2406,62.983355 114.49568,64.220064 114.84228,65.72197 C 114.90922,66.038368 114.92893,66.428286 114.92893,66.738119 L 114.92893,69.050056 L 114.92893,69.050056 z"
+         id="path616" />
+      <path
+         d="M 161.80517,73.528501 C 160.90479,73.528501 160.18937,74.243893 160.18939,75.144292 C 160.18939,76.044668 160.90478,76.760094 161.80517,76.760081 C 162.70554,76.760081 163.42095,76.041202 163.42097,75.144292 C 163.42097,74.24046 162.70554,73.528501 161.80517,73.528501 z M 161.80517,73.803529 C 162.54687,73.803529 163.14594,74.402585 163.14593,75.144292 C 163.14593,75.882533 162.54342,76.485053 161.80517,76.485053 C 161.06348,76.485053 160.46441,75.882523 160.46441,75.144292 C 160.46441,74.402596 161.06346,73.80354 161.80517,73.803529 z M 161.25512,74.319207 L 161.25512,75.969376 L 161.49577,75.969376 L 161.49577,75.247426 L 161.80517,75.247426 L 162.2521,75.969376 L 162.52712,75.969376 L 162.04582,75.247426 C 162.29078,75.216382 162.49274,75.06625 162.49274,74.766128 C 162.49273,74.438393 162.30159,74.319207 161.90832,74.319207 L 161.25512,74.319207 z M 161.49577,74.525479 L 161.83955,74.525479 C 162.0155,74.525467 162.21771,74.562596 162.21771,74.766128 C 162.21
 773,75.02142 162.01906,75.041156 161.80517,75.041156 L 161.49577,75.041156 L 161.49577,74.525479 z"
+         id="path650" />
+      <path
+         d="M 63.115808,76.090895 C 60.810796,75.504093 58.522203,75.797079 56.285026,76.486064 C 56.010655,76.526189 56.159301,76.830359 56.114355,76.953441 C 56.240389,77.319727 56.032958,77.717522 54.998429,77.944646 C 53.465014,78.282048 52.496128,79.864039 51.942103,80.389181 C 51.290927,81.007536 49.45293,81.388262 49.729943,81.01935 C 49.946565,80.730522 50.773662,79.83253 51.276485,78.861018 C 51.726795,77.99322 52.127215,77.746405 52.678614,76.919305 C 52.841408,76.676428 53.46764,75.824385 53.650127,75.149578 C 53.854932,74.490525 53.786663,73.663427 53.865435,73.323398 C 53.97834,72.83239 54.440465,71.767665 54.477226,71.166377 C 54.496918,70.825035 53.056716,71.650821 52.372719,71.650821 C 51.688722,71.650821 51.024417,71.242523 50.412627,71.21364 C 49.657736,71.17688 49.17198,71.795235 48.489295,71.68758 C 48.098065,71.625877 47.769852,71.281909 47.087167,71.255652 C 46.115654,71.220205 44.928834,71.795235 42.698294,71.724341 C 40.507139,71.653447 38.480092,68.9
 52905 38.204394,68.523601 C 37.880118,68.019465 37.484949,68.019465 37.054333,68.414634 C 36.622404,68.809804 36.090697,68.498657 35.939718,68.234773 C 35.652203,67.73195 34.882871,66.258927 33.692111,65.951719 C 32.044479,65.523729 31.210817,66.864153 31.31847,67.928878 C 31.427438,69.010669 32.127189,69.31394 32.451465,69.887656 C 32.77574,70.462687 32.94116,70.834225 33.54901,71.088919 C 33.980939,71.267467 34.142421,71.53529 34.013762,71.888448 C 33.900856,72.198281 33.451859,72.269175 33.156467,72.282304 C 31.933813,72.291845 31.468231,71.67907 30.76576,70.807968 C 30.388969,70.188301 29.79556,69.919166 29.103685,69.919166 C 28.774159,69.919166 28.465638,70.005814 28.191252,70.147603 C 27.106833,70.710817 25.817611,71.045595 24.429922,71.045595 L 22.863688,71.045595 C 22.102232,68.784859 21.688683,66.365268 21.688683,63.847213 C 21.688683,51.409229 31.770093,41.32782 44.208077,41.32782 C 56.646061,41.32782 66.72747,51.410542 66.72747,63.847213 C 66.730097,68.36212 65.40
 1488,72.565881 63.115808,76.090895 z M 49.170707,74.025807 C 49.286239,74.138712 49.485793,74.518127 49.241602,75.001258 C 49.105065,75.257265 48.956712,75.437126 48.694141,75.647183 C 48.37643,75.900564 47.758075,76.194643 46.908658,75.65506 C 46.451785,75.364919 46.424215,75.267768 45.794044,75.349165 C 45.343735,75.408243 45.163874,74.953995 45.326668,74.575893 C 45.488149,74.199104 46.152454,73.893208 46.980865,74.378965 C 47.353716,74.598211 47.932685,75.059024 48.44076,74.649413 C 48.65213,74.481367 48.778164,74.368462 49.069618,74.031058 C 49.082746,74.015304 49.101126,74.007427 49.122132,74.007427 C 49.140512,74.007427 49.157579,74.013991 49.170707,74.025807 z"
+         id="path632" />
+      <path
+         d="M 63.115853,76.089615 C 65.401534,72.564599 66.72883,68.36215 66.72883,63.849868 C 66.72883,51.411879 56.647417,41.330466 44.209428,41.330466 C 31.77144,41.330466 21.690027,51.413192 21.690027,63.849868 C 21.690027,66.367923 22.103576,68.787515 22.865032,71.046939 C 25.868844,79.95466 34.290809,86.367957 44.209428,86.367957 C 52.133821,86.367957 59.101143,82.275788 63.115853,76.089615 z"
+         style="fill:none"
+         id="path646" />
+      <path
+         d="M 56.917822,57.857972 C 56.694636,58.606299 56.378238,59.562056 54.970858,60.285439 C 54.766053,60.390468 54.687282,60.218483 54.781807,60.057003 C 55.313513,59.151133 55.409352,58.925322 55.562956,58.568226 C 55.779577,58.047022 55.892482,57.303946 55.463179,55.754779 C 54.615075,52.707643 52.849285,48.633855 51.564001,47.31181 C 50.32598,46.037029 48.079686,45.677306 46.050011,46.19851 C 45.302998,46.390186 43.839164,47.151642 41.126807,46.539852 C 36.433353,45.483004 35.738853,47.833013 35.468405,48.857041 C 35.197956,49.881066 34.552032,52.791666 34.552032,52.791666 C 34.33541,53.977174 34.05446,56.038354 41.342116,57.426043 C 44.737158,58.071966 44.910455,58.950266 45.060119,59.58175 C 45.329254,60.712117 45.761183,61.360667 46.245627,61.682316 C 46.731383,62.006591 46.245627,62.274414 45.707356,62.329554 C 44.260592,62.480532 38.917273,60.947118 35.754607,59.151133 C 33.168283,57.570457 33.124958,56.147322 33.717056,54.939495 C 29.808689,54.516756 26.877084
 ,55.304469 26.345378,57.155594 C 25.431631,60.330077 33.324513,65.752165 42.311003,68.473712 C 51.741236,71.329172 61.440606,69.336258 62.519772,63.40872 C 63.012093,60.71343 60.74348,58.721829 56.917822,57.857972 z M 42.458041,52.053841 C 39.857276,52.241579 39.586829,52.52253 39.099759,53.041108 C 38.411824,53.772368 37.507268,52.090601 37.507268,52.090601 C 36.965059,51.976382 36.306006,51.100708 36.661789,50.2828 C 37.012321,49.474082 37.658246,49.71696 37.860425,49.969029 C 38.107242,50.274923 38.633697,50.777747 39.315068,50.759366 C 39.997753,50.7423 40.785465,50.597886 41.884324,50.597886 C 42.998938,50.597886 43.745953,51.014061 43.789276,51.371156 C 43.823411,51.675739 43.698689,51.964567 42.458041,52.053841 z M 45.191406,47.754243 C 45.187466,47.754243 45.183528,47.755556 45.179589,47.755556 C 45.138891,47.755556 45.107383,47.72536 45.107383,47.687287 C 45.107383,47.659717 45.123137,47.636085 45.14808,47.625583 C 45.652218,47.359073 46.404482,47.147704 47.265715,4
 7.059743 C 47.524347,47.032172 47.776416,47.019045 48.019294,47.016418 C 48.062617,47.016418 48.103316,47.016418 48.147954,47.017731 C 49.592094,47.04924 50.746092,47.622957 50.729025,48.299078 C 50.711958,48.973884 49.527763,49.495088 48.084936,49.46358 C 47.617561,49.453076 47.179067,49.384807 46.800965,49.275842 C 46.756328,49.264025 46.723506,49.225952 46.723506,49.181315 C 46.723506,49.135365 46.756328,49.097292 46.802278,49.08679 C 47.702895,48.878046 48.310747,48.538016 48.268737,48.215055 C 48.212283,47.788376 47.03334,47.557315 45.637776,47.696476 C 45.484171,47.713544 45.334507,47.733237 45.191406,47.754243 z"
+         style="fill:#cc0000"
+         id="path648" />
+      <use
+         transform="translate(-94.61853,1.913321)"
+         id="use4312"
+         x="0"
+         y="0"
+         width="744.09448"
+         height="1052.3622"
+         xlink:href="#path650" />
+    </g>
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/warning.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..3745cf6
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/warning.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..484138d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="48"
+   height="48"
+   id="svg2">
+  <defs
+     id="defs5" />
+  <path
+     d="M 26.553837,7.3026447 C 25.283816,5.0882437 23.199663,5.0882437 21.945919,7.3026447 L 3.9376032,38.711367 C 2.6675727,40.925778 3.7259346,42.749404 6.2822626,42.749404 L 42.217493,42.749404 C 44.77383,42.749404 45.832183,40.925778 44.545876,38.711367 L 26.553837,7.3026447 z "
+     style="fill:#2e3436;fill-opacity:1;stroke:#2e3436;stroke-width:4.7150631;stroke-miterlimit:4;stroke-dasharray:none"
+     id="use2812" />
+  <path
+     d="M 26.553837,7.3026447 C 25.283816,5.0882437 23.199663,5.0882437 21.945919,7.3026447 L 3.9376032,38.711367 C 2.6675727,40.925778 3.7259346,42.749404 6.2822626,42.749404 L 42.217493,42.749404 C 44.77383,42.749404 45.832183,40.925778 44.545876,38.711367 L 26.553837,7.3026447 z "
+     style="fill:#fde8a6;fill-opacity:1;stroke-width:4;stroke-miterlimit:4;stroke-dasharray:none"
+     id="path4309" />
+  <path
+     d="M 26.220057,12.491166 C 25.133792,10.597163 23.351196,10.597163 22.278859,12.491166 L 6.8761436,39.355379 C 5.789878,41.249382 6.6951041,42.809153 8.8815542,42.809153 L 39.617353,42.809153 C 41.803812,42.809153 42.709038,41.249382 41.608844,39.355379 L 26.220057,12.491166 z "
+     style="fill:#fac521;fill-opacity:1"
+     id="path2991" />
+  <path
+     d="M 28.470282,37.445157 C 28.470282,38.878008 27.2491,39.952646 25.392902,39.952646 L 25.36034,39.952646 C 23.520438,39.952646 22.282969,38.878008 22.282969,37.445157 C 22.282969,35.947181 23.553,34.921391 25.392902,34.921391 C 27.216538,34.921391 28.437711,35.947181 28.470282,37.445157 z M 28.144632,33.146613 L 29.21927,19.990446 L 21.517696,19.990446 L 22.592334,33.146613 L 28.144632,33.146613 z "
+     style="fill:#fef2cb;fill-opacity:1;stroke:#fef2cb;stroke-width:0.9430126;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+     id="path4468" />
+  <path
+     d="M 27.089325,36.371084 C 27.089325,37.803935 25.868143,38.878574 24.011955,38.878574 L 23.979392,38.878574 C 22.139481,38.878574 20.902022,37.803935 20.902022,36.371084 C 20.902022,34.873109 22.172043,33.847319 24.011955,33.847319 C 25.835581,33.847319 27.056763,34.873109 27.089325,36.371084 z M 26.763675,32.072531 L 27.838313,18.916364 L 20.136748,18.916364 L 21.211386,32.072531 L 26.763675,32.072531 z "
+     style="fill:#2e3436"
+     id="path4470" />
+</svg>
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/watermark-draft.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..e3a9852
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/yellow.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/ASCII_Cert_Export.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/ASCII_Cert_Export.png
new file mode 100644
index 0000000..6f6b16c
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/ASCII_Cert_Export.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/Accept_CA_No_Exception.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/Accept_CA_No_Exception.png
new file mode 100644
index 0000000..63758d3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/Accept_CA_No_Exception.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_Migration_Final_State.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_Migration_Final_State.png
new file mode 100755
index 0000000..fe8b961
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_Migration_Final_State.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_Migration_Initial_State.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_Migration_Initial_State.png
new file mode 100644
index 0000000..c0aaaf3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_Migration_Initial_State.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_arch.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_arch.png
new file mode 100644
index 0000000..7fc4bc1
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/IPA_arch.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/Select_User_WebUI.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/Select_User_WebUI.png
new file mode 100644
index 0000000..101c9c9
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/Select_User_WebUI.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/add_user.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/add_user.png
new file mode 100644
index 0000000..e7bda97
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/add_user.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/finalstate.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/finalstate.svg
new file mode 100755
index 0000000..85be850
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/finalstate.svg
@@ -0,0 +1,3241 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="444"
+   height="471.94431"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.48.0 r9654"
+   sodipodi:docname="finalstate.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape"
+   version="1.0"
+   inkscape:export-filename="C:\Users\elladeon\Desktop\finalstate.png"
+   inkscape:export-xdpi="90"
+   inkscape:export-ydpi="90">
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="124.79082"
+     inkscape:cy="133.55533"
+     inkscape:document-units="px"
+     inkscape:current-layer="g51234"
+     showgrid="false"
+     inkscape:window-width="1274"
+     inkscape:window-height="996"
+     inkscape:window-x="-39"
+     inkscape:window-y="80"
+     inkscape:window-maximized="0"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     showguides="false"
+     inkscape:guide-bbox="true">
+    <sodipodi:guide
+       id="guide6372"
+       position="301,506"
+       orientation="1,0" />
+  </sodipodi:namedview>
+  <defs
+     id="defs4">
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3987"
+       id="radialGradient51340"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.886887,0,0,1.602074,-235.025,-437.5826)"
+       cx="265"
+       cy="789.56696"
+       fx="265"
+       fy="789.56696"
+       r="265" />
+    <linearGradient
+       id="linearGradient3987">
+      <stop
+         id="stop3989"
+         offset="0"
+         style="stop-color:#e3dcc0;stop-opacity:0;" />
+      <stop
+         id="stop3991"
+         offset="1"
+         style="stop-color:#e3dcc0;stop-opacity:1;" />
+    </linearGradient>
+    <pattern
+       patternTransform="matrix(0.375,0,0,0.375,379,437.7952)"
+       id="pattern4015"
+       xlink:href="#white-spots"
+       inkscape:collect="always" />
+    <pattern
+       patternTransform="matrix(0.593284,0,0,0.6723114,298.46193,1419.2297)"
+       id="pattern4062"
+       xlink:href="#pattern4015"
+       inkscape:collect="always" />
+    <pattern
+       patternUnits="userSpaceOnUse"
+       width="32"
+       height="32"
+       id="white-spots"
+       patternTransform="matrix(0.375,0,0,0.375,71.51384,20.36167)">
+      <g
+         inkscape:label="#g3035"
+         id="white-spot"
+         transform="translate(-484.3997,-513.505)">
+        <path
+           sodipodi:nodetypes="czzzz"
+           d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+           id="path3033"
+           style="opacity:0.25;fill:white" />
+      </g>
+    </pattern>
+    <mask
+       id="mask4631">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-1) #000000;fill-opacity:1"
+         id="path4633" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1"
+       xlink:href="#linearGradient4584-7"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4" />
+    </linearGradient>
+    <mask
+       id="mask4631-7">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-8) #000000;fill-opacity:1"
+         id="path4633-8" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8"
+       xlink:href="#linearGradient4584-70"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-70">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0" />
+    </linearGradient>
+    <pattern
+       inkscape:collect="always"
+       xlink:href="#pattern4062"
+       id="pattern51338"
+       patternTransform="matrix(0.44763582,0,0,0.35756317,1367.612,792.51535)" />
+    <mask
+       id="mask7729">
+      <rect
+         style="fill:url(#linearGradient7733) #000000;fill-opacity:1"
+         id="rect7731"
+         y="71.481766"
+         x="483.75613"
+         height="123.26292"
+         width="103.35121" />
+    </mask>
+    <linearGradient
+       gradientTransform="matrix(0.948176,0,0,0.948176,560.558,-440.533)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient7584"
+       id="linearGradient7733"
+       y2="595.06226"
+       x2="20.999998"
+       y1="539.95715"
+       x1="20.999998" />
+    <linearGradient
+       id="linearGradient7584">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7586" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7588" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.4388067"
+       y="-0.21940336"
+       width="1.2520971"
+       x="-0.12604854"
+       id="filter9847">
+      <feGaussianBlur
+         id="feGaussianBlur9849"
+         stdDeviation="1.7113675"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5805">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5807" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5809" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.3127669"
+       y="-0.15638345"
+       width="1.1948662"
+       x="-0.09743309"
+       id="filter5917">
+      <feGaussianBlur
+         id="feGaussianBlur5919"
+         stdDeviation="0.60257196"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.233731"
+       y="-0.11686549"
+       width="1.2466146"
+       x="-0.12330729"
+       id="filter9827">
+      <feGaussianBlur
+         id="feGaussianBlur9829"
+         stdDeviation="13.567379"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient8317-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop8319-5" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8321-8" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5557">
+      <stop
+         offset="0"
+         style="stop-color: rgb(0, 147, 217); stop-opacity: 1;"
+         id="stop5559" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5561" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5541">
+      <stop
+         offset="0"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5543" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 0;"
+         id="stop5545" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10494">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0.754902;"
+         id="stop10496" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop10498" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10668">
+      <feGaussianBlur
+         id="feGaussianBlur10670"
+         stdDeviation="0.40041338"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5797">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5799" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5801" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8391">
+      <feGaussianBlur
+         id="feGaussianBlur8393"
+         stdDeviation="0.23516584"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5813">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5815" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(238, 238, 238); stop-opacity: 1;"
+         id="stop5817" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5931">
+      <stop
+         offset="0"
+         style="stop-color: rgb(162, 162, 162); stop-opacity: 1;"
+         id="stop5933" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5935" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter7106">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="0.51373373"
+         id="feGaussianBlur7108" />
+    </filter>
+    <linearGradient
+       id="linearGradient7359-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7361-9" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7363-3" />
+    </linearGradient>
+    <mask
+       id="mask7570-2">
+      <rect
+         style="fill:url(#linearGradient7574-6) #000000;fill-opacity:1"
+         id="rect7572-2"
+         y="60.362179"
+         x="536"
+         height="111"
+         width="86" />
+    </mask>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3"
+       id="linearGradient7574-6"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <linearGradient
+       id="linearGradient8481-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7576-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(137, 137, 137); stop-opacity: 1;"
+         id="stop7578-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7580-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5573-77">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5575-4" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5577-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5565-0">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5567-1" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5569-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5677-53">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5679-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5681-1" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8351-5">
+      <feGaussianBlur
+         id="feGaussianBlur8353-2"
+         stdDeviation="0.21855907"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5669-6">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5671-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5673-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.0124482"
+       y="-0.0062240968"
+       width="1.3332899"
+       x="-0.16664496"
+       id="filter8323-5">
+      <feGaussianBlur
+         id="feGaussianBlur8325-5"
+         stdDeviation="0.15442502"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10486-9">
+      <feGaussianBlur
+         id="feGaussianBlur10488-0"
+         stdDeviation="0.36649474"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient10566-93">
+      <stop
+         offset="0"
+         style="stop-color: rgb(102, 102, 102); stop-opacity: 1;"
+         id="stop10568-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop10570-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5685-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5687-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5689-7" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6414-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop6416-21" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop6418-9" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6398-9">
+      <stop
+         offset="0"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 1;"
+         id="stop6400-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop6402-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6478-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop6480-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(211, 215, 207); stop-opacity: 0;"
+         id="stop6482-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7808-7">
+      <stop
+         offset="0"
+         style="stop-color: rgb(171, 171, 171); stop-opacity: 1;"
+         id="stop7810-7" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7812-0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10554-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(168, 168, 168); stop-opacity: 1;"
+         id="stop10556-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop10558-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10534-4">
+      <feGaussianBlur
+         id="feGaussianBlur10536-7"
+         stdDeviation="0.50670758"
+         inkscape:collect="always" />
+    </filter>
+    <mask
+       id="mask4631-8">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 z"
+         style="fill:url(#linearGradient4635) #000000;fill-opacity:1"
+         id="path4633-3" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635"
+       xlink:href="#linearGradient4584"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588" />
+    </linearGradient>
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4708"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4710"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4712"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4714"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4716"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4718"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4720"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4722"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4724"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4726"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4728"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4730"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4732"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4734"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4736"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4738"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4740"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4742"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4744"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5142"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5144"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5146"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5148"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5150"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5152"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5154"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5156"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5158"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5160"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5162"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5164"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5166"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5168"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5170"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5172"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5174"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5176"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5178"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5370"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5372"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5374"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5376"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5378"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5380"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5382"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5384"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5386"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5388"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5390"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5392"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5394"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5396"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5398"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5400"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5402"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5404"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5406"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5451"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5453"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5455"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5457"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5459"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5461"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5463"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5465"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5467"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5469"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5471"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5473"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5475"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5477"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5479"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5481"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5483"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5485"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5487"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       id="linearGradient4584-70-8-6">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3-8-9" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0-3-2" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8-1-4"
+       xlink:href="#linearGradient4584-70-8-6"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7-8-5">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0-9-4" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4-6-0" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1-4-2"
+       xlink:href="#linearGradient4584-7-8-5"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient8481-3-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3-7" />
+    </linearGradient>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3-1"
+       id="linearGradient7574-6-7"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <marker
+       style="overflow:visible"
+       id="TriangleInSQ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSQ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9776" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS7"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS7">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9779" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSg"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSg">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9782" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSG"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSG">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9785" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSE"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSE">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9788" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSf"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSf">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9791" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSJ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSJ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9794" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS2"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS2">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9797" />
+    </marker>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7576-1"
+       id="linearGradient12740"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.585274"
+       y1="39.151588"
+       x2="29.061579"
+       y2="21.046715" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12742"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="21.322929"
+       y1="44.46735"
+       x2="34.585835"
+       y2="30.312105" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12744"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.246363"
+       y1="51.641129"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12746"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12748"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12750"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12752"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5685-1"
+       id="linearGradient12754"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,59.2801)"
+       x1="42.074207"
+       y1="42.648251"
+       x2="42.382099"
+       y2="30.0221" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12756"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12758"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6398-9"
+       id="linearGradient12760"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12762"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,-29)"
+       x1="603.48352"
+       y1="145.48944"
+       x2="603.48352"
+       y2="141.11491" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12764"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,55.7801)"
+       x1="41.126476"
+       y1="36.09766"
+       x2="44.599358"
+       y2="35.376236" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12766"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,64.6801)"
+       x1="53.072731"
+       y1="36.17104"
+       x2="35.096169"
+       y2="33.830193" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12768"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12770"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7808-7"
+       id="linearGradient12772"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="37.260498"
+       y1="27.37009"
+       x2="17.47529"
+       y2="37.98819" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12774"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="27.247866"
+       y1="46.597134"
+       x2="20.776503"
+       y2="33.722939" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12776"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="16.030468"
+       y1="50.84045"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12778"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12780"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12782"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12784"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10554-1"
+       id="linearGradient12786"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="48.126881"
+       y1="35.527008"
+       x2="35.096169"
+       y2="33.830193" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12788"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12790"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12792"
+       gradientUnits="userSpaceOnUse"
+       x1="603.25"
+       y1="140.36218"
+       x2="603.7171"
+       y2="144.12111" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12794"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="45.470558"
+       y1="35.187798"
+       x2="40.255276"
+       y2="36.286098" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12796"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,90.1801)"
+       x1="55.874207"
+       y1="35.072224"
+       x2="37.686401"
+       y2="33.083126" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12798"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12800"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12802"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12804"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+  </defs>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="translate(-33.785574,76.85193)"
+     id="layer1"
+     inkscape:groupmode="layer"
+     inkscape:label="Layer 1">
+    <g
+       transform="translate(20.785574,15.148096)"
+       id="g1758">
+      <g
+         inkscape:label="Layer 1"
+         id="layer1-8"
+         style="display:inline"
+         transform="translate(-204.5471,-8.3623809)">
+        <g
+           id="g51234">
+          <g
+             inkscape:label="#g4018"
+             id="background"
+             transform="matrix(0.83773585,0,0,1.0487651,217.5471,-715.37408)">
+            <rect
+               style="fill:#e3dcc0"
+               id="rect1933"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+            <rect
+               ry="19.070024"
+               rx="23.873896"
+               y="602.36218"
+               x="0"
+               height="450"
+               width="530"
+               id="rect3092"
+               style="fill:url(#pattern51338);fill-opacity:1" />
+            <rect
+               style="fill:url(#radialGradient51340);fill-opacity:1"
+               id="rect3985"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+          </g>
+          <g
+             inkscape:label="Layer 1"
+             id="layer1-0"
+             transform="matrix(0,1,-1,0,-569.42108,5708.5683)">
+            <rect
+               width="0"
+               height="24.171429"
+               rx="60.428574"
+               ry="24.171429"
+               x="-788.32996"
+               y="3808.3428"
+               id="rect5314-36"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="translate(511.139,-788.394)"
+               id="g8484" />
+            <g
+               transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+               id="g6374"
+               style="fill:#ffffff" />
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="420.08853"
+               y="-763.33875"
+               id="rect5314-1-2"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+               style="opacity:0.30729232"
+               mask="url(#mask4631)"
+               id="g4596" />
+            <g
+               transform="translate(235.628,616.018)"
+               id="g3002" />
+            <g
+               transform="translate(71.1162,-7.34373)"
+               id="g4898">
+              <g
+                 id="g4900-4">
+                <g
+                   id="g4902-3" />
+              </g>
+            </g>
+            <g
+               transform="translate(979.728,-180.625)"
+               id="g3002-4-7" />
+            <g
+               transform="translate(815.216,-803.987)"
+               id="g4898-9-7">
+              <g
+                 id="g4900-9-8">
+                <g
+                   id="g4902-1-1" />
+              </g>
+            </g>
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text19594-4"
+               y="276.983"
+               x="500.69299"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan19596-6"
+                 y="276.983"
+                 x="500.69299" /></text>
+            <g
+               transform="translate(916.728,50.3749)"
+               id="g3002-3-2" />
+            <g
+               transform="translate(752.216,-572.987)"
+               id="g4898-2-2">
+              <g
+                 id="g4900-7-1">
+                <g
+                   id="g4902-8-8" />
+              </g>
+            </g>
+            <g
+               transform="translate(-218.272,-381.625)"
+               id="g21694-0">
+              <text
+                 sodipodi:linespacing="125%"
+                 x="321.965"
+                 y="658.60797"
+                 id="text21702-5"
+                 xml:space="preserve"
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                   x="321.965"
+                   y="658.60797"
+                   id="tspan21704-1" /></text>
+            </g>
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="1173.8944"
+               y="303.50519"
+               id="rect5314-3-3"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               inkscape:label="Layer 1"
+               id="layer1-4"
+               transform="translate(212.407,560.774)">
+              <rect
+                 width="0"
+                 height="24.171429"
+                 rx="60.428574"
+                 ry="24.171429"
+                 x="-788.32996"
+                 y="3808.3428"
+                 id="rect5314-14"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="translate(511.139,-788.394)"
+                 id="g8484-7" />
+              <g
+                 transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+                 id="g6374-8"
+                 style="fill:#ffffff" />
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="420.08853"
+                 y="-763.33875"
+                 id="rect5314-1-6"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+                 style="opacity:0.30729232"
+                 mask="url(#mask4631-7)"
+                 id="g4596-06" />
+              <g
+                 transform="translate(235.628,616.018)"
+                 id="g3002-8" />
+              <g
+                 transform="translate(71.1162,-7.34373)"
+                 id="g4898-4">
+                <g
+                   id="g4900-3">
+                  <g
+                     id="g4902-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(979.728,-180.625)"
+                 id="g3002-4-4" />
+              <g
+                 transform="translate(815.216,-803.987)"
+                 id="g4898-9-3">
+                <g
+                   id="g4900-9-9">
+                  <g
+                     id="g4902-1-3" />
+                </g>
+              </g>
+              <text
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+                 xml:space="preserve"
+                 id="text19594-8"
+                 y="276.983"
+                 x="500.69299"
+                 sodipodi:linespacing="125%"><tspan
+                   id="tspan19596-2"
+                   y="276.983"
+                   x="500.69299" /></text>
+              <g
+                 transform="translate(916.728,50.3749)"
+                 id="g3002-3-5" />
+              <g
+                 transform="translate(752.216,-572.987)"
+                 id="g4898-2-0">
+                <g
+                   id="g4900-7-4">
+                  <g
+                     id="g4902-8-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(-218.272,-381.625)"
+                 id="g21694-4">
+                <text
+                   sodipodi:linespacing="125%"
+                   x="321.965"
+                   y="658.60797"
+                   id="text21702-3"
+                   xml:space="preserve"
+                   style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                     x="321.965"
+                     y="658.60797"
+                     id="tspan21704-3" /></text>
+              </g>
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="1173.8944"
+                 y="303.50519"
+                 id="rect5314-3-0"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <text
+                 sodipodi:linespacing="125%"
+                 transform="matrix(0,-1,1,0,0,0)"
+                 xml:space="preserve"
+                 style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;opacity:0.12604998;fill:#000000;fill-opacity:1;stroke:none;font-family:Interstate-Black"
+                 x="1740.2687"
+                 y="-5540.999"
+                 id="text28374"><tspan
+                   style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans Bold"
+                   sodipodi:role="line"
+                   id="tspan28376"
+                   x="1740.2687"
+                   y="-5540.999">#49658</tspan></text>
+            </g>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314"
+             y="5244.3931"
+             x="4432.2417"
+             ry="24.171429"
+             rx="60.428574"
+             height="24.171429"
+             width="0" />
+          <g
+             id="g8484-6"
+             transform="translate(5731.7105,647.6564)" />
+          <g
+             style="fill:#ffffff"
+             id="g6374-4"
+             transform="matrix(0.867051,0,0,0.867051,5533.8055,759.9764)" />
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-1"
+             y="672.71167"
+             x="5640.6602"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             id="g4596-3"
+             mask="url(#mask4631-8)"
+             style="opacity:0.30729232"
+             transform="matrix(1.73,0,0,0.659171,5511.8225,1611.9864)" />
+          <g
+             id="g3002-33"
+             transform="translate(5456.1995,2052.0684)" />
+          <g
+             id="g4898-8"
+             transform="translate(5291.6877,1428.7067)">
+            <g
+               id="g4900">
+              <g
+                 id="g4902" />
+            </g>
+          </g>
+          <g
+             id="g3002-4"
+             transform="translate(6200.2995,1255.4254)" />
+          <g
+             id="g4898-9"
+             transform="translate(6035.7875,632.0634)">
+            <g
+               id="g4900-9">
+              <g
+                 id="g4902-1" />
+            </g>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             x="5721.2646"
+             y="1713.0334"
+             id="text19594"
+             xml:space="preserve"
+             style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+               x="5721.2646"
+               y="1713.0334"
+               id="tspan19596" /></text>
+          <g
+             id="g3002-3"
+             transform="translate(6137.2995,1486.4253)" />
+          <g
+             id="g4898-2"
+             transform="translate(5972.7875,863.0634)">
+            <g
+               id="g4900-7">
+              <g
+                 id="g4902-8" />
+            </g>
+          </g>
+          <g
+             id="g21694"
+             transform="translate(5002.2995,1054.4254)">
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text21702"
+               y="658.60797"
+               x="321.965"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan21704"
+                 y="658.60797"
+                 x="321.965" /></text>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-3"
+             y="1739.5555"
+             x="6394.4658"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             transform="matrix(1.1935043,0,0,1.1935043,-56.738176,6.0556725)"
+             id="g9226">
+            <g
+               id="g17509"
+               transform="matrix(0.95549,0,0,0.95549,-131.63026,-97.114486)">
+              <g
+                 transform="matrix(-0.871732,0,0,0.875699,945.308,163.109)"
+                 mask="url(#mask7570-2)"
+                 id="g7663"
+                 style="opacity:0.53157899">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7667"
+                   style="fill:url(#linearGradient12740);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7669"
+                   style="fill:url(#linearGradient12742);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.24488,-5.533632 14.24488,-5.533632 L 579.37701,66.81781 z"
+                   id="path7671"
+                   style="fill:url(#linearGradient12744);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7673"
+                   style="fill:none;stroke:url(#linearGradient12746);stroke-width:1.57957995;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7675"
+                   style="fill:none;stroke:url(#linearGradient12748);stroke-width:2.10610008;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,41.25)"
+                   id="use7678">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5196"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12750);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5198"
+                     style="fill:url(#linearGradient12752);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,127.61454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7680"
+                   style="opacity:0.759843;fill:none;stroke:url(#linearGradient12754);stroke-width:1.05305004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="translate(0,31)"
+                   id="g7682">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7684"
+                     style="fill:url(#linearGradient12756);fill-opacity:1;stroke:url(#linearGradient12758);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7686"
+                     style="fill:url(#linearGradient12760);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,112.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7688"
+                   style="fill:url(#linearGradient12762);fill-opacity:1;stroke:url(#linearGradient12764);stroke-width:0.63183099;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,126.56345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7690"
+                   style="opacity:0.964567;fill:none;stroke:url(#linearGradient12766);stroke-width:0.95091498;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7692">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7694"
+                     style="opacity:0.680851;fill:url(#radialGradient12768);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7696"
+                     style="fill:url(#radialGradient12770);fill-opacity:1" />
+                </g>
+              </g>
+              <g
+                 transform="matrix(-0.875699,0,0,0.875699,947.549,115.264)"
+                 id="g7698">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7700"
+                   style="fill:url(#linearGradient12772);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7702"
+                   style="fill:url(#linearGradient12774);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.03777,-5.180079 14.03777,-5.180079 L 579.37701,66.81781 z"
+                   id="path7704"
+                   style="fill:url(#linearGradient12776);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7706"
+                   style="fill:none;stroke:url(#linearGradient12778);stroke-width:1.57599998;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7708"
+                   style="fill:none;stroke:url(#linearGradient12780);stroke-width:2.10133004;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,10.25)"
+                   id="use7710">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5186"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12782);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5188"
+                     style="fill:url(#linearGradient12784);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,153.11454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7712"
+                   style="opacity:0.62621304;fill:none;stroke:url(#linearGradient12786);stroke-width:1.05066001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   id="g7714">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7716"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12788);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7718"
+                     style="fill:url(#linearGradient12790);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,141.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7720"
+                   style="fill:url(#linearGradient12792);fill-opacity:1;stroke:url(#linearGradient12794);stroke-width:0.63039899;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,152.06345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7722"
+                   style="fill:none;stroke:url(#linearGradient12796);stroke-width:0.94875801;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10534-4)" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7724">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7726"
+                     style="opacity:0.680851;fill:url(#radialGradient12798);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7728"
+                     style="fill:url(#radialGradient12800);fill-opacity:1" />
+                </g>
+                <g
+                   transform="matrix(1.02462,0,0,1.02462,108.25,-131.553)"
+                   id="use7730">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path5236"
+                     style="opacity:0.680851;fill:url(#radialGradient12802);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path5238"
+                     style="fill:url(#radialGradient12804);fill-opacity:1" />
+                </g>
+              </g>
+            </g>
+          </g>
+          <g
+             transform="translate(271,-329)"
+             id="g5300">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,266.42705,-63.62544)"
+               id="g8866">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g8868"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8870"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8872"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8874"
+                   style="fill:url(#linearGradient4708);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8876"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path8878"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8880"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8882"
+                   style="fill:url(#linearGradient4710)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8884"
+                   style="fill:url(#linearGradient4712);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8886"
+                   style="fill:url(#linearGradient4714);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8888"
+                   style="opacity:0.62254902;fill:url(#radialGradient4716);fill-opacity:1;stroke:url(#radialGradient4718);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8890"
+                   style="fill:url(#linearGradient4720);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g8892">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8894"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8896"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8898"
+                   style="fill:url(#linearGradient4722);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8900"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path8902"
+                   style="fill:url(#linearGradient4724);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8904"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8906"
+                   style="fill:url(#linearGradient4726)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8908"
+                   style="fill:url(#linearGradient4728);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8910"
+                   style="fill:url(#linearGradient4730);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8912"
+                   style="opacity:0.96825406;fill:url(#radialGradient4732);fill-opacity:1;stroke:url(#radialGradient4734);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8914"
+                   style="fill:url(#linearGradient4736);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path8916"
+                   style="opacity:0.71957703;fill:url(#radialGradient4738);fill-opacity:1;stroke:url(#radialGradient4740);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g8918">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path8920"
+                   style="opacity:0.680851;fill:url(#radialGradient4742);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path8922"
+                   style="fill:url(#radialGradient4744);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="283.6499"
+               y="335.79758"
+               id="text3608"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan3610"
+                 x="285.31396"
+                 y="335.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4746"
+                 sodipodi:role="line"
+                 x="283.6499"
+                 y="348.63757"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5410">using </tspan>SSSD with an LDAP backend</tspan></text>
+          </g>
+          <g
+             transform="translate(169,-217.33331)"
+             id="g5335">
+            <g
+               id="g4892"
+               transform="matrix(-0.6631863,0,0,0.67913371,367.88733,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g4894"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4896"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4898"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5370);fill-opacity:1"
+                   id="path4900"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4902"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path4904"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4906"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5372)"
+                   id="path4908"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5374);fill-opacity:1"
+                   id="polygon4910"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5376);fill-opacity:1"
+                   id="path4912"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5378);fill-opacity:1;stroke:url(#radialGradient5380);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4914"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5382);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4916"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g4918"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4920"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4922"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5384);fill-opacity:1"
+                   id="path4924"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4926"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5386);fill-opacity:1"
+                   id="path4928"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4930"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5388)"
+                   id="path4932"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5390);fill-opacity:1"
+                   id="polygon4934"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5392);fill-opacity:1"
+                   id="path4936"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5394);fill-opacity:1;stroke:url(#radialGradient5396);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4938"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5398);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4940"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5400);fill-opacity:1;stroke:url(#radialGradient5402);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path4942"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g4944"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5404);fill-opacity:1"
+                   id="path4946"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5406);fill-opacity:1"
+                   id="path4948"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4427"
+               y="333.29758"
+               x="386.11017"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="387.77423"
+                 id="tspan4429"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4748"
+                 y="346.13757"
+                 x="386.11017"
+                 sodipodi:role="line"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5408">using </tspan>SSSD with an IPA backend</tspan></text>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             id="text4497"
+             y="199.29758"
+             x="284.07538"
+             style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:125%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+             xml:space="preserve"><tspan
+               style="font-size:13px"
+               id="tspan4501"
+               y="199.29758"
+               x="284.07538"
+               sodipodi:role="line">IPA</tspan></text>
+          <g
+             transform="translate(36,-105.66666)"
+             id="g5416">
+            <g
+               id="g5046"
+               transform="matrix(-0.6631863,0,0,0.67913371,501.21208,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g5048"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5050"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5052"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5451);fill-opacity:1"
+                   id="path5054"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5056"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path5058"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5060"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5453)"
+                   id="path5062"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5455);fill-opacity:1"
+                   id="polygon5064"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5457);fill-opacity:1"
+                   id="path5066"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5459);fill-opacity:1;stroke:url(#radialGradient5461);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5068"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5463);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5070"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g5072"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5074"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5076"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5465);fill-opacity:1"
+                   id="path5078"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5080"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5467);fill-opacity:1"
+                   id="path5082"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5084"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5469)"
+                   id="path5086"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5471);fill-opacity:1"
+                   id="polygon5088"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5473);fill-opacity:1"
+                   id="path5090"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5475);fill-opacity:1;stroke:url(#radialGradient5477);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5092"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5479);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5094"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5481);fill-opacity:1;stroke:url(#radialGradient5483);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path5096"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g5098"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5485);fill-opacity:1"
+                   id="path5100"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5487);fill-opacity:1"
+                   id="path5102"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="519.57751"
+               y="332.79758"
+               id="text4433"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan4435"
+                 x="521.13611"
+                 y="332.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4750"
+                 sodipodi:role="line"
+                 x="519.57751"
+                 y="345.63757"><tspan
+   id="tspan5412"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_LDAP/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(-112,6)"
+             id="g5489">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,650.68426,-63.62544)"
+               id="g4988">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g4990"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4992"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path4994"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path4996"
+                   style="fill:url(#linearGradient5142);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4998"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path5000"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5002"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5004"
+                   style="fill:url(#linearGradient5144)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5006"
+                   style="fill:url(#linearGradient5146);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5008"
+                   style="fill:url(#linearGradient5148);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5010"
+                   style="opacity:0.62254902;fill:url(#radialGradient5150);fill-opacity:1;stroke:url(#radialGradient5152);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5012"
+                   style="fill:url(#linearGradient5154);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g5014">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5016"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path5018"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path5020"
+                   style="fill:url(#linearGradient5156);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5022"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path5024"
+                   style="fill:url(#linearGradient5158);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5026"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5028"
+                   style="fill:url(#linearGradient5160)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5030"
+                   style="fill:url(#linearGradient5162);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5032"
+                   style="fill:url(#linearGradient5164);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5034"
+                   style="opacity:0.96825406;fill:url(#radialGradient5166);fill-opacity:1;stroke:url(#radialGradient5168);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5036"
+                   style="fill:url(#linearGradient5170);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path5038"
+                   style="opacity:0.71957703;fill:url(#radialGradient5172);fill-opacity:1;stroke:url(#radialGradient5174);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g5040">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path5042"
+                   style="opacity:0.680851;fill:url(#radialGradient5176);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path5044"
+                   style="fill:url(#radialGradient5178);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4439"
+               y="333.29758"
+               x="669.04968"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="670.60828"
+                 id="tspan4441"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4752"
+                 y="346.13757"
+                 x="669.04968"
+                 sodipodi:role="line"><tspan
+   id="tspan5414"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_KRB5/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(539.98213,665.63497)"
+             id="g3002-35" />
+          <g
+             transform="translate(375.47031,42.27285)"
+             id="g4898-37">
+            <g
+               id="g4900-5">
+              <g
+                 id="g4902-5" />
+            </g>
+          </g>
+          <g
+             transform="translate(321.48515,123.56711)"
+             id="g3002-4-44" />
+          <g
+             transform="translate(156.97333,-499.79501)"
+             id="g4898-3">
+            <g
+               id="g4900-3-7">
+              <g
+                 id="g4902-3-9" />
+            </g>
+          </g>
+          <g
+             transform="translate(4.49242,441.24827)"
+             id="g9694" />
+          <g
+             transform="translate(-160.01938,-182.11385)"
+             id="g9696">
+            <g
+               id="g9698">
+              <g
+                 id="g9700" />
+            </g>
+          </g>
+          <g
+             transform="translate(531.70846,712.31515)"
+             id="g11586" />
+          <g
+             transform="translate(367.19664,88.95298)"
+             id="g11591">
+            <g
+               id="g11593">
+              <g
+                 id="g11595" />
+            </g>
+          </g>
+          <g
+             transform="translate(945.16259,126.17676)"
+             id="g13960" />
+          <g
+             transform="translate(780.65077,-497.18536)"
+             id="g13962">
+            <g
+               id="g13964">
+              <g
+                 id="g13966" />
+            </g>
+          </g>
+          <g
+             id="g6425"
+             transform="matrix(-0.58230043,0,0,1.2021785,341.20931,-1013.0128)"
+             style="fill:#5c3566" />
+          <text
+             xml:space="preserve"
+             style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+             x="902.75421"
+             y="196.70628"
+             id="text13535"><tspan
+               sodipodi:role="line"
+               id="tspan13537"
+               x="902.75421"
+               y="196.70628" /></text>
+          <path
+             id="path18414"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSQ);marker-end:url(#TriangleOutS7);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,-44.15908 -100.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,130.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -72.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,289.61762 -100.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-113.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -72.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSE);marker-end:url(#TriangleOutSf);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6366" />
+          <path
+             id="path6368"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSg);marker-end:url(#TriangleOutSG);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,175.61762 -78.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-15.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -94.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,65.84092 -78.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,36.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -94.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSJ);marker-end:url(#TriangleOutS2);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6370" />
+        </g>
+      </g>
+      <g
+         id="layer2"
+         inkscape:label="sdfsdf"
+         style="display:none"
+         transform="translate(-204.5471,-8.3623809)">
+        <rect
+           style="opacity:0.22325583;fill:#180e00;fill-opacity:1;fill-rule:nonzero;stroke:#211601;stroke-width:2.10500002;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:0.09661835;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+           id="rect26435"
+           width="1620"
+           height="951.42859"
+           x="-308.57144"
+           y="92.362144"
+           ry="26.574863"
+           rx="26.574863" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/icon.svg b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/icon.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/icon.svg
copy to public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/icon.svg
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/kinit_admin.png b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/kinit_admin.png
new file mode 100644
index 0000000..a0b81e1
Binary files /dev/null and b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/images/kinit_admin.png differ
diff --git a/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html
new file mode 100644
index 0000000..2606758
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html
@@ -0,0 +1,5002 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Enterprise Identity Management Guide</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><meta name="description" content="Identity and policy management &#x2014; for both users and machines &#x2014; is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domai
 ns, including both servers and clients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="id4570230" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Red Hat Enterprise Linux</span> <span class="productnumber">6.2</span></div><div><h1 id="id4570230" class="title">Enterprise Identity Management Guide</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 0.1</p><div><h3 class="corpauthor">
+		<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
+
+	</h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3098028" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+		Copyright <span class="trademark"></span>© 2011 Red Hat.
+	</div><div class="para">
+		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+	</div><div class="para">
+		Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+	</div><div class="para">
+		Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+	</div><div class="para">
+		<span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+	</div><div class="para">
+		<span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+	</div><div class="para">
+		<span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+	</div><div class="para">
+		<span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+	</div><div class="para">
+		All other trademarks are the property of their respective owners.
+	</div><div class="para">
+		<div class="address"><p><br />
+			<span class="street">1801 Varsity Drive</span><br />
+			 <span class="city">Raleigh</span>, <span class="state">NC</span> <span class="postcode">27606-2072</span> <span class="country">USA</span><br />
+			 <span class="phone">Phone: +1 919 754 3700</span><br />
+			 <span class="phone">Phone: 888 733 4281</span><br />
+			 <span class="fax">Fax: +1 919 754 3701</span><br />
+<br />
+		</p></div>
+
+	</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
+			Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.
+		</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="#Document_Conventions">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="#feedback">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="#doc-history">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="#introduction">1. Introduction to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#what-is-ipa">1.1. IPA Defined</a></span></dt><dd><dl><dt><
 span class="section"><a href="#ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-domains">1.1.2. About IPA Domains</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-components">1.2. Identity Management: Authentication</a></span></dt><dt><span class="section"><a href="#policy">1.3. Defining Policies: Authorization</a></span></dt><dt><span class="section"><a href="#deployment-scenario
 s">1.4. Planning IPA</a></span></dt></dl></dd><dt><span class="chapter"><a href="#installing-ipa">2. Installing an IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#Operating_System_Requirements">2.1. Supported Server Platforms</a></span></dt><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation">2.2. Preparing to Install the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requirements</a></span></dt><dt><span class="section"><a href="#prerequisites">2.2.3. System Prerequisites</a></span></dt><dd><dl><dt><span class="section"><a href="#prereq-ds">2.2.3.1. Directory Server</a></span></dt><dt><span class="section"><a href="#prereq-
 system">2.2.3.2. System Files </a></span></dt><dt><span class="section"><a href="#prereq-ports">2.2.3.3. System Ports</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Networking</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#Installing_the_IPA_Server_Packages">2.3. Installing the IPA Server Packages</a></span></dt><dt><span class="section"><a href="#creating-server">2.4. Creating an IPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="#install-command">2.4.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="#install-interactive">2.4.2. Setting up an IPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a hre
 f="#install-examples">2.4.3. Examples of Creating the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#install-normal">2.4.3.1. Non-Interactive Basic Installation</a></span></dt><dt><span class="section"><a href="#install-ca-options">2.4.3.2. Using Different CAs</a></span></dt><dt><span class="section"><a href="#install-dns">2.4.3.3. Using DNS</a></span></dt></dl></dd><dt><span class="section"><a href="#troubleshooting-install">2.4.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="#chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">2.5. Setting up IPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="#installing-replica">2.5.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="#creating-the-replica">2.5.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="#troubleshooting-replica-install">2.5.3. Troubleshooti
 ng Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="#Uninstalling_IPA_Servers">2.6. Uninstalling IPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="#setting-up-clients">3. Setting up Systems as IPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux">3.1. Configuring a Red Hat Enterprise Linux System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#rhel-pkgs">3.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">3.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos">3.1.3. Configuring NFS v4 with Kerberos</a></spa
 n></dt></dl></dd><dt><span class="section"><a href="#Using_Microsoft_Windows">3.2. Configuring a Microsoft Windows System as an IPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">3.3. Configuring a Solaris System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">3.3.1. Configuring Solaris 10</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">3.3.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">3.3.1.2. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">3.3.1.3. Configuring NFS v4</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_So
 laris-Configuring_an_IPA_Client_on_Solaris_9">3.3.2. Configuring Solaris 9</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">3.3.2.1. Configuring PAM on Solaris 9</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">3.4. Configuring an HP-UX System as an IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">3.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">3.4.2. Configuring Kerberos and PAM</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Kerberos">3.4.2.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_PAM">3.4.2.2. Configuring PAM</a></span></dt><dt
 ><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Access_Control">3.4.2.3. Configuring Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">3.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">3.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">3.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">3.5. Configuring an AIX System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Prerequisites">3.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">3.5.2. Configuring Client Authentication</a
 ></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">3.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">3.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">3.6. Configuring a Macintosh OS X System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">3.6.1. Configuring Kerberos Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Kerberos_Authentication-Configuring_Kerberos">3.6.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">3.6.1.2. Enabling Kerberos Authentication</a></span></dt></dl></dd><dt><span class="sectio
 n"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">3.6.2. Configuring LDAP Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">3.6.2.1. Creating the LDAP Configuration</a></span></dt><dt><span class="section"><a href="#Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">3.6.2.2. Setting up the LDAP Service Configuration Options</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">3.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">3.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">3.6.5. Accessing the IPA Server Using SSH
 </a></span></dt><dt><span class="section"><a href="#Macintosh_OS_X-Configuring_System_Login">3.6.6. Configuring System Login</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#basic-usage">4. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="#using-the-ui">4.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">4.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">4.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="#logging-in">4.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="#switching-users">4.3. Switching Users</a></spa
 n></dt><dt><span class="section"><a href="#ipa-files">4.4. A Summary of IPA Server Configuration Files and Directories</a></span></dt></dl></dd><dt><span class="chapter"><a href="#managing-clients">5. Managing Clients in the IPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">5.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">5.1.1. Adding Hosts to an IPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">5.1.2. Removing Hosts from an IPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">5.1.3. Managing DNS Zones</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterpris
 e_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">5.1.3.1. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">5.1.3.2. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">5.1.3.3. Deleting Records from DNS Zones</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#enrolling-machines">5.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">5.2.1. Manual Host Enrollment with Privileged Administrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">5.2.2. Manual Host 
 Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">5.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="#renaming-machines">5.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="#config-virt-machines">5.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="#certs">5.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">5.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">5.6. Client Problems</a></span></dt><dt><span class="section"><a href="#uninstalling-clients">5.7. Uninst
 alling an IPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="#users">6. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#home-directories">6.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="#adding-users">6.2. Adding Users</a></span></dt><dt><span class="section"><a href="#editing-users">6.3. Editing Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">6.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">6.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">6.5. Deleting IPA Users</a><
 /span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">6.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#user-groups">6.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">6.6.1. Creating IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">6.6.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">6.6.2. Editing IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">6.6.2.1. Using the Command Line</a></span></dt></dl></
 dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">6.6.3. Deleting IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">6.6.3.1. Using the Command Line</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#user-pwdpolicy">6.7. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">6.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">6.7.2. Changing Passwords as the IPA Administrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The
 _IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">6.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">6.7.4. Editing the Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">6.7.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">6.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">6.7.5.1. Setting the Priority of Password Policies</a><
 /span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">6.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">6.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">6.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">6.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="#searching">6.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Grou
 ps-Searching_for_Users">6.8.1. Searching for Users</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">6.8.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">6.8.2. Searching for Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">6.8.2.1. Using the Command Line</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="chapter"><a href="#hosts">7. Identity: Managing Hosts and Host Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#adding-hosts">7.1. Adding and Editing Hosts</a></span></dt><dt><span class="section"><a href="#host-groups">7.2. Creating Host Groups</a></span></dt></dl></dd><dt><span class="chapter"><a href="#kerberos">8. 
 Identity: Using IPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#about-kerberos">8.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">8.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">8.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">8.3.1. Creating an IPA Service</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">8.3.1.1. Requesting a Certificate for a Service</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_S
 ervice-Using_certmonger_to_Manage_Certificate_Requests">8.3.1.2. Using certmonger to Manage Certificate Requests</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">8.3.1.3. Using NSS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">8.3.2. Configuring an NFS Service Principal on the IPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">8.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">8.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">8.6. Kerberos Errors</a></span></dt></dl></dd><dt><span class
 ="chapter"><a href="#automount">9. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#about-automount">9.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">9.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">9.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-automount">9.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">9.2.1. Configuring autofs on Linux</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">9.2.1.1. Testing the Configuration<
 /a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">9.2.2. Solaris automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">9.2.2.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">9.2.3. Configuring Indirect Maps</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">9.2.3.1. Configuring Direct Maps</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">9.2.4. Links</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#active-directory">10. Identity: Integrating with Micr
 osoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="#about-active-directory">10.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">10.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">10.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">10.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">10.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_u
 p_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">10.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">10.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">10.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">10.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="#nis">11. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="#about-nis">11.
 1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">11.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">11.1.2. The IPA Approach to Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">11.1.2.1. How IPA Stores Netgroups</a></span></dt></dl></dd><dt><span class="section"><a href="#adding-netgroups">11.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">11.1.4. IPA Netgroup Commands</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">11.1.4.1. Exam
 ples</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">11.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">11.2.1. Exposing Automount Maps to NIS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">11.2.1.1. Example Automount Map Configuration</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#migrintg-from-nis">11.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">11.3.1. Preparing Your Enviro
 nment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">11.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#authz">12. Policy: Configuring Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#configuring-host-access">12.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">12.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">12.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sudo">13. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#about-sudo">13.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="sectio
 n"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">13.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">13.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">13.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">13.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-sudo">13.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules"
 >13.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">13.2.2. Client Configuration for Sudo Rules</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">13.2.2.1. NIS Configuration Notes</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="chapter"><a href="#server-config">14. Configuring the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#managing-access-to-ipa">14.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">14.1.1. Server-side Access Control</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of
 _Access_Control">14.1.1.1. Types of Access Control</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#creating-roles">14.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">14.3. Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">14.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="#search-limits">14.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="#disabling-anon-binds">14.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">14.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_A
 ttributes-Assigning_UIDs_and_GIDs">14.7.1. Assigning UIDs and GIDs</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">14.7.1.1. Selecting ID Ranges</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">14.7.1.2. Adding New Ranges</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">14.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">14.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certifi
 cate_Authorities-Using_Your_Own_Certificate_with_Firefox">14.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="#Using_OCSP">14.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">14.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="#ipa-cluster">14.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">14.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">14.10.1.1. Service-specific Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_
 Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">14.10.1.2. SSL Server Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">14.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">14.11. Creating DNS Entries for IPA Replicas</a></span></dt><dt><span class="section"><a href="#promoting-replica">14.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="#logging">14.13. IPA Server Logging</a></span></dt></dl></dd><dt><span class="appendix"><a href="#chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions">A. Frequently Asked Questio
 ns</a></span></dt><dt><span class="appendix"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger">B. Services: Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger">B.2. Using certmonger</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS">B.3. Using certmonger with NSS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA">B.4. Using certmonger with IPA</a></span></dt></dl></dd><dt><span class="appendix"><a href="#Migrating_from_a_Directory_Server_to_IPA">C. Migrating from a Directory Server to IPA</a></
 span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Ma
 nagement_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration
 -Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Iden
 tity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Ph
 ase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="#Glossary">Glossary</a></span></dt><dt><span class="index"><a href="#id2848820">Index</a></span></dt></dl></div><div xml:lang="en-US" class="preface" id="Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div class="para">
+		Enterprise IPA is a Red Hat Enterprise Linux-based way to create a security, identity, and authentication domain. The different security and authentication protocols available to Linux and Unix systems (like Kerberos, NIS, DNS, PAM, and sudo) are complex, unrelated, and difficult to manage coherently, especially when combined with different identity stores.
+	</div><div class="para">
+		Enterprise IPA provides a layer that unifies all of these disparate services and simplifies the administrative tasks for managing users, systems, and security. IPA breaks management down into two categories: <span class="emphasis"><em>identity</em></span> and <span class="emphasis"><em>policy</em></span>. It centralizes the functions of managing the users and entities within your IT environment (identity) and then provides a framework to define authentication and authorization for a global security framework and user-friendly tools like single sign-on (policy).
+	</div><div class="section" id="audience"><div class="titlepage"><div><div><h2 class="title" id="audience">1. Audience and Purpose</h2></div></div></div><div class="para">
+			With Enterprise IPA, a Red Hat Enterprise Linux system can easily become the center of an identity/authentication domain and even provide access to the domain for clients of other operating systems. IPA is an integrated system, that builds on existing and reliable technologies like LDAP and certificate protocols, with a robust yet straightforward set of tools (including a web-based UI). The key to identity/policy management with IPA is simplicity and flexibility:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Centralized identity stores for authentication and single sign-on using both integrated LDAP services (with 389 Directory Server) and, optionally, NIS services
+				</div></li><li class="listitem"><div class="para">
+					Clear and manageable administrative control over system services like PAM, NTP, and sudo
+				</div></li><li class="listitem"><div class="para">
+					Simplified DNS domains and maintenance
+				</div></li><li class="listitem"><div class="para">
+					Scalable Kerberos realms and cross-realms which clients can easily join
+				</div></li></ul></div><div class="para">
+			This guide is written for systems administrators and IT staff who will manage IPA domains, user systems, and servers. This assumes a moderate knowledge of Linux-based systems administration and familiarity with important concepts like access control, LDAP, and Kerberos.
+		</div><div class="para">
+			This guide covers every aspect of using IPA, including preparation and installation processes, administrative tasks, and the IPA tools. This guide also explains the major concepts behind both identity and policy management, generally, and IPA features specifically. Administrative tasks in this guide are categorized as either <span class="emphasis"><em>Identity</em></span> or <span class="emphasis"><em>Policy</em></span> in the chapter title to help characterize the administrative functions.
+		</div></div><div xml:lang="en-US" class="section" id="Document_Conventions" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Document_Conventions">2. Examples and Formatting</h2></div></div></div><div class="para">
+		Each of the examples used in this guide, such as file locations and commands, have certain defined conventions.
+	</div><div class="section" id="bracketsexamples"><div class="titlepage"><div><div><h3 class="title" id="bracketsexamples">2.1. Brackets</h3></div></div></div><div class="para">
+			Square brackets (<code class="command">[]</code>) are used to indicate an alternative element in a name. For example, if a tool is available in <code class="filename">/usr/lib</code> on 32-bit systems and in <code class="filename">/usr/lib64</code> on 64-bit systems, then the tool location may be represented as <code class="filename">/usr/lib[64]</code>.
+		</div></div><div class="section" id="tool-locations"><div class="titlepage"><div><div><h3 class="title" id="tool-locations">2.2. Client Tool Information</h3></div></div></div><div class="para">
+			The tools for IPA are located in the <code class="filename">/usr/bin</code> and the <code class="filename">/usr/sbin</code> directories.
+		</div><div class="para">
+			The LDAP tools used to edit the IPA directory services, such as <code class="command">ldapmodify</code> and <code class="command">ldapsearch</code>, are from OpenLDAP. OpenLDAP tools use SASL connections by default. To perform a simple bind using a username and password, use the <code class="option">-x</code> argument to disable SASL.
+		</div></div><div class="section" id="guide-formatting"><div class="titlepage"><div><div><h3 class="title" id="guide-formatting">2.3. Text Formatting and Styles</h3></div></div></div><div class="para">
+			Certain words are represented in different fonts, styles, and weights. Different character formatting is used to indicate the function or purpose of the phrase being highlighted.
+		</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr valign="top"><th valign="top">
+							Formatting Style
+						</th><th valign="top">
+							Purpose
+						</th></tr></thead><tbody><tr valign="top"><td valign="top">
+							
+<pre class="screen">Monospace with a background</pre>
+
+						</td><td valign="top">
+							This type of formatting is used for anything entered or returned in a command prompt.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="emphasis"><em>Italicized text</em></span>
+						</td><td valign="top">
+							Any text which is italicized is a variable, such as <span class="emphasis"><em>instance_name</em></span> or <span class="emphasis"><em>hostname</em></span>. Occasionally, this is also used to emphasize a new term or other phrase.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="bold bold"><strong>Bolded text</strong></span>
+						</td><td valign="top">
+							Most phrases which are in bold are application names, such as <span class="application"><strong>Cygwin</strong></span>, or are fields or options in a user interface, such as a <span class="guilabel"><strong>User Name Here:</strong></span> field or <span class="guibutton"><strong>Save</strong></span> button. This can also indicate a file, package, or directory name, such as <code class="filename">/usr/sbin</code>.
+						</td></tr></tbody></table></div><div class="para">
+			Other formatting styles draw attention to important text.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.
+			</div></div></div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+				Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot.
+			</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+				A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.
+			</div></div></div></div></div><div xml:lang="en-US" class="section" id="feedback" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="feedback">3. Giving Feedback</h2></div></div></div><div class="para">
+		If there is any error in this book or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for IPA through Bugzilla, <a href="http://bugzilla.redhat.com/bugzilla">http://bugzilla.redhat.com/bugzilla</a>. Make the bug report as specific as possible, so we can be more effective in correcting any issues:
+	</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+				Select the Red Hat group and the Red Hat Enterprise Linux 6 product.
+			</div></li><li class="listitem"><div class="para">
+				Set the component to <code class="command">doc-Enterprise_Identity_Management_Guide</code>.
+			</div></li><li class="listitem"><div class="para">
+				For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.
+			</div><div class="para">
+				For enhancements, put in what information needs to be added and why.
+			</div></li><li class="listitem"><div class="para">
+				Give a clear title for the bug. For example, <code class="command">"Incorrect command example for setup script options"</code> is better than <code class="command">"Bad example"</code>.
+			</div></li></ol></div><div class="para">
+		We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact Red Hat Content Services directly at <a href="mailto:docs at redhat.com">docs at redhat.com</a>.
+	</div></div><div xml:lang="en-US" class="section" id="doc-history" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="doc-history">4. Document Change History</h2></div></div></div><div class="para">
+		<div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+					<table border="0" summary="Simple list" class="simplelist"><tr><td>Beginning draft.</td></tr></table>
+
+				</td></tr></table></div>
+
+	</div></div></div><div xml:lang="en-US" class="chapter" id="introduction" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Introduction to IPA</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#what-is-ipa">1.1. IPA Defined</a></span></dt><dd><dl><dt><span class="section"><a href="#ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-domains">1
 .1.2. About IPA Domains</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-components">1.2. Identity Management: Authentication</a></span></dt><dt><span class="section"><a href="#policy">1.3. Defining Policies: Authorization</a></span></dt><dt><span class="section"><a href="#deployment-scenarios">1.4. Planning IPA</a></span></dt></dl></div><div class="para">
+		XXXXX introXXXXXXXX
+	</div><div class="section" id="what-is-ipa"><div class="titlepage"><div><div><h2 class="title" id="what-is-ipa">1.1. IPA Defined</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div><div class="para">
+			IPA is an integrated security information management solution which combines Red Hat Enterprise Linux, Red Hat Directory Server, MIT Kerberos, and NTP. It provides web browser and command-line interfaces, and its numerous administration tools allow an administrator to quickly install, set up, and administer one or more servers for centralized authentication and identity management.
+		</div><div class="para">
+			The latest version of IPA extends the integration of DNS, includes a Certificate System Server, an enhanced administrative framework, support for host identities, netgroups, automount by location and other features.
+		</div><div class="para">
+			IPA focuses on making centralized identity and policy easy to manage in Linux and Unix environments, and includes interoperability with the Windows environment.
+		</div><div class="section" id="ipa-v-ldap"><div class="titlepage"><div><div><h3 class="title" id="ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</h3></div></div></div><div class="para">
+				XXXXXXXXXX fix me XXXXXXXX
+			</div><div class="para">
+				The following diagram provides a high-level view of the current IPA architecture. It is broken down into three main components: the IPA core; the management station; and the managed host. Each of these components is described in more detail below.
+			</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-High_level_IPA_Architecture"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_arch.png" alt="High-level IPA Architecture" /></div></div><h6>Figure 1.1. High-level IPA Architecture</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</h4></div></div></div><div class="para">
+					The IPA core consists of the servers, services, and other utilities necessary to provide the fundamental IPA functionality. This includes the management framework, the directory server, the KDC, the web server, and the DNS.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Kerberos_KDC"><h5 class="formalpara">Kerberos KDC</h5>
+						The Kerberos KDC is the Kerberos authentication server, and provides authentication services for users, hosts, and services. It stores its data in the directory server.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Directory_Server"><h5 class="formalpara">Directory Server</h5>
+						The directory server is the core storage system of the IPA server. The directory server stores all of the information about user accounts used by the KDC for authentication, groups, hosts, services, netgroups and policy information. If configured and used, DNS uses the same instance of the directory server to store DNS information. The directory server provides a multi-master replication capability so that multiple IPA replicas can be deployed.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Management_Framework"><h5 class="formalpara">Management Framework</h5>
+						The management framework is an abstraction layer which provides some business logic on top of the directory server. The management of data in the DS is performed over the XML-RPC interface through the management framework.
+					</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+						Direct modifications to the DS data is strongly discouraged unless explicitly mentioned in the documentation.
+					</div></div></div><div class="para">
+					The management framework uses a pluggable architecture that allows adding or extending existing objects in IPA by third parties.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-DNS"><h5 class="formalpara">DNS</h5>
+						The DNS is the Domain Name Service. This is an optional component that can be installed and configured at any time. Alternatively, an existing DNS server can be used. In this case, however, there will be no tight integration between DNS management and the management of hosts that IPA provides.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Web_UI"><h5 class="formalpara">Web UI</h5>
+						The web UI provides web-based management services for the IPA server.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-NTP"><h5 class="formalpara">NTP</h5>
+						NTP is an optional service, but can be enabled on the IPA server, in which case the IPA server becomes the NTP server for the deployment. You can use other NTP servers as desired.
+					</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</h4></div></div></div><div class="para">
+					The management station is used to perform administrative tasks on the IPA server. IPA provides two interfaces for these tasks.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Management_Stations-Command_Line_Interface_CLI"><h5 class="formalpara">Command Line Interface (CLI)</h5>
+						The CLI performs management tasks using the management framework over the XML-RPC interface. Every management operation that can be performed against the IPA server can be done using this interface. The client side of the administrative interface is a package that needs to be installed on the Management Station.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Management_Stations-Browser_Interface"><h5 class="formalpara">Browser Interface</h5>
+						The browser interface is used for web-based management. It connects to the management framework using the JSON RPC.
+					</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</h4></div></div></div><div class="para">
+					An IPA <em class="firstterm">managed host</em> is a host that is managed by IPA. The definition of "manage" in this context can be stated as "being able to retrieve a keytab and certificates on behalf of another host or service". This management is established by enrolling the host with IPA, a task performed by the <code class="command">ipa-client-install</code> command. As a result of this enrollment, <code class="systemitem">SSSD</code> and <code class="systemitem">certmonger</code> are configured (they are aware of the location of the IPA server), the keytab is provisioned and the host certificate is created. The host certificate is not used by IPA but is created nonetheless, for possible use by services that might be running on the host. The web server is one example of this.
+				</div><div class="para">
+					As a result of user authentication against the KDC, the TGT (ticket-granting ticket) is stored on the client machine. That ticket is used to access different services that are members of the same Kerberos domain. All services need to be registered in IPA and have a keytab provisioned for them. To do this, you need to create a service record in IPA and then execute the <code class="command">ipa-getkeytab</code> on the host where the service will be running. Note that this operation is independent of making the host a managed host. The service can run on either a managed host or an unmanaged host.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-SSSD"><h5 class="formalpara">SSSD</h5>
+						When configured to use IPA via its IPA back end, SSSD provides user authentication, identity look ups and HBAC (Host-based Access Control) enforcement. The host enrollment and configuration of SSSD are performed automatically by the <code class="command">ipa-client-install</code> command.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-certmonger"><h5 class="formalpara">certmonger</h5>
+						<code class="systemitem">certmonger</code> is an unattended service that can monitor the certificates on the client system and renew them on a scheduled basis when they are about to expire. It can also be used to request new certificates for the services running on the system or for a different system, for example when a management server or hypervisor requests certificates for a set of virtual machines.
+					</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-Extending_the_Permissions_of_IPA_Managed_Hosts"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-Extending_the_Permissions_of_IPA_Managed_Hosts">1.1.1.3.1. Extending the Permissions of IPA Managed Hosts</h5></div></div></div><div class="para">
+						As discussed in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">Section 1.1.1.3, “IPA Managed Hosts”</a>, the definition of "manage" is "being able to retrieve a keytab and certificates on behalf of another host or service". Every host and service has a <em class="parameter"><code>managedby</code></em> entry. By default, a host can manage itself and all of its services. It is also possible to allow a host to manage other hosts, or services on other hosts, by updating the appropriate delegations or providing a suitable <em class="parameter"><code>managedby</code></em> entry. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								If a host is provided with a <em class="parameter"><code>managedby</code></em> entry to another host, it does not mean management of all services on that host. Each delegation has to be performed independently.
+							</div></div></div>
+
+					</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Service_Management"><div class="titlepage"><div><div><h6 class="title" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Service_Management">1.1.1.3.1.1. Delegating Service Management</h6></div></div></div><div class="para">
+							This section describes how to create a new host and a service on that host, and then delegate management of that service to another host. In this example, the IPA server is installed on <code class="systemitem">slinky.example.com</code>
+						</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Delegating_Service_Management-To_delegate_service_management_to_another_host"><h6>Procedure 1.1. To delegate service management to another host</h6><ol class="1"><li class="step"><div class="para">
+									Create a new host: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add panther.example.com</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Create a service on this host: 
+<pre class="screen"><code class="command"># ipa service-add test/panther.example.com</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Delegate managing the service: 
+<pre class="screen"><code class="command"># ipa service-add-host --hosts=slinky panther</code></pre>
+
+								</div><div class="para">
+									You can now use the host service principal on <code class="systemitem">slinky</code> to manage <code class="systemitem">panther</code>: 
+<pre class="screen"><code class="command"># kinit -kt /etc/krb5.keytab host/`hostname`</code>
+<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/test.keytab -p test/panther.example.com</code>
+Keytab successfully retrieved and stored in: /tmp/test.keytab</pre>
+
+								</div></li><li class="step"><div class="para">
+									To create a ticket for this service, create a CSR and then run the following command: 
+<pre class="screen"><code class="command"># ipa cert-request --add --principal=test/panther.example.com panther.csr</code>
+  Certificate: MIICETCCAXqgA...[snip]
+  Subject: CN=panther.example.com,O=EXAMPLE.COM
+  Issuer: CN=EXAMPLE.COM Certificate Authority
+  Not Before: Tue Feb 08 18:51:51 2011 UTC
+  Not After: Mon Feb 08 18:51:51 2016 UTC
+  Fingerprint (MD5): c1:46:8b:29:51:a6:4c:11:cd:81:cb:9d:7c:5e:84:d5
+  Fingerprint (SHA1):
+  01:43:bc:fa:b9:d8:30:35:ee:b6:54:dd:a4:e7:d2:11:b1:9d:bc:38
+  Serial number: 1005
+</pre>
+
+								</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Host_Management"><div class="titlepage"><div><div><h6 class="title" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Host_Management">1.1.1.3.1.2. Delegating Host Management</h6></div></div></div><div class="para">
+							This section describes how to delegate management of one host to another host. This example uses the same hosts as those used in the previous example.
+						</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Delegating_Host_Management-To_delegate_host_management_to_another_host"><h6>Procedure 1.2. To delegate host management to another host</h6><ol class="1"><li class="step"><div class="para">
+									Ensure you have <code class="systemitem">admin</code> credentials and then add the appropriate <em class="parameter"><code>managedby</code></em> entry: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add-managedby --hosts=slinky panther</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Obtain a TGT as the host <code class="systemitem">slinky</code> and then retrieve a keytab for <code class="systemitem">panther</code>: 
+<pre class="screen"><code class="command"># kinit -kt /etc/krb5.keytab host/`hostname`</code>
+<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/panther.keytab -p host/panther.example.com</code>
+Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
+
+								</div></li></ol></div></div></div></div></div><div class="section" id="ipa-domains"><div class="titlepage"><div><div><h3 class="title" id="ipa-domains">1.1.2. About IPA Domains</h3></div></div></div><div class="para">
+				XXXXXXXXXX fix me XXXXXXXX
+			</div></div></div><div class="section" id="ipa-components"><div class="titlepage"><div><div><h2 class="title" id="ipa-components">1.2. Identity Management: Authentication</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><div class="section" id="policy"><div class="titlepage"><div><div><h2 class="title" id="policy">1.3. Defining Policies: Authorization</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><div class="section" id="deployment-scenarios"><div class="titlepage"><div><div><h2 class="title" id="deployment-scenarios">1.4. Planning IPA</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div></div><div xml:lang="en-US" class="chapter" id="installing-ipa" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Installing an IPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#Operating_System_Requirements">2.1. Supported Server Platforms</a></span></dt><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation">2.2. Preparing to Install the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requirements</a></span></dt><dt><span class="section"><a href="#prerequisites">2.2.3. System Prerequisites</a></span></dt><dd><dl><dt><span class="section"><a href="#prereq-ds">2.2.3.1. D
 irectory Server</a></span></dt><dt><span class="section"><a href="#prereq-system">2.2.3.2. System Files </a></span></dt><dt><span class="section"><a href="#prereq-ports">2.2.3.3. System Ports</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Networking</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#Installing_the_IPA_Server_Packages">2.3. Installing the IPA Server Packages</a></span></dt><dt><span class="section"><a href="#creating-server">2.4. Creating an IPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="#install-command">2.4.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="#install-interactive">2.4.2. Setting up an IPA Server: Basi
 c Interactive Installation</a></span></dt><dt><span class="section"><a href="#install-examples">2.4.3. Examples of Creating the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#install-normal">2.4.3.1. Non-Interactive Basic Installation</a></span></dt><dt><span class="section"><a href="#install-ca-options">2.4.3.2. Using Different CAs</a></span></dt><dt><span class="section"><a href="#install-dns">2.4.3.3. Using DNS</a></span></dt></dl></dd><dt><span class="section"><a href="#troubleshooting-install">2.4.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="#chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">2.5. Setting up IPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="#installing-replica">2.5.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="#creating-the-replica">2.5.2. Creating the Replica</a></span></dt><dt><span class
 ="section"><a href="#troubleshooting-replica-install">2.5.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="#Uninstalling_IPA_Servers">2.6. Uninstalling IPA Servers and Replicas</a></span></dt></dl></div><div class="para">
+		The IPA domain is defined and managed by an IPA <span class="emphasis"><em>server</em></span> which is essentially a domain controller. There can be multiple domain controllers within a domain for load-balancing and failover tolerance. These additional servers are called <span class="emphasis"><em>replicas</em></span> of the master IPA server.
+	</div><div class="para">
+		Both IPA servers and replicas only run on Red Hat Enterprise Linux systems. For both servers and replicas, the necessary packages must be installed and then the IPA server or replica itself is configured through setup scripts, which configure all of the requisite services.
+	</div><div class="section" id="Operating_System_Requirements"><div class="titlepage"><div><div><h2 class="title" id="Operating_System_Requirements">2.1. Supported Server Platforms</h2></div></div></div><div class="para">
+			IPA 2.1 is supported on these platforms:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Red Hat Enterprise Linux 6.1 i386
+				</div></li><li class="listitem"><div class="para">
+					Red Hat Enterprise Linux 6.1 x86_64
+				</div></li></ul></div></div><div class="section" id="Preparing_for_an_IPA_Installation"><div class="titlepage"><div><div><h2 class="title" id="Preparing_for_an_IPA_Installation">2.2. Preparing to Install the IPA Server</h2></div></div></div><div class="para">
+			Before you install IPA, ensure that the installation environment is suitably configured. You also need to provide certain information during the installation and configuration procedures, including realm names and certain usernames and passwords. This section describes the information that you need to provide.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</h3></div></div></div><div class="para">
+				A basic user entry is about 1 KB in size, as is a simple host entry with a certificate. The structure of the directory tree and the number of indexes in the Directory Server instance can impact the hardware required for the best performance. <a class="xref" href="#tab.Minimum_hardware_requirements_for_IPA">Table 2.1, “Minimum Hardware Requirements”</a> lists the recommended minimums. For customized systems, additional indexes, or larger user entries, it is more effective to increase the RAM than to increase the disk space because the Directory Server stores much of its data in cache. Add info for disk layout/size recommendations, from https://www.redhat.com/archives/freeipa-users/2011-May/msg00012.html
+			</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+					The Directory Server instance used by the IPA server can be tuned to increase performance. For tuning information, see the Directory Server documentation at <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html</a>.
+				</div></div></div><div class="para">
+				The system requirements for both 32-bit and 64-bit platforms are the same.
+			</div><div class="table" id="tab.Minimum_hardware_requirements_for_IPA"><h6>Table 2.1. Minimum Hardware Requirements</h6><div class="table-contents"><table summary="Minimum Hardware Requirements" border="1"><colgroup><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /></colgroup><thead><tr><th align="center">
+								Minimum Hardware Requirements
+							</th><th align="center">
+								10,000 - 250,000 Entries
+							</th><th align="center">
+								250,000 - 1,000,000 Entries
+							</th><th align="center">
+								Over 1,000,000 Entries
+							</th></tr></thead><tbody><tr><td align="left">
+								CPU
+							</td><td colspan="3" align="center">
+								P3; 500MHz
+							</td></tr><tr><td align="left">
+								RAM
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td></tr><tr><td align="left">
+								Disk Space
+							</td><td align="center">
+								2 GB
+							</td><td align="center">
+								4 GB
+							</td><td align="center">
+								8 GB
+							</td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requirements</h3></div></div></div><div class="para">
+				Most of the packages that an IPA server depends on are installed as dependencies when the IPA packages are installed. There are some packages, however, which are required before installing the IPA packages:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Kerberos 1.9
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">named</span> and <span class="package">bind-dyndb-ldap</span> packages for DNS
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ds-replication</span> package, which requires a separate subscription to the Enterprise Identity Replication product
+					</div></li></ul></div></div><div class="section" id="prerequisites"><div class="titlepage"><div><div><h3 class="title" id="prerequisites">2.2.3. System Prerequisites</h3></div></div></div><div class="para">
+				The IPA server is set up using a configuration script, and this script makes certain assumption about the host system. If the system does not meet these prerequisites, then server configuration may fail.
+			</div><div class="section" id="prereq-ds"><div class="titlepage"><div><div><h4 class="title" id="prereq-ds">2.2.3.1. Directory Server</h4></div></div></div><div class="para">
+					There must not be any instances of 389 Directory Server installed on the host machine.
+				</div></div><div class="section" id="prereq-system"><div class="titlepage"><div><div><h4 class="title" id="prereq-system">2.2.3.2. System Files </h4></div></div></div><div class="para">
+					The server script overwrites system files to set up the IPA domain. The system should be clean, without custom configuration for services like DNS and Kerberos, before configuring the IPA server.
+				</div></div><div class="section" id="prereq-ports"><div class="titlepage"><div><div><h4 class="title" id="prereq-ports">2.2.3.3. System Ports</h4></div></div></div><div class="para">
+					IPA uses a number of ports to communicate with its services. These ports, listed in <a class="xref" href="#tab.ipa-ports">Table 2.2, “IPA Ports”</a>, must be open and available for IPA to work. They cannot be in use by another service or blocked by a firewall. To make sure that these ports are available, try <code class="command">iptables</code> to list the available ports or <code class="command">nc</code>, <code class="command">telnet</code>, or <code class="command">nmap</code> to connect to a port or run a port scan.
+				</div><div class="table" id="tab.ipa-ports"><h6>Table 2.2. IPA Ports</h6><div class="table-contents"><table summary="IPA Ports" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+									Service
+								</th><th>
+									Ports
+								</th></tr></thead><tbody><tr><td>
+									OCSP responder
+								</td><td>
+									9180
+								</td></tr><tr><td>
+									HTTP/HTTPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>80</td></tr><tr><td>443</td></tr></table>
+
+								</td></tr><tr><td>
+									LDAP/LDAPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>389</td></tr><tr><td>636</td></tr></table>
+
+								</td></tr><tr><td>
+									Kerberos<sup>[<a id="ft.udp-tcp" href="#ftn.ft.udp-tcp" class="footnote">a</a>]</sup>
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>88</td></tr><tr><td>464</td></tr></table>
+
+								</td></tr><tr><td>
+									DNS<sup>[<a href="#ftn.ft.udp-tcp" class="footnoteref">a</a>]</sup>
+								</td><td>
+									53
+								</td></tr><tr><td>
+									NTP<sup>[<a id="id2977194" href="#ftn.id2977194" class="footnote">b</a>]</sup>
+								</td><td>
+									123
+								</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
+										This service uses both TCP adn UDP ports.
+									</p></div><div class="footnote"><p><sup>[<a id="ftn.id2977194" href="#id2977194" class="para">b</a>] </sup>
+										This service uses UDP ports only.
+									</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</h4></div></div></div><div class="para">
+					IPA uses DNS for the IPA clients to find (<span class="emphasis"><em>discover</em></span>) the IPA servers. The DNS service can be managed by IPA itself, or IPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and IPA services like, LDAP, Kerberos, and SSL may fail to work.
+				</div><div class="section" id="dns-requirements"><div class="titlepage"><div><div><h5 class="title" id="dns-requirements">2.2.3.4.1. DNS Requirements</h5></div></div></div><div class="para">
+						Regardless of whether the DNS is within the IPA server or external, the server host must have DNS properly configured:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								The server's machine name must be set and resolve to its public IP address. The fully-qualified domain name cannot resolve to the loopback address. It must resolve to the machine's public IP address, not to <code class="systemitem">127.0.0.1</code>. The output of the <code class="command">hostname</code> command cannot be <code class="systemitem">localhost</code> or <code class="systemitem">localhost6</code>.
+							</div></li><li class="listitem"><div class="para">
+								The hostname must be fully qualified. For example, <code class="systemitem">ipa.example.com</code>.
+							</div></li><li class="listitem"><div class="para">
+								The reverse of the address that the hostname resolves to must match the hostname.
+							</div></li><li class="listitem"><div class="para">
+								The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the IPA server, but it does need to be fully functional.
+							</div><div class="para">
+								If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install IPA to automatically configure a suitable DNS.
+							</div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">2.2.3.4.2. IPA-Generated DNS File</h5></div></div></div><div class="para">
+						To help create and configure a suitable DNS setup, the IPA installation script creates a sample zone file. During the installation, IPA displays a message similar to the following:
+					</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
+</pre><div class="para">
+						You should use this file in your DNS zone file.
+					</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">2.2.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
+						<span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in an IPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+					</div><div class="para">
+						<code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific IPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+					</div><div class="para">
+						To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+					</div><pre class="programlisting">positive-time-to-live   group           3600
+negative-time-to-live   group           60
+positive-time-to-live   hosts           3600
+negative-time-to-live   hosts           20
+</pre></div><div class="section" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos">2.2.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
+						The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+					</div><div class="para">
+						If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example: 
+<pre class="programlisting">10.0.0.1    ipa.example.com  ipa</pre>
+						 The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. IPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
+					</div><div class="para">
+						A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The IPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+					</div><div class="para">
+						The IPA installation process includes checks to ensure that the IPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing an IPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the IPA server will use itself as a DNS from that point forward.
+					</div><div class="para">
+						The IPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								DNS forwarders must be specified as IP addresses, not as hostnames.
+							</div></div></div>
+
+					</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Networking</h4></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services">2.2.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
+						The default networking service used by Red Hat Enterprise Linux is NetworkManager, and due to the way this service works, it can cause problems with IPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in an IPA environment and disable the NetworkManager service.
+					</div><div class="orderedlist" id="proc-Enterprise_Identity_Management_Guide-Configuring_Networking_Services-To_configure_networking_services_for_IPA"><ol><li class="listitem"><div class="para">
+								Boot the machine into single-user mode and run the following commands:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManager off; service NetworkManager stop</span></pre></li><li class="listitem"><div class="para">
+								If <code class="systemitem">NetworkManagerDispatcher</code> is installed, ensure that it is stopped and disabled:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop</span></pre></li><li class="listitem"><div class="para">
+								Then, make sure that the <code class="systemitem">network</code> service is properly started. 
+<pre class="programlisting"><span class="perl_Comment"># chkconfig network on; service network start</span></pre>
+
+							</div></li><li class="listitem"><div class="para">
+								Ensure that static networking is correctly configured.
+							</div></li><li class="listitem"><div class="para">
+								Restart the system.
+							</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File">2.2.3.5.2. Configuring the /etc/hosts File</h5></div></div></div><div class="para">
+						You need to ensure that your <code class="filename">/etc/hosts</code> file is configured correctly. A misconfigured file can prevent the IPA command-line tools from functioning correctly and can prevent the IPA web interface from connecting to the IPA server.
+					</div><div class="para">
+						Configure the <code class="filename">/etc/hosts</code> file to list the FQDN for the IPA server <span class="emphasis"><em>before</em></span> any aliases. Also ensure that the hostname is not part of the <code class="literal">localhost</code> entry. The following is an example of a valid hosts file:
+					</div><pre class="programlisting">127.0.0.1	localhost.localdomain	localhost
+::1		localhost6.localdomain6	localhost6
+192.168.1.1	ipaserver.example.com	ipaserver
+</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							Do not omit the <code class="systemitem">IPv4</code> entry in the <code class="filename">/etc/hosts</code> file. This entry is required by the IPA web service.
+						</div></div></div></div></div></div></div><div class="section" id="Installing_the_IPA_Server_Packages"><div class="titlepage"><div><div><h2 class="title" id="Installing_the_IPA_Server_Packages">2.3. Installing the IPA Server Packages</h2></div></div></div><div class="para">
+			Installing only the IPA server requires a single package, <code class="filename">ipa-server</code><code class="filename">ipa-server</code>. If the IPA server will also manage a DNS server, then it requires two additional packages to set up the DNS.
+		</div><div class="para">
+			All of these packages can be installed using the <code class="command">yum</code> command:
+		</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-server bind bind-dyndb-ldap</span></pre><div class="para">
+			If the IPA domain will contain replicas as well as servers, then also install the required replication packages:
+		</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-server bind bind-dyndb-ldap ds-replication</span></pre><div class="para">
+			Installing the <code class="filename">ipa-server</code><code class="filename">ipa-server</code> also installs a large number of dependencies, such as <span class="package">389-ds-base</span> for the LDAP service and <span class="package">krb5-server</span> for the Kerberos service, along with IPA tools.
+		</div><div class="para">
+			After the packages are installed, the server instance must be created using the <code class="command">ipa-server-install</code> command. The options for configuring the new server instance are described in <a class="xref" href="#creating-server">Section 2.4, “Creating an IPA Server Instance”</a>.
+		</div></div><div class="section" id="creating-server"><div class="titlepage"><div><div><h2 class="title" id="creating-server">2.4. Creating an IPA Server Instance</h2></div></div></div><div class="para">
+			The IPA setup script creates a server instance, which includes configuring all of the required services for the IPA domain:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					The network time daemon (ntpd)
+				</div></li><li class="listitem"><div class="para">
+					A 389 Directory Server instance
+				</div></li><li class="listitem"><div class="para">
+					A Kerberos key distribution center (KDC)
+				</div></li><li class="listitem"><div class="para">
+					Apache (httpd)
+				</div></li><li class="listitem"><div class="para">
+					An updated SELinux targeted policy
+				</div></li><li class="listitem"><div class="para">
+					The Active Directory WinSync plug-in
+				</div></li><li class="listitem"><div class="para">
+					A certificate authority
+				</div></li><li class="listitem"><div class="para">
+					<span class="emphasis"><em>Optional.</em></span> A domain name service (DNS) server
+				</div></li></ul></div><div class="para">
+			The IPA setup process can be minimal, where the administrator only supplies some required information, or it can be very specific, with user-defined settings for many parts of the IPA services. The configuration is passed using arguments with the <code class="command">ipa-install-server</code> script.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				The port numbers and directory locations used by IPA are all defined automatically, as defined in <a class="xref" href="#prereq-ports">Section 2.2.3.3, “System Ports”</a> and <a class="xref" href="#ipa-files">Section 4.4, “A Summary of IPA Server Configuration Files and Directories”</a>. These ports and directories <span class="emphasis"><em>cannot</em></span> be changed or customized.
+			</div></div></div><div class="section" id="install-command"><div class="titlepage"><div><div><h3 class="title" id="install-command">2.4.1. About ipa-server-install</h3></div></div></div><div class="para">
+				An IPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS nad Kerberos, that are used by the IPA instance, or it can supply predefined values for minimal input from the administrator.
+			</div><div class="para">
+				While <code class="command">ipa-server-install</code> can be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
+			</div><div class="para">
+				<a class="xref" href="#tab.ipa-server-install-param">Table 2.3, “ipa-server-install Options”</a> lists the possible arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="#install-examples">Section 2.4.3, “Examples of Creating the IPA Server”</a> has examples of some common installation scenarios. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
+			</div><div class="table" id="tab.ipa-server-install-param"><h6>Table 2.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+								Argument
+							</th><th>
+								Alternate Argument
+							</th><th>
+								Description
+							</th></tr></thead><tbody><tr><td colspan="3">
+								<span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3059859" href="#ftn.id3059859" class="footnote">a</a>]</sup>
+							</td></tr><tr><td>
+								-a <span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								--admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								The password for the IPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
+							</td></tr><tr><td>
+								--hostname=<span class="emphasis"><em>hostname</em></span>
+							</td><td>
+
+							</td><td>
+								The fully-qualified domain name of the IPA server machine.
+							</td></tr><tr><td>
+								-n <span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								--domain=<span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								The name of the LDAP server domain to use for the IPA domain. This is usually based on the IPA server's hostname.
+							</td></tr><tr><td>
+								-p <span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								--ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
+							</td></tr><tr><td>
+								-r <span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								--realm=<span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								The name of the Kerberos realm to create for the IPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Certificate Authority Options</strong></span>
+							</td></tr><tr><td>
+								--external-ca
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the IPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--selfsign
+							</td><td>
+
+							</td><td>
+								Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the IPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
+							</td></tr><tr><td>
+								--subject=<span class="emphasis"><em>subject_DN</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>DNS Options</strong></span>
+							</td></tr><tr><td>
+								--forwarder=<span class="emphasis"><em>forwarder</em></span>
+							</td><td>
+
+							</td><td>
+								Gives a comma-separated list of DNS forwarders to use with the DNS service.
+							</td></tr><tr><td>
+								--no-forwarders
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--no-reverse
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--setup-dns
+							</td><td>
+
+							</td><td>
+								Tells the installation script to set up a DNS service within the IPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
+							</td></tr><tr><td>
+								--zonemgr=<span class="emphasis"><em>email_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Kerberos Options</strong></span>
+							</td></tr><tr><td>
+								--ip-address=<span class="emphasis"><em>ip_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the IP address of the Kerberos master KDC. This can be used if there are multiple IPA servers in the same realm.
+							</td></tr><tr><td>
+								-P <span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								--master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								The password for the KDC account. This is randomly generated if no value is given.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>NTP Options</strong></span>
+							</td></tr><tr><td>
+								-N, --no-ntp
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> configure the NTP service for the IPA server. This is normally done by default. 
+								<div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+										If the IPA server is running as a virtual guest, it should not run an NTP service.
+									</div></div></div>
+
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>IPA Server Configuration Options</strong></span>
+							</td></tr><tr><td>
+								--idmax=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the upper bound for IDs which can be assigned by the IPA server. The default value is the ID start value plus 199999.
+							</td></tr><tr><td>
+								--idstart=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the lower bound (starting value) for IDs which can be assigned by the IPA server. The default value is randomly selected.
+							</td></tr><tr><td>
+								--no_hbac_allow
+							</td><td>
+
+							</td><td>
+								Disables the <code class="command">allow_all</code> rule for host-based access control in the IPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Other Setup Options</strong></span>
+							</td></tr><tr><td>
+								--no-host-dns
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the IPA server machine during the installation process.
+							</td></tr><tr><td>
+								-U
+							</td><td>
+								--unattended
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
+							</td></tr><tr><td>
+								--uninstall
+							</td><td>
+
+							</td><td>
+								Uninstalls an existing IPA server.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>General Tool Options</strong></span>
+							</td></tr><tr><td>
+								-d
+							</td><td>
+								--debug
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
+							</td></tr><tr><td>
+								-h
+							</td><td>
+								--help
+							</td><td>
+								Prints the help information for the <code class="command">ipa-server-install</code> command.
+							</td></tr><tr><td>
+								--version
+							</td><td>
+
+							</td><td>
+								Prints the version number of the <code class="command">ipa-server-install</code> command.
+							</td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3059859" href="#id3059859" class="para">a</a>] </sup>
+									The installation script will prompt for these options if they are not passed with the script.
+								</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">2.4.2. Setting up an IPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
+				All that is required to set up an IPA server is to run the <code class="command">ipa-server-install</code> script. This launchs the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Run the <code class="command">ipa-server-install</code> script.
+					</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install</span></pre></li><li class="listitem"><div class="para">
+						Enter the hostname. This is determined automatically using reverse DNS.
+					</div><pre class="programlisting">Server host name [ipa2.server.example.com]:</pre></li><li class="listitem"><div class="para">
+						Enter the domain name. This is determined automatically based on the hostname.
+					</div><pre class="programlisting">Please confirm the domain name [example.com]:</pre></li><li class="listitem"><div class="para">
+						The script then reprints the hostname, IP address, and domain name.
+					</div><pre class="programlisting">The IPA Master Server will be configured with
+<span class="perl_BString">Hostname</span>:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre></li><li class="listitem"><div class="para">
+						Enter the new Kerberos realm name. This is usually based on the domain name.
+					</div><pre class="programlisting">Please provide a realm name [EXAMPLE.COM]:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the Directory Server superuser, <code class="command">cn=Directory Manager</code>. There are password strength requirements for this password, including a minimum password length.
+					</div><pre class="programlisting">Directory Manager password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the IPA system user account, <code class="command">admin</code>. This user is created on the machine.
+					</div><pre class="programlisting">IPA admin password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						After that, the script configures all of the associated services for IPA, with task counts and progress bars.
+					</div><pre class="programlisting">Configuring ntpd
+  [1/4]: stopping ntpd
+ ...
+<span class="perl_Keyword">done</span> configuring ntpd.
+
+Configuring directory server <span class="perl_Keyword">for</span> the CA: Estimated time 30 seconds
+  [1/3]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring pkids.
+
+Configuring certificate server: Estimated time 6 minutes
+  [1/17]: creating certificate server user
+....
+<span class="perl_Keyword">done</span> configuring pki-cad.
+
+Configuring directory server: Estimated time 1 minute
+  [1/32]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring dirsrv.
+
+Configuring Kerberos KDC: Estimated time 30 seconds
+  [1/14]: setting KDC account password
+...
+<span class="perl_Keyword">done</span> configuring krb5kdc.
+
+Configuring ipa_kpasswd
+  [1/2]: starting ipa_kpasswd
+  [2/2]: configuring ipa_kpasswd to start on boot
+<span class="perl_Keyword">done</span> configuring ipa_kpasswd.
+
+Configuring the web interface: Estimated time 1 minute
+  [1/12]: disabling mod_ssl <span class="perl_Keyword">in</span> httpd
+...
+<span class="perl_Keyword">done</span> configuring httpd.
+Setting the certificate subject base
+restarting certificate server
+Applying LDAP updates
+Restarting the directory server
+Restarting the KDC
+Restarting the web server
+Sample zone <span class="perl_BString">file</span> <span class="perl_Keyword">for</span> <span class="perl_Reserved">bind</span> has been created <span class="perl_Keyword">in</span> /tmp/sample.zone.ygzij5.db
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+						Restart the <code class="systemitem">SSH</code> service to retrive the Kerberos principal and to refresh the name server switch (NSS) configuration file: 
+<pre class="programlisting"><span class="perl_Comment"># service sshd restart</span></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
+					</div><pre class="programlisting">$ kinit admin
+Password <span class="perl_Keyword">for</span> admin at EXAMPLE.COM:</pre></li><li class="listitem"><div class="para">
+						Test the IPA configuration by running a command like <code class="command">ipa user-find</code>. For example:
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa user-find admin</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>  --------------
+  1 user matched
+  --------------
+  User <span class="perl_BString">login</span>: admin
+  <span class="perl_BString">Last</span> name: Administrator
+  Home directory: /home/admin
+  <span class="perl_BString">Login</span> shell: /bin/bash
+  Account disabled: <span class="perl_BString">False</span>
+  Member of <span class="perl_BString">groups</span>: admins
+  ----------------------------
+  Number of entries returned 1
+  ----------------------------</pre></li></ol></div></div><div class="section" id="install-examples"><div class="titlepage"><div><div><h3 class="title" id="install-examples">2.4.3. Examples of Creating the IPA Server</h3></div></div></div><div class="para">
+				The way that an IPA server is installed can be different depending on the network environment, security requirements within the organization, and the desired topology. These example illustrate some common options when installing the server. These examples are not mutually exclusive; it is entirely possible to use CA options, DNS options, and IPA configuration options in the same server invocation. These are called out separately simply to make it more clear what each configuration area requires.
+			</div><div class="section" id="install-normal"><div class="titlepage"><div><div><h4 class="title" id="install-normal">2.4.3.1. Non-Interactive Basic Installation</h4></div></div></div><div class="para">
+					As shown in <a class="xref" href="#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>, only a few pieces of information are required to configured an IPA server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Passwords for the IPA administrative user and the Directory Server super user (Directory Manager)
+						</div></li><li class="listitem"><div class="para">
+							The server hostname
+						</div></li><li class="listitem"><div class="para">
+							The Kerberos realm name
+						</div></li><li class="listitem"><div class="para">
+							The DNS domain name
+						</div></li></ul></div><div class="para">
+					This information can be passed with the <code class="command">ipa-server-install</code>, along with the <code class="option">-U</code> to force it to run without requiring user interaction.
+				</div><div class="example" id="ex.basic-opts"><h6>Example 2.1. Basic Installation without Interaction</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U</span></pre><div class="para">
+						The script then prints the submitted values:
+					</div><pre class="programlisting">To accept the default shown in brackets, press the Enter key.
+
+The IPA Master Server will be configured with
+Hostname:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre><div class="para">
+						Then the script runs through the configuration progress for each IPA service, as in <a class="xref" href="#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>.
+					</div></div></div><br class="example-break" /></div><div class="section" id="install-ca-options"><div class="titlepage"><div><div><h4 class="title" id="install-ca-options">2.4.3.2. Using Different CAs</h4></div></div></div><div class="para">
+					The default installation of IPA uses an integrated Dogtag Certificate System instance as a certificate authority to issue certificates. However, this configuration is not required. IPA only requires <span class="emphasis"><em>a</em></span> certificate authority. This can be an external CA like Verisign or a corporate CA inconjunction with the internal Certificate System, or it can even be the IPA server itself, using a self-signed certificate.
+				</div><div class="para">
+					For the IPA server itself to work as a CA, it uses a self-signed certificate, meaning that it approved and issued its own certificate. This is done by using the <code class="option">--selfsign</code> option with the <code class="command">ipa-server-install</code> command. When the IPA server uses a self-signed certificate, the setup process is exactly the same as a normal installation, except that no Dogtag Certificate System instance is created. There is still a <code class="filename">cacert.p12</code> file created that can be used by replicas and the domain functions exactly the same. The only difference is what CA issues the certificates.
+				</div><div class="example" id="ex.selfsigned"><h6>Example 2.2. Using a Self-Signed Certificate</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U --selfsign</span></pre></div></div><br class="example-break" /><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+						A self-signed certificate should only be used for a testing or development environment. A production environment should use the Dogtag Certificate System instance or an external, public CA.
+					</div></div></div><div class="para">
+					Alternatively, the IPA server can use a certificate issued by an external CA. This can be a corporate CA or a third-party CA like Verisign or Thawte. As with a normal setup process, using an external CA still uses a Dogtag Certificate System instance for the IPA server for issuing all of its client and replica certificates; the initial CA certificate is simply issued by a different CA.
+				</div><div class="para">
+					When using an external CA, there are two additional steps that must be performed: submit the generated certificate request to the external CA and then load the CA certificate and issued server certificate to complete the setup.
+				</div><div class="example" id="ex.externalca"><h6>Example 2.3. Using an External CA</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--external-ca</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --external-ca</span></pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP and Directory Server services as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script completes the CA setup and returns information about where the certificate signing request (CSR) is located, <code class="filename">/root/ipa.csr</code>. This request must be submitted to the external CA.
+							</div><pre class="programlisting">Configuring certificate server: Estimated time 6 minutes
+  [1/4]: creating certificate server user
+  [2/4]: creating pki-ca instance
+  [3/4]: restarting certificate server
+  [4/4]: configuring certificate server instance
+The next step is to get /root/ipa.csr signed by your CA and re-run ipa-server-install.</pre></li><li class="listitem"><div class="para">
+								Submit the request to the CA. The process differs for every service.
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the issued certificate and the CA certificate chain for the issuing CA. Again, the process differs for every certificate service, but there is usually a download link on a web page or in the notification email that allows administrators to download all the required certificates. Be sure to get the full certificate chain for the CA, not just the CA certificate.
+							</div></li><li class="listitem"><div class="para">
+								Rerun <code class="command">ipa-server-install</code>, specifying the locations and names of the certificate and CA chain files. For example:
+							</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install --external_cert_file=/tmp/servercert20110601.p12 --external_ca_file=/tmp/cacert.p12</span></pre></li><li class="listitem"><div class="para">
+								Complete the setup process and verify that everything is working as expected, as in <a class="xref" href="#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /></div><div class="section" id="install-dns"><div class="titlepage"><div><div><h4 class="title" id="install-dns">2.4.3.3. Using DNS</h4></div></div></div><div class="para">
+					IPA can be configured to manage its own DNS, use an existing DNS, or not use DNS services at all (which is the default). Running the setup script alone does not configure DNS; this requires the <code class="option">--setup-dns</code> option.
+				</div><div class="para">
+					As with a basic setup, the DNS setup can either prompt for the required information or the DNS information can be passed with the script to allow an automatic or unattended setup process.
+				</div><div class="example" id="ex.dns-w-prompts"><h6>Example 2.4. Interactive DNS Setup</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--setup-dns</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --setup-dns</span></pre></li><li class="listitem"><div class="para">
+								The script configures the hostname and domain name as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script then prompts for DNS forwarders. If forwarders will be used, enter yes, and then supply the list of DNS servers. If IPA will manage its own DNS service, then enter no.
+							</div><pre class="programlisting">Do you want to configure DNS forwarders? [<span class="perl_BString">yes</span>]: no
+No DNS forwarders configured</pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP, Directory Server, Certificate System, Kerberos, and Apache services.
+							</div></li><li class="listitem"><div class="para">
+								Before completing the configuration, the script prompts to ask whether it should configure reverse DNS services. If you select yes, then it configures the <code class="systemitem">named</code> service.
+							</div><pre class="programlisting">Do you want to configure the reverse zone? [<span class="perl_BString">yes</span>]: <span class="perl_BString">yes</span>
+Configuring named:
+  [1/9]: adding DNS container
+  [2/9]: setting up our zone
+  [3/9]: setting up reverse zone
+  [4/9]: setting up our own record
+  [5/9]: setting up kerberos principal
+  [6/9]: setting up named.conf
+  [7/9]: restarting named
+  [8/9]: configuring named to start on boot
+  [9/9]: changing resolv.conf to point to ourselves
+<span class="perl_Keyword">done</span> configuring named.
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+								Verify that everything is working as expected, as in <a class="xref" href="#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /><div class="para">
+					If DNS is used with IPA, then two pieces of information are required: any DNS forwarders that will be used and using (or not) reverse DNS. To perform a non-interactive setup, this information can be passed using the <code class="option">--forwarder | --no-forwarders</code> option and <code class="option">--no-reverse</code> option.
+				</div><div class="example" id="ex.dns-script"><h6>Example 2.5. Setting up DNS Non-Interactively</h6><div class="example-contents"><div class="para">
+						To use DNS always requires the <code class="option">--setup-dns</code>. To user forwarders, use the <code class="option">--forwarder</code> with a comma-separated list of forwarders.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --forwarder=1.2.3.0,1.2.255.0</span></pre><div class="para">
+						Some kind of forwarder information is required. If no external forwarders will be used with the IPA DNS service, then use the <code class="option">--no-forwarders</code> option to indicate that only root servers will be used.
+					</div><div class="para">
+						The script always assumes that reverse DNS is configured along with DNS, so it is not necessary to use any options to <span class="emphasis"><em>enable</em></span> reverse DNS. To disable reverse DNS, use the <code class="option">--no-reverse</code> option.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">2.4.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id2988815">GSS Failures When Running IPA Commands</h5>
+					Immediately after installation, there can be Kerberos problems when trying to run an <code class="command">ipa-*</code> command. For example:
+				</div><pre class="programlisting">ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may provide more information', 851968)/('Decrypt integrity check failed', -1765328353)</pre><div class="para">
+				There are two potential causes for this:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						DNS is not properly configured.
+					</div></li><li class="listitem"><div class="para">
+						Active Directory is in the same domain as the IPA server.
+					</div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3045940">named Daemon Fails to Start</h5>
+					If an IPA server is configured to manage DNS and is set up successfully, but the <code class="systemitem">named</code> service fails to start, this can indicate that there is a package conflict. Check the <code class="filename">/var/log/messages</code> file for error messages related to the <code class="command">named</code> service and the <code class="filename">ldap.so</code> library:
+				</div><pre class="screen">ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory</pre><div class="para">
+				This usually means that the <span class="package">bind-chroot</span> package is installed and is preventing the <code class="systemitem">named</code> service from starting. To resolve this issue, remove the <span class="package">bind-chroot</span> package and then restart the IPA server. 
+<pre class="programlisting"><span class="perl_Comment"># yum remove bind-chroot</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+<span class="perl_Comment"># ipactl restart</span></pre>
+
+			</div></div></div><div class="section" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">2.5. Setting up IPA Replicas</h2></div></div></div><div class="para">
+			In the IPA domain, there are three types of machines:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Servers, which manage all of the services used by domain members
+				</div></li><li class="listitem"><div class="para">
+					Replicas, which are essentially read-only clones of servers
+				</div></li><li class="listitem"><div class="para">
+					Clients, which belong to the Kerberos domains, receive certificates and tickets issued by the servers, and use other centralized services for authentication and authorization
+				</div></li></ul></div><div class="para">
+			A replica is a clone of a specific IPA server. The server and replica share the same internal information about users, machines, certificates, and configured policies. These data are copied from the server to the replica in a process called <span class="emphasis"><em>replication</em></span>. The two Directory Server instances used by an IPA server — the Directory Server instance used by the IPA server as a data store and the Directory Server instance used by the Dogtag Certificate System to store certificate information — are replicated over to corresponding consumer Directory Server instances used by the IPA replica.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				Replication is possible by default with IPA in Red Hat Enterprise Linux. A separate package, <code class="filename">ds-replication</code>, needs to be installed to enable replication.
+			</div></div></div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+				If you are using the integrated Dogtag Certificate System instance as the CA for the IPA domain, then it is possible to make a replica of a replica. It is <span class="emphasis"><em>not</em></span> possible to make a replica of a replica if you use the <code class="option">--selfsign</code> option for the original IPA server.
+			</div></div></div><div class="section" id="installing-replica"><div class="titlepage"><div><div><h3 class="title" id="installing-replica">2.5.1. Prepping and Installing the Replica Server</h3></div></div></div><div class="para">
+				Replicas are functionally the same as IPA servers, so they have the same installation requirements and packages.
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Make sure that the machine meets all of the prerequisites listed in <a class="xref" href="#Preparing_for_an_IPA_Installation">Section 2.2, “Preparing to Install the IPA Server”</a>.
+					</div></li><li class="listitem"><div class="para">
+						Install the server packages as in <a class="xref" href="#Installing_the_IPA_Server_Packages">Section 2.3, “Installing the IPA Server Packages”</a>. However, do <span class="emphasis"><em>not</em></span> run the <code class="command">ipa-server-install</code> script.
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							The replica and the master server must be running the same version of IPA.
+						</div></div></div></li><li class="listitem"><div class="para">
+						If there is an existing Dogtag Certificate System or Red Hat Certificate System instance on the replica machine, make sure that port <code class="systemitem">7389</code> is free. This port is used by the master IPA server to communicate with the replica.
+					</div></li></ul></div></div><div class="section" id="creating-the-replica"><div class="titlepage"><div><div><h3 class="title" id="creating-the-replica">2.5.2. Creating the Replica</h3></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					Make sure that the replica machine exists in the server's DNS <span class="emphasis"><em>before</em></span> beginning to configure the replica. If the server cannot contact the replica machine during the configuration process, then the replica configuration fails.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						C\On the master server, create a <span class="emphasis"><em>replica information file</em></span>. This contains realm and configuration information taken from the master server which will be used to configure the replica server.
+					</div><div class="para">
+						Run the <code class="command">ipa-replica-repare</code> command <span class="emphasis"><em>on the master IPA server</em></span>. The command requires the fully-qualified domain name of the <span class="emphasis"><em>replica</em></span> machine.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-replica-prepare ipareplica.example.com</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+Determining current realm name
+Getting domain name from LDAP
+Preparing replica <span class="perl_Keyword">for</span> ipareplica.example.com from ipaserver.example.com
+Creating SSL certificate <span class="perl_Keyword">for</span> the Directory Server
+Creating SSL certificate <span class="perl_Keyword">for</span> the Web Server
+Copying additional files
+Finalizing configuration
+Packaging the replica into replica-info-ipareplica.example.com
+</pre><div class="para">
+						Each replica information file is created in the <code class="filename">/var/lib/ipa/</code> directory as a GPG-encrypted file. Each file is named specifically for the replica server for which it is intended, such as <code class="filename">replica-info-ipareplica.example.com.gpg</code>.
+					</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+							A replica information file cannot be used to create multiple replicas. It can only be used for the specific replica and machine for which it was created.
+						</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+							Replica information files contain sensitive information. Take appropriate steps to ensure that they are properly protected.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Copy the replica information file to the replica server:
+					</div><pre class="programlisting"><span class="perl_Comment"># scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root at ipareplica:/var/lib/ipa/</span></pre></li><li class="listitem"><div class="para">
+						On the replica server, run the replica installation script, referencing the replication information file:
+					</div><div class="para">
+						
+<pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre>
+
+					</div><div class="para">
+						The replica installation script runs a test to ensure that the replica file being installed matches the current hostname. If they do not match, the script returns a warning message and asks for confirmation. This could occur on a multi-homed machine, for example, where mismatched hostnames may not be an issue.
+					</div></li><li class="listitem"><div class="para">
+						Enter the Directory Manager password when prompted. The script then configures a Directory Server instance based on information in the replica information file and initiates a replication process to copy over data from the master server to the replica, a process called <span class="emphasis"><em>initialization</em></span>.
+					</div></li><li class="listitem"><div class="para">
+						Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of <code class="systemitem">ipareplica.example.com</code>:
+					</div><pre class="programlisting">_ldap._tcp             IN SRV 0 100 389	ipareplica.example.com
+_kerberos._tcp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos._udp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._tcp  IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._udp  IN SRV 0 100 88 ipareplica.example.com
+_kpasswd._tcp          IN SRV 0 100 464 ipareplica.example.com
+_kpasswd._udp          IN SRV 0 100 464 ipareplica.example.com
+_ntp._udp              IN SRV 0 100 123 ipareplica.example.com
+</pre></li><li class="listitem"><div class="para">
+						<span class="emphasis"><em>Optional.</em></span> Set up DNS services for the replica. These are not configured by the setup script, even if the master server uses DNS.
+					</div><div class="para">
+						Use the <code class="command">ipa-dns-install</code> command to install the DNS manually, then use the the <code class="command">ipa dnsrecord-add</code> command to add the required DNS records. For example: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-dns-install</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+$ ipa dnsrecord-add example.com @ --ns-rec ipareplica.example.com.</pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							Use the fully-qualified domain name of the replica, including the final period (.), otherwise BIND will treat the hostname as relative to the domain.
+						</div></div></div></li></ol></div></div><div class="section" id="troubleshooting-replica-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-replica-install">2.5.3. Troubleshooting Replica Installation</h3></div></div></div><div class="para">
+				If the replica installation fails on step 3 (<span class="bold bold"><strong>[3/11]: configuring certificate server instance</strong></span>), that usually means that the required port is not available. This can be verified by checking the debug logs for the CA, <code class="filename">/var/log/pki-ca/debug</code>, which may show error messages about being unable to find certain entries. For example: 
+<pre class="screen">[04/Feb/2011:22:29:03][http-9445-Processor25]: DatabasePanel
+comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</pre>
+
+			</div><div class="para">
+				The only resolution is to uninstall the replica: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+			</div><div class="para">
+				After uninstalling the replica, ensure that port 7389 on the replica is available, and retry the replica installation.
+			</div></div></div><div class="section" id="Uninstalling_IPA_Servers"><div class="titlepage"><div><div><h2 class="title" id="Uninstalling_IPA_Servers">2.6. Uninstalling IPA Servers and Replicas</h2></div></div></div><div class="para">
+			To uninstall both an IPA server and an IPA replica, pass the <code class="option">--uninstall</code> option to the <code class="command">ipa-server-install</code> command: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+		</div></div></div><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Setting up Systems as IPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux">3.1. Configuring a Red Hat Enterprise Linux System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#rhel-pkgs">3.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">3.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos">3.1.3. Configuring NFS v4 with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="#Using_
 Microsoft_Windows">3.2. Configuring a Microsoft Windows System as an IPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">3.3. Configuring a Solaris System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">3.3.1. Configuring Solaris 10</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">3.3.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">3.3.1.2. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">3.3.1.3. Configuring NFS v4</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">3.3.2. Config
 uring Solaris 9</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">3.3.2.1. Configuring PAM on Solaris 9</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">3.4. Configuring an HP-UX System as an IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">3.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">3.4.2. Configuring Kerberos and PAM</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Kerberos">3.4.2.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_PAM">3.4.2.2. Configuring PAM</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_P
 AM-Configuring_Access_Control">3.4.2.3. Configuring Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">3.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">3.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">3.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">3.5. Configuring an AIX System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Prerequisites">3.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">3.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="#Configurin
 g_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">3.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">3.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">3.6. Configuring a Macintosh OS X System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">3.6.1. Configuring Kerberos Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Kerberos_Authentication-Configuring_Kerberos">3.6.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">3.6.1.2. Enabling Kerberos Authentication</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Co
 nfiguring_LDAP_Authorization">3.6.2. Configuring LDAP Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">3.6.2.1. Creating the LDAP Configuration</a></span></dt><dt><span class="section"><a href="#Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">3.6.2.2. Setting up the LDAP Service Configuration Options</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">3.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">3.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">3.6.5. Accessing the IPA Server Using SSH</a></span></dt><dt><span class="section"><a href="#Macinto
 sh_OS_X-Configuring_System_Login">3.6.6. Configuring System Login</a></span></dt></dl></dd></dl></div><div class="para">
+		A <span class="emphasis"><em>client</em></span> is any system which is a member of the Enterprise IPA domain. While this is frequently a Red Hat Enterprise Linux system (and IPA has special tools to make configuring Red Hat Enterprise Linux clients very simple), machines with other operating systems can also be added to the IPA domain.
+	</div><div class="para">
+		One important aspect of an IPA client is that <span class="emphasis"><em>only</em></span> the system configuration determines whether the system is part of the domain. (The configuration includes things like belonging to the Kerberos domain, DNS domain, and having the proper authentication and certificate setup.) IPA does not require any sort of agent or daemon running on a client.
+	</div><div class="para">
+		This chapter explains how to configure a system to join an IPA domain.
+	</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+			Clients can only be configured after at least one IPA server has been installed.
+		</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux">3.1. Configuring a Red Hat Enterprise Linux System as an IPA Client</h2></div></div></div><div class="section" id="rhel-pkgs"><div class="titlepage"><div><div><h3 class="title" id="rhel-pkgs">3.1.1. Installing the Client Configuration Packages and Setup Script</h3></div></div></div><div class="para">
+				Before starting the IPA installation, update your system with all the latest packages.
+			</div><div class="para">
+				The most efficient way to install the required client packages is to use your IPA master as a yum repository. You can then install the client packages directly from the IPA master.
+			</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					To Red Hat Enterprise Linux systems as IPA clients, you need either an enrollment Kerberos principal (for example, admin), or the host must be pre-created on the server with a one-time password to do the enrollment.
+				</div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					If you are installing the IPA client in an environment that uses an Active Directory DNS, you may need to manually provide the IPA server details. This is because Active Directory has its own SRV records for Kerberos and LDAP, and the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the client packages. These packages are used only as a simple way to configure the system; they do <span class="emphasis"><em>not</em></span> install an agent or daemon on the client machine.
+					</div><div class="para">
+						For a regular user system, this requires only <code class="filename">ipa-client</code>:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-client</span></pre><div class="para">
+						For an administrator workstation, also install the IPA tools package:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-client ipa-admintools</span></pre></li><li class="listitem"><div class="para">
+						If the IPA server is also configured as the DNS server, and is in the same domain as the client, add the server's IP address as the first entry in the client's <code class="filename">/etc/resolv.conf</code> file.
+					</div></li><li class="listitem"><div class="para">
+						After the packages are installed, run the client setup command to configure the system as a client.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install</span></pre></li></ol></div><div class="para">
+				The <code class="command">ipa-client-install</code> command runs through a series of configuration changes on the system to set it up as a client in the IPA domain: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							If DNS Discovery is configured correctly, the command sets up the client domain and realm without prompting for any further information. If DNS Discovery is not configured, or if the IPA server and client are not in the same domain, the script will prompt you for the information it requires.
+						</div></li><li class="listitem"><div class="para">
+							Retrieves the CA certificate
+						</div></li><li class="listitem"><div class="para">
+							Creates a separate Kerberos configuration in order to test the provided credentials. This enables the <code class="command">ipa-client-install</code> command to perform a Kerberos connection to the IPA XML-RPC server, necessary to join the IPA client to the IPA domain. Irrespective of whether or not this connection is successful, this Kerberos configuration is ultimately discarded.
+						</div></li><li class="listitem"><div class="para">
+							Calls the <code class="command">ipa-join</code> command to perform the actual join
+						</div></li><li class="listitem"><div class="para">
+							Obtains a service principal for the host service and installs it into <code class="filename">/etc/krb5.keytab</code>, for example, (host/ipa.example.com at EXAMPLE.COM)
+						</div></li><li class="listitem"><div class="para">
+							Enables certmonger and retrieves an SSL server certificate, and installs it into <code class="filename">/etc/pki/nssdb</code>
+						</div></li><li class="listitem"><div class="para">
+							Disables the nscd daemon
+						</div></li><li class="listitem"><div class="para">
+							Configures SSSD or LDAP/KRB5, including NSS and PAM configuration files
+						</div></li><li class="listitem"><div class="para">
+							Configures NTP
+						</div></li></ul></div>
+
+			</div><div class="para">
+				At the end of this process, the command displays information about the realm, DNS domain, IPA server, and other related information, similar to the following:
+			</div><pre class="screen">
+Discovery was successful!
+Realm: IPADOCS.ORG
+DNS Domain: ipadocs.org
+IPA Server: ipaserver.ipadocs.org
+BaseDN: dc=ipadocs,dc=org
+
+Continue to configure the system with these values? [no]: yes
+Enrollment principal: admin
+Password for admin at IPADOCS.ORG:
+Enrolled in IPA realm IPADOCS.ORG
+Created /etc/ipa/default.conf
+Configured /etc/sssd/sssd.conf
+Configured /etc/krb5.conf for IPA realm IPADOCS.ORG
+SSSD enabled
+Kerberos 5 enabled
+NTP enabled
+Client configuration complete.
+</pre></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">3.1.2. Configuring Kerberos</h3></div></div></div><div class="para">
+				The <code class="command">ipa-client-install</code> command performs the Kerberos configuration automatically. This includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="para">
+				The following is an example of a Kerberos configuration file for IPA:
+			</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = false
+dns_lookup_kdc = false
+rdns = false
+forwardable = yes
+ticket_lifetime = 24h
+
+[realms]
+EXAMPLE.COM = {
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      }
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+</pre><div class="para">
+				Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the system console, log in as an IPA user. After you have logged in, open a shell and run the following commands:
+					</div><div class="para">
+						<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+					</div><div class="para">
+						<code class="command">$ getent passwd &lt;userid&gt;</code>
+					</div><div class="para">
+						<code class="command">$ getent group ipausers</code>
+					</div></li></ul></div></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos">3.1.3. Configuring NFS v4 with Kerberos</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Add an NFS service principal on the client.
+					</div><div class="para">
+						<code class="command"># ipa service-add nfs/ipaclient.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Obtain a keytab for the NFS service principal.
+					</div><div class="para">
+						<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaclient.example.com -k /etc/krb5.keytab</code>
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Red Hat Enterprise Linux 6.1, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Add the following line to the <code class="filename">/etc/sysconfig/nfs</code> file:
+					</div><pre class="programlisting">SECURE_NFS=yes
+</pre></li><li class="listitem"><div class="para">
+						Start the rpcgssd daemon.
+					</div><div class="para">
+						<code class="command"># service rpcgssd start</code>
+					</div></li></ol></div><div class="para">
+				The IPA client should now be fully configured to mount NFS shares using Kerberos credentials. Use the following command to test the configuration:
+			</div><div class="para">
+				<code class="command"># mount -v -t nfs4 -o sec=krb5 ipaserver.example.com:/ /mnt</code>
+			</div></div></div><div class="section" id="Using_Microsoft_Windows"><div class="titlepage"><div><div><h2 class="title" id="Using_Microsoft_Windows">3.2. Configuring a Microsoft Windows System as an IPA Client</h2></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				IPA does <span class="emphasis"><em>not</em></span> support Microsoft Windows client authentication.
+			</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+					Download the MIT <span class="productname">Kerberos</span>
+					 3.x package for Windows to a known location, and then run the <code class="filename">kfw-3.x-exe</code> file that you downloaded to start the <span class="application"><strong>MIT Kerberos Installation Wizard</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Read the license agreement and then click <span class="guibutton"><strong>I Agree</strong></span> to accept the agreement.
+				</div></li><li class="listitem"><div class="para">
+					Ensure you choose to install KfW Client; the other components are optional.
+				</div></li><li class="listitem"><div class="para">
+					Accept the default destination path.
+				</div></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Download from web path</strong></span>, and enter the following URL:
+				</div><pre class="programlisting">http://&lt;your IPA server's fully-qualified domain name&gt;/ipa/config/
+</pre></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Autostart the Network Identity Manager each time you login to Windows</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Click <span class="guibutton"><strong>Install</strong></span> to begin the installation. When the installation is complete, click <span class="guibutton"><strong>Finish</strong></span> to exit the Wizard.
+				</div></li><li class="listitem"><div class="para">
+					Edit the hosts file and add the IPA server. For example:
+				</div><pre class="programlisting">&lt;numerical IP address&gt;     ipaserver.example.com   ipaserver
+</pre><div class="para">
+					Depending on the version of Windows, the HOSTS file could be located in different directories. For example:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Windows 2000 Pro: <code class="filename">C:\WINNT\system32\drivers\etc\</code>
+						</div></li><li class="listitem"><div class="para">
+							Windows XP Pro: <code class="filename">C:\WINDOWS\system32\drivers\etc\</code>
+						</div></li></ul></div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Solaris">3.3. Configuring a Solaris System as an IPA Client</h2></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">3.3.1. Configuring Solaris 10</h3></div></div></div><div class="para">
+				IPA provides an automated method of configuring Solaris 10 to function as an IPA client. On your Solaris client, run the following command (ensure that you replace the example domain name with your own): 
+<pre class="screen"><code class="command"># ldapclient init ipa.example.com</code></pre>
+
+			</div><div class="para">
+				When IPA is installed it creates a configuration profile that will automatically set up the necessary PAM and <code class="filename">/etc/ldap.conf</code> configuration for Solaris. 
+				<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can add the <code class="option">-v</code> option to this command to display more details about the command operation.
+					</div></div></div>
+
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">3.3.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/krb5/krb5.conf</code> file as follows:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+
+[realms]
+EXAMPLE.COM = {
+kdc = ipaserver.example.com:88
+admin_server = ipaserver.example.com:749
+}
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[logging]
+default = FILE:/var/krb5/kdc.log
+kdc = FILE:/var/krb5/kdc.log
+kdc_rotate = {
+period = 1d
+versions = 10
+}
+
+[appdefaults]
+kinit = {
+renewable = true
+forwardable= true
+}
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">3.3.1.2. Configuring Client SSH Access</h4></div></div></div><div class="para">
+					Use the following procedure to configure the Solaris IPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. Remember to replace the example host and domain names with your own host and domain name.
+				</div><div class="para">
+					The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the IPA server.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Add a host service principal for the Solaris client.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"> # ipa service-add host/solarisipaclient.example.com </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Create the host keytab file.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p host/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Copy this keytab to the Solaris machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/etc/krb5/krb5.keytab </code></pre>
+
+						</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						After you have performed all of the preceding configuration steps, reboot the Solaris machine to ensure that all of the changes take effect.
+					</div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">3.3.1.3. Configuring NFS v4</h4></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The NFS v4 configuration is only supported on Solaris 10.
+					</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Obtain a Kerberos ticket for the admin user. 
+<pre class="screen"><code class="command"># kinit admin </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the IPA server.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Add an NFS service principal for the client. 
+<pre class="screen"><code class="command"># ipa service-add nfs/solarisipaclient.example.com </code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Create the NFS keytab file. 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+								</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+										Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Red Hat Enterprise Linux 6.1, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+									</div><div class="para">
+										If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+									</div></div></div></li><li class="listitem"><div class="para">
+									Use the <code class="command">klist</code> command to verify that the ticket was created: 
+<pre class="screen"><code class="command"># klist -ket /tmp/krb5.keytab</code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Copy the keytab from the server to the client. 
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/tmp/krb5.keytab </code></pre>
+
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the IPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab. 
+<pre class="screen"><code class="command"># ktutil</code>
+<code class="command">ktutil: read_kt /tmp/krb5.keytab</code>
+<code class="command">ktutil: write_kt /etc/krb5/krb5.keytab</code>
+<code class="command">ktutil: q</code></pre>
+
+						</div></li></ol></div><div class="para">
+					The IPA client should now be fully configured to mount NFS shares using Kerberos credentials.
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">3.3.2. Configuring Solaris 9</h3></div></div></div><div class="para">
+				The procedures for configuring Solaris 9 as an IPA client are the same as those for Solaris 10, with the exception of the PAM configuration. This is described below.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">3.3.2.1. Configuring PAM on Solaris 9</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/pam.conf</code> file to use PAM Kerberos. The following example shows how to set up PAM Kerberos authentication on Solaris 9 for console login:
+				</div><pre class="programlisting">login auth requisite pam_authtok_get.so.1
+login auth sufficient pam_krb5.so.1 use_first_pass
+login auth sufficient pam_unix.so.1 use_first_pass
+login auth required pam_dhkeys.so.1
+login auth required pam_unix_auth.so.1
+login auth required pam_dial_auth.so.1
+</pre></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_HP_UX">3.4. Configuring an HP-UX System as an IPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure HP-UX as an IPA client. It also includes some verification tests to ensure that the configuration is working correctly.
+		</div><div class="para">
+			Before starting the IPA installation, ensure that you update your system with all the latest packages.
+		</div><div class="para">
+			To install an HP-UX client you need administrator privileges in the form of the Directory Manager password. There is no other way to perform the installation.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The IPA client installation process requires that an IPA server already exist.
+			</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP"><h5 class="formalpara">Configuring NTP</h5>
+				Before proceeding with the following configuration steps, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the IPA server.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">3.4.1. Configuring LDAP Authentication</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the ldapux client on the HP-UX 11.23 machine.
+					</div><div class="para">
+						<code class="command"> # swinstall -s J4269AA_B.04.15.01_HP-UX_B.11.23_IA_PA.depot </code>
+					</div></li><li class="listitem"><div class="para">
+						Change to the configuration directory and run the setup script.
+					</div><div class="para">
+						<code class="command"># cd /opt/ldapux/config/</code>
+					</div><div class="para">
+						<code class="command"># ./setup</code>
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							You only need to perform this configuration on the first HP-UX client. All further configurations only need to know where the LDAP profile is stored. All clients will then use the same configuration.
+						</div><div class="para">
+							The HP-UX guide for this procedure is located at <a href="http://docs.hp.com/en/J4269-90075/ch02s07.html">http://docs.hp.com/en/J4269-90075/ch02s07.html</a>
+						</div></div></div><div class="para">
+						The following is a sample output from running the above script:
+					</div><pre class="programlisting">Would you like to continue with the setup? [Yes]
+Select which Directory Server you want to connect to ? [RedHat Directory]
+Directory server host ? [ipaserver.example.com]
+Directory Server port number [389]
+Would you like to extend the printer schema in this directory server? [No]
+Would you like to install PublicKey schema in this directory server? [No]
+Would you like to install the new automount schema ? [No]
+Profile Entry DN: [cn=ldapuxprofile,cn=etc,dc=example,dc=com]
+User DN [cn=Directory Manager]
+Password ? [Directory Manager's Password]
+Authentication method ? [ SIMPLE ]
+Enter the number of the hosts you want to specify [1]
+Default Base DN ? [dc=example,dc=com]
+Accept remaining defaults ? [n]
+Client binding [Anonymous]
+Bind time limit [5 seconds]
+Search time limit [no limit]
+Do you want client searches of the directory to follow referrals? [Yes]
+Profile TTL [0 = infinite]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [Yes]
+Specify the service you want to map? [ 3=Group]
+Specify the attribute you want to map [3 for memberuid ]
+Type the name of the attribute memberuid should be mapped to [member]
+Specify the service you want to map? [ 0 = exit ]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [ no this time ]
+Do you want to create custom search descriptors? [ No ]
+</pre></li><li class="listitem"><div class="para">
+						Ensure that the LDAP client daemon is running.
+					</div><div class="para">
+						<code class="command"># ps -ef | grep ldapclientd</code>
+					</div><div class="para">
+						If necessary, use the following command to start the daemon:
+					</div><div class="para">
+						<code class="command"># /opt/ldapux/bin/ldapclientd</code>
+					</div></li><li class="listitem"><div class="para">
+						Run the following commands to ensure that the LDAP client is working:
+					</div><div class="para">
+						<code class="command"># nsquery passwd admin</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group admins</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						Create a new group on the IPA server.
+					</div><div class="para">
+						<code class="command"> # ipa group-add testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Add a test user to the new group created above.
+					</div><div class="para">
+						<code class="command"> # ipa group-add-member -a testuser testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Run the <code class="command">nsquery</code> commands again to validate the new user and group:
+					</div><div class="para">
+						<code class="command"># nsquery passwd testuser</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group testgroup</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						To ensure that the LDAP client daemon starts when the system boots, add the following lines to the <code class="filename">/etc/opt/ldapux/ldapclientd.conf</code> file: 
+<pre class="programlisting">[StartOnBoot]
+enable=yes
+</pre>
+
+					</div></li></ol></div><div class="para">
+				This concludes the LDAP client configuration.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">3.4.2. Configuring Kerberos and PAM</h3></div></div></div><div class="para">
+				The Kerberos and PAM configuration process is completely manual. Sample configuration files are provided for reference, but you need to edit your own system files to reflect your deployment.
+			</div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos">3.4.2.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Edit the <code class="filename">/etc/krb5.conf</code> file to reflect the following example:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+default_tkt_enctypes = DES-CBC-CRC
+default_tgs_enctypes = DES-CBC-CRC
+ccache_type = 2
+
+[realms]
+EXAMPLE.COM = {
+      kpasswd_server = ipaserver.example.com
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      }
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[appdefaults]
+kinit = {
+      forwardable = true
+      }
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_PAM"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_PAM">3.4.2.2. Configuring PAM</h4></div></div></div><div class="para">
+					The PAM configuration differs slightly between different versions of HP-UX. These configurations are described below.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v2"><h5 class="formalpara">HP-UX 11i v2</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+
+#
+#
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with use_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+# #
+# The module pam_hpsec(5) is stacked as mandatory module above #
+# all the modules for making security checks before #
+# authentication. #
+
+################################################################
+#
+#
+
+# Authentication management
+#
+login auth required libpam_hpsec.so.1
+login auth sufficient libpam_krb5.so.1
+login auth required libpam_unix.so.1 try_first_pass
+su auth required libpam_hpsec.so.1
+su auth sufficient libpam_krb5.so.1
+su auth required libpam_unix.so.1 try_first_pass
+dtlogin auth required libpam_hpsec.so.1
+dtlogin auth sufficient libpam_krb5.so.1
+dtlogin auth required libpam_unix.so.1 try_first_pass
+dtaction auth required libpam_hpsec.so.1
+dtaction auth sufficient libpam_krb5.so.1
+dtaction auth required libpam_unix.so.1 try_first_pass
+ftp auth required libpam_hpsec.so.1
+ftp auth sufficient libpam_krb5.so.1
+ftp auth required libpam_unix.so.1 try_first_pass
+sshd auth required libpam_hpsec.so.1
+sshd auth sufficient libpam_krb5.so.1
+sshd auth required libpam_unix.so.1 try_first_pass
+OTHER auth required libpam_unix.so.1
+#
+
+# Account management
+#
+login account required libpam_hpsec.so.1
+login account sufficient libpam_krb5.so.1
+login account required libpam_unix.so.1
+su account required libpam_hpsec.so.1
+su account sufficient libpam_krb5.so.1
+su account required libpam_unix.so.1
+dtlogin account required libpam_hpsec.so.1
+dtlogin account sufficient libpam_krb5.so.1
+dtlogin account required libpam_unix.so.1
+dtaction account required libpam_hpsec.so.1
+dtaction account sufficient libpam_krb5.so.1
+dtaction account required libpam_unix.so.1
+ftp account required libpam_hpsec.so.1
+ftp account sufficient libpam_krb5.so.1
+ftp account required libpam_unix.so.1
+sshd account required libpam_hpsec.so.1
+sshd account sufficient libpam_krb5.so.1
+sshd account required libpam_unix.so.1
+OTHER account required libpam_unix.so.1
+#
+
+# Session management
+#
+login session required libpam_hpsec.so.1
+login session sufficient libpam_krb5.so.1
+login session required libpam_unix.so.1
+dtlogin session required libpam_hpsec.so.1
+dtlogin session sufficient libpam_krb5.so.1
+dtlogin session required libpam_unix.so.1
+dtaction session required libpam_hpsec.so.1
+dtaction session sufficient libpam_krb5.so.1
+dtaction session required libpam_unix.so.1
+sshd session required libpam_hpsec.so.1
+sshd session sufficient libpam_krb5.so.1
+sshd session required libpam_unix.so.1
+OTHER session required libpam_unix.so.1
+#
+
+# Password management
+#
+login password required libpam_hpsec.so.1
+login password sufficient libpam_krb5.so.1
+login password required libpam_unix.so.1
+passwd password required libpam_hpsec.so.1
+passwd password sufficient libpam_krb5.so.1
+passwd password required libpam_unix.so.1
+dtlogin password required libpam_hpsec.so.1
+dtlogin password sufficient libpam_krb5.so.1
+dtlogin password required libpam_unix.so.1
+dtaction password required libpam_hpsec.so.1
+dtaction password sufficient libpam_krb5.so.1
+dtaction password required libpam_unix.so.1
+OTHER password required libpam_unix.so.1
+</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v1"><h5 class="formalpara">HP-UX 11i v1</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+#
+
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with user_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+
+################################################################
+#
+
+# Authentication management
+#
+login auth sufficient /usr/lib/security/libpam_krb5.1
+login auth required /usr/lib/security/libpam_unix.1 try_first_pass
+su auth sufficient /usr/lib/security/libpam_krb5.1
+su auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtlogin auth sufficient /usr/lib/security/libpam_krb5.1
+dtlogin auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtaction auth sufficient /usr/lib/security/libpam_krb5.1
+dtaction auth required /usr/lib/security/libpam_unix.1 try_first_pass
+ftp auth sufficient /usr/lib/security/libpam_krb5.1
+ftp auth required /usr/lib/security/libpam_unix.1 try_first_pass
+OTHER auth required /usr/lib/security/libpam_unix.1
+#
+
+# Account management
+#
+login account sufficient /usr/lib/security/libpam_krb5.1
+login account required /usr/lib/security/libpam_unix.1
+su account sufficient /usr/lib/security/libpam_krb5.1
+su account required /usr/lib/security/libpam_unix.1
+dtlogin account sufficient /usr/lib/security/libpam_krb5.1
+dtlogin account required /usr/lib/security/libpam_unix.1
+dtaction account sufficient /usr/lib/security/libpam_krb5.1
+dtaction account required /usr/lib/security/libpam_unix.1
+ftp account sufficient /usr/lib/security/libpam_krb5.1
+ftp account required /usr/lib/security/libpam_unix.1
+OTHER account required /usr/lib/security/libpam_unix.1
+#
+
+# Session management
+#
+login session sufficient /usr/lib/security/libpam_krb5.1
+login session required /usr/lib/security/libpam_unix.1
+dtlogin session sufficient /usr/lib/security/libpam_krb5.1
+dtlogin session required /usr/lib/security/libpam_unix.1
+dtaction session sufficient /usr/lib/security/libpam_krb5.1
+dtaction session required /usr/lib/security/libpam_unix.1
+OTHER session required /usr/lib/security/libpam_unix.1
+#
+
+# Password management
+#
+login password sufficient /usr/lib/security/libpam_krb5.1
+login password required /usr/lib/security/libpam_unix.1
+passwd password sufficient /usr/lib/security/libpam_krb5.1
+passwd password required /usr/lib/security/libpam_unix.1
+dtlogin password sufficient /usr/lib/security/libpam_krb5.1
+dtlogin password required /usr/lib/security/libpam_unix.1
+dtaction password sufficient /usr/lib/security/libpam_krb5.1
+dtaction password required /usr/lib/security/libpam_unix.1
+OTHER password required /usr/lib/security/libpam_unix.1
+</pre></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control">3.4.2.3. Configuring Access Control</h4></div></div></div><div class="para">
+					On HP-UX systems a PAM module called pam_authz is available which can be used to control login access to the system based on a user's group membership.
+				</div><div class="para">
+					Refer to the HP-UX documentation on pam_authz for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">3.4.3. Configuring SSH</h3></div></div></div><div class="para">
+				Before you can use SSH to connect to the IPA server without using a password, you need to install a suitable version of <code class="command">ssh</code>, and set up the correct authentication attributes in the SSH configuration file.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Ensure that you have version A.05.10.007 or later of <code class="command">ssh</code> installed. Navigate to the following URL to download a suitable version: 
+<pre class="screen"><a href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA</a></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Make the following changes to the <code class="filename">/etc/opt/ssh/ssh_config</code> file: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Remove any "PreferredAuthentications" entries.
+								</div></li><li class="listitem"><div class="para">
+									Add the following three lines: 
+<pre class="programlisting">Host *
+      GSSAPIAuthentication yes
+      PreferredAuthentications "gssapi-with-mic,publickey,password"
+</pre>
+
+								</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+										Ensure that you include the tab character before the "GSSAPIAuthentication" and "PreferredAuthentications" entries, and the double quotes around the "PreferredAuthentications" argument.
+									</div></div></div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Remove the <code class="filename">/etc/krb5.keytab</code> file.
+					</div></li><li class="listitem"><div class="para">
+						On the IPA server:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the HP-UX client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/hpuxipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Create the host keytab file.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver.example.com -p host/hpuxipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc</code>
+							</div></li><li class="listitem"><div class="para">
+								Copy this keytab to the HP-UX machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at hpuxipaclient.example.com:/etc/krb5/krb5.keytab </code>
+							</div></li></ol></div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">3.4.4. Configuring Access Control</h3></div></div></div><div class="para">
+				HP-UX systems provide a PAM module called pam_authz which can be used to control login access to the system based on a user's group membership. Refer to the following HP-UX pam_authz documentation for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+			</div><div class="para">
+				The following is a sample <code class="filename">/etc/opt/ldapux/pam_authz.policy</code> file: 
+<pre class="programlisting">
+# pam_authz.policy.template:
+#
+# An example file that could be copied over to /etc/opt/ldapux/pam_authz.policy.
+# pam_authz.policy is a local policy file that PAM_AUTHZ would use to help
+# determine which users would be allowed to login to the local host.
+#
+# In this template file, by default, the only active access rule is
+#     "allow:unix_local_user"
+# All the local users are authorized to login.
+#
+# The policy file contains one or more access rule. The format of an access
+# rule is &lt;action&gt;:&lt;type&gt;:&lt;object&gt;
+#
+# where   &lt;action&gt; could be "deny", "allow", "status"
+#                           "PAM_SUCCESS", "PAM_PERM_DENIED", "PAM_MAXTRIES"
+#                           "PAM_AUTH_ERR", "PAM_NEW_AUTHTOK_REQD",
+#                           "PAM_AUTHTOKEN_REQD, "PAM_CRED_INSUFFICIENT",
+#                           "PAM_AUTHINFO_UNAVAIL", "PAM_USER_UNKNOWN"
+#                           "PAM_ACCT_EXPIRED", "PAM_AUTHOK_EXPIRED"
+#
+#                           Note: "status" must use along with "rhds" or
+#                           "ads" &lt;type&gt;.
+#         &lt;type&gt;   could be "unix_user", "unix_local_user", "unix_group",
+#                           "netgroup", ldap_filter", "ldap_group"
+#                           "rhds" or "ads"
+#
+#                           Note: When &lt;type&gt; is set to "rhds" or "ads",
+#                           the &lt;action&gt; filed must set to "status".
+#         &lt;object&gt; contains search information. For example,
+#
+
+deny:unix_group:admins
+allow:unix_local_user
+</pre>
+
+			</div><div class="para">
+				This configuration will prevent the admin user from logging in, but local UNIX users can still log in.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">3.4.5. Testing the Configuration</h3></div></div></div><div class="para">
+				Use the following tests to validate the PAM and Kerberos configuration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client machine, run <code class="command">kinit admin</code> and enter the password.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div><div class="para">
+						<code class="command"># klist</code> (to verify that you received a valid ticket)
+					</div></li><li class="listitem"><div class="para">
+						From another Linux client machine, attempt to log in using SSH.
+					</div><div class="para">
+						<code class="command"> # ssh admin at hpuxipaclient.example.com </code>
+					</div><div class="para">
+						The admin user should be able to log in using SSH without being asked for a password.
+					</div></li></ul></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client console, at the login prompt, enter the Administrator's login ID and password. The admin user should be able to log in from the console.
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link sh to /bin/bash or modify admin to use /bin/sh or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_AIX">3.5. Configuring an AIX System as an IPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure AIX as an IPA client.
+		</div><div class="para">
+			Before starting the IPA installation, update your system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The IPA client installation process requires that an IPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Prerequisites"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Prerequisites">3.5.1. Prerequisites</h3></div></div></div><div class="para">
+				Before you begin the configuration, ensure that the following software is installed and up to date. This can be installed from your AIX media:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						v5.3 OS
+					</div></li><li class="listitem"><div class="para">
+						v5.3 Updates
+					</div></li><li class="listitem"><div class="para">
+						krb5 client packages
+					</div></li><li class="listitem"><div class="para">
+						openssh
+					</div></li><li class="listitem"><div class="para">
+						wget
+					</div></li><li class="listitem"><div class="para">
+						bash
+					</div></li><li class="listitem"><div class="para">
+						krb5 server
+					</div></li><li class="listitem"><div class="para">
+						ldap.client
+					</div></li><li class="listitem"><div class="para">
+						openssl
+					</div></li><li class="listitem"><div class="para">
+						modcrypt.base (for gssd)
+					</div></li></ul></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">3.5.2. Configuring Client Authentication</h3></div></div></div><div class="para">
+				Before you begin the following procedures, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the IPA master.
+			</div><div class="para">
+				The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Configure the krb5 client settings as follows:
+					</div><div class="para">
+						<code class="command"># mkkrb5clnt -r EXAMPLE.COM -d example.com -c ipaclient.example.com -s ipaserver.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Get a Kerberos ticket:
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure the LDAP client settings as follows:
+					</div><div class="para">
+						<code class="command"># mksecldap -c -h ipaserver.example.com -d cn=accounts,dc=example,dc=com -a uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com -p secret</code>
+					</div></li><li class="listitem"><div class="para">
+						In the <code class="filename">/etc/security/ldap</code> directory, create the following map files:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								IPAuser.map
+							</div><pre class="programlisting">#IPAuser.map file
+keyobjectclass  SEC_CHAR        posixaccount    s
+
+# The following attributes are required by AIX to be functional
+username        SEC_CHAR        uid     s
+id      SEC_INT uidnumber       s
+pgrp    SEC_CHAR        gidnumber       s
+home    SEC_CHAR        homedirectory   s
+shell   SEC_CHAR        loginshell      s
+gecos   SEC_CHAR        gecos   s
+spassword       SEC_CHAR        userpassword    s
+lastupdate      SEC_INT shadowlastchange        s
+</pre></li><li class="listitem"><div class="para">
+								IPAgroup.map
+							</div><pre class="programlisting">#IPAgroup.map file
+groupname       SEC_CHAR        cn      s
+id      SEC_INT gidNumber       s
+users   SEC_LIST        member  m
+</pre></li></ul></div></li><li class="listitem"><div class="para">
+						Modify the <code class="filename">/etc/security/ldap/ldap.cfg</code> file as follows. Remember to specify your own REALM and basedn values.
+					</div><pre class="programlisting">userbasedn:cn=users,cn=accounts,dc=example,dc=com
+groupbasedn:cn=groups,cn=accounts,dc=example,dc=com
+
+userattrmappath:/etc/security/ldap/IPAuser.map
+groupattrmappath:/etc/security/ldap/IPAgroup.map
+
+userclasses:posixaccount
+</pre></li><li class="listitem"><div class="para">
+						Start the LDAP client daemon:
+					</div><div class="para">
+						<code class="command"># start-secldapclntd</code>
+					</div></li><li class="listitem"><div class="para">
+						Test the LDAP client connection to the IPA server:
+					</div><div class="para">
+						<code class="command"># lsldap -a passwd </code>
+					</div></li><li class="listitem"><div class="para">
+						Add the following sections to the <code class="filename">/usr/lib/security/methods.cfg</code> file to configure the system login to use Kerberos and LDAP: 
+<pre class="programlisting">KRB5A:
+program = /usr/lib/security/KRB5A
+program_64 = /usr/lib/security/KRB5A_64
+options = authonly
+
+LDAP:
+program = /usr/lib/security/LDAP
+program_64 =/usr/lib/security/LDAP64
+
+KRB5ALDAP:
+options = auth=KRB5A,db=LDAP
+</pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Edit the <code class="filename">/etc/security/user</code> file, and modify the "default" section as follows: 
+<pre class="programlisting">SYSTEM = "KRB5ALDAP"
+registry = LDAP
+</pre>
+
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">3.5.3. Configuring Client SSH Access</h3></div></div></div><div class="para">
+				You can also configure the IPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. After configuring the IPA client, use the following procedure to configure the IPA client for SSH connections. Remember to replace the example host and domain names with your own host and domain name.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						SSH syslog configuration:
+					</div><pre class="programlisting">auth.info       /var/log/sshd.log
+auth.info       /var/log/sshd.log
+auth.crit       /var/log/sshd.log
+auth.warn       /var/log/sshd.log
+auth.notice     /var/log/sshd.log
+auth.err        /var/log/sshd.log
+</pre></li><li class="listitem"><div class="para">
+						SSH logging configuration:
+					</div><pre class="programlisting">SyslogFacility AUTH
+LogLevel INFO
+</pre></li><li class="listitem"><div class="para">
+						Configure sshd for GSSAPI (<code class="filename">/etc/ssh/sshd_config</code>)
+					</div><pre class="programlisting"># GSSAPI options
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+</pre></li><li class="listitem"><div class="para">
+						Restart sshd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s sshd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s sshd</code>
+					</div></li><li class="listitem"><div class="para">
+						Restart syslogd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s syslogd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s syslogd</code>
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ipa-admintools</span> package is not available for AIX. Consequently, you need to perform the following steps on the IPA server.
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/ipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the host keytab.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver -p host/ipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc </code>
+							</div></li><li class="listitem"><div class="para">
+								Copy the keytab from the server to the client.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at ipaclient.example.com:/tmp/krb5.keytab </code>
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						On the IPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab.
+					</div><pre class="screen"># ktutil
+ktutil: read_kt /tmp/krb5.keytab
+ktutil: write_kt /etc/krb5/krb5.keytab
+ktutil: q
+</pre></li><li class="listitem"><div class="para">
+						Add a user that is only used for authentication. (This can be substituted with krb5 auth if that works from the ldap client). Otherwise go to the IPA server and use <code class="command">ldapmodify</code>, bind as Directory Manager and create this user.
+					</div><pre class="programlisting">dn: uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com
+objectClass: account
+objectClass: simplesecurityobject
+objectClass: top
+uid: nss
+userPassword: Your own shared password here
+</pre></li><li class="listitem"><div class="para">
+						On the IPA server, get a ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin </code>
+					</div></li></ol></div><div class="para">
+				You should be able to log in as admin using SSH without providing a password.
+			</div><div class="para">
+				<code class="command"> # ssh admin at ipaclient.example.com </code>
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login">3.5.4. Testing System Login</h3></div></div></div><div class="para">
+				After you have completed the steps in <a class="xref" href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">Section 3.5.2, “Configuring Client Authentication”</a> and <a class="xref" href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">Section 3.5.3, “Configuring Client SSH Access”</a>, you should be able to log in as an IPA user on the AIX machine. Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="para">
+				On the system console, log in as an IPA user. After you have logged in, open a shell and run the following command:
+			</div><div class="para">
+				<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link <code class="command">sh</code> to <code class="command">/bin/bash</code> or modify admin to use <code class="command">/bin/sh</code> or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X">3.6. Configuring a Macintosh OS X System as an IPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure Macintosh OS X as an IPA client. These instructions are specific to Mac OS X 10.4 (Tiger). This version of the OS includes a partial install of the Kerberos tools you need by default, especially if you perform an upgrade from 10.1 or 10.2.
+		</div><div class="para">
+			Before starting the IPA installation, ensure that you update the system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The IPA client installation process requires that an IPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">3.6.1. Configuring Kerberos Authentication</h3></div></div></div><div class="para">
+				The current version of IPA does not provide for automatic configuration of Macintosh clients. Configuring authentication is a manual process, and is described in the following sections.
+			</div><div class="section" id="Configuring_Kerberos_Authentication-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Configuring_Kerberos">3.6.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configuring the Macintosh to use Kerberos for authentication with IPA is a two-step process: First, Kerberos needs to be correctly installed and configured, and second, the Kerberos authentication needs to be enabled.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Ensure that <code class="filename">/System/Library/CFMSupport/Kerberos</code> is version 4.2 or higher. If that directory does not exist or is the wrong version, install the Kerberos Extras support.
+						</div></li><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/System/Library/Coreservices/Kerberos</strong></span>
+						</div></li><li class="listitem"><div class="para">
+							From the <span class="guimenu"><strong>Edit</strong></span> menu, choose <span class="guimenuitem"><strong>Edit Realms</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Settings</strong></span> tab, enter the IPA server's Kerberos realm (for example, EXAMPLE.COM).
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Servers</strong></span> tab, leave two lines, whose hostnames you then need to replace with the IPA server's hostname (for example, ipaserver.example.com):
+						</div><pre class="programlisting">kdc  ipaserver.example.com 88
+admin ipaserver.example.com 749
+</pre></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Domains</strong></span> tab, replace the existing domains with the IPA server's actual domain (such as example.com):
+						</div><pre class="programlisting">.example.com
+example.com
+</pre></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>Make default</strong></span> to create the necessary configuration file, and then close the Kerberos tool.
+						</div><div class="para">
+							This step creates the <code class="filename">/Library/Preferences/edu.mit.kerberos</code> file, and it is recommended that you check this file manually to ensure that it is correct.
+						</div><div class="para">
+							This file should look similar to the following example. Remember to replace the example.com settings with your own IPA server name, Kerberos realm and domain details.
+						</div><pre class="programlisting">[domain_realm]
+example.com = EXAMPLE.COM
+.example.com = .EXAMPLE.COM
+
+[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = true
+dns_lookup_kdc = true
+ticket_lifetime = 24h
+forwardable = yes
+
+[realms]
+EXAMPLE.COM = {
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      kdc = ipaserver.example.com:88
+      }
+</pre></li></ol></div><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">3.6.1.2. Enabling Kerberos Authentication</h4></div></div></div><div class="para">
+					You now need to modify the <code class="filename">/private/etc/authorization</code> file to allow Kerberos authentication.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Log in as the admin user and launch the <span class="application"><strong>/Applications/Utilities/Terminal</strong></span> application.
+						</div></li><li class="listitem"><div class="para">
+							Change to the <code class="filename">/private/etc</code> directory and make a backup of the existing authorization file.
+						</div><div class="para">
+							<code class="command"># cd /private/etc</code>
+						</div><div class="para">
+							<code class="command"># cp -p authorization authorization_bak</code>
+						</div></li><li class="listitem"><div class="para">
+							Open the authorization file, and locate the string "system.login.console".
+						</div></li><li class="listitem"><div class="para">
+							Locate the <em class="parameter"><code>dict</code></em> entry below this string, and then locate the <em class="parameter"><code>mechanisms</code></em> entry.
+						</div></li><li class="listitem"><div class="para">
+							Change <em class="parameter"><code>authinternal</code></em> to <em class="parameter"><code>builtin:krb5authnoverify,privileged</code></em>
+						</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+								Several instances of <em class="parameter"><code>authinternal</code></em> may occur in this file. Ensure that you change the correct instance.
+							</div></div></div></li><li class="listitem"><div class="para">
+							Save and close the file.
+						</div></li><li class="listitem"><div class="para">
+							Restart the machine to enable Kerberos authentication.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">3.6.2. Configuring LDAP Authorization</h3></div></div></div><div class="para">
+				These instructions are specific to Mac OS X 10.4 (Tiger).
+			</div><div class="section" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">3.6.2.1. Creating the LDAP Configuration</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/Applications/Utilities/Directory Access</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Services</strong></span> tab, clear all check boxes except LDAPv3 and Bonjour.
+						</div></li><li class="listitem"><div class="para">
+							Select the <span class="guilabel"><strong>LDAPv3</strong></span> entry and click <span class="guibutton"><strong>Configure</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Ensure the <span class="guilabel"><strong>Add DHCP-supplied LDAP servers</strong></span> check box is not selected.
+						</div></li><li class="listitem"><div class="para">
+							Click the arrow next to the <span class="guilabel"><strong>Show Options</strong></span> label, and then click <span class="guibutton"><strong>New</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Server Name (for example, ipaserver.example.com).
+						</div></li><li class="listitem"><div class="para">
+							Clear the <span class="guilabel"><strong>Encrypt using SSL</strong></span> check box, and then click <span class="guibutton"><strong>Manual</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Configuration Name (for example, "IPA LDAP").
+						</div></li><li class="listitem"><div class="para">
+							Ensure that the <span class="guilabel"><strong>Enable</strong></span> check box is selected, and that the <span class="guilabel"><strong>SSL</strong></span> check box is cleared.
+						</div></li></ol></div></div><div class="section" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">3.6.2.2. Setting up the LDAP Service Configuration Options</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Select the newly-created LDAP configuration and then click <span class="guibutton"><strong>Edit</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Connection</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Open/close times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Query times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Re-bind attempted in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Connection idles out in: 1 minute
+								</div></li><li class="listitem"><div class="para">
+									Clear all check boxes
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Search &amp; Mappings</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Access this LDAP server using: CUSTOM
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, select <span class="guilabel"><strong>Default Attribute Types</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, select <span class="guilabel"><strong>RecordName</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added RecordName attribute, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "uid" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add a Users record, as follows:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Record Types</strong></span> option, select <span class="guilabel"><strong>Users</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added <span class="guilabel"><strong>Users</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "inetOrgPerson" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Search base</strong></span> field, type "dc=example,dc=com" (without the quotes), and select the <span class="guilabel"><strong>Search in all subtrees</strong></span> option.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add attributes to the Users record as appropriate for your deployment. The following is an example of the required procedure.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, and then use <span class="keycap"><strong>Command</strong></span>+<span class="mousebutton">Click</span> to select the attributes that you want to add. For example, a typical deployment might include the following attributes:
+								</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+											AuthenticationAuthority
+										</div></li><li class="listitem"><div class="para">
+											PrimaryGroupID
+										</div></li><li class="listitem"><div class="para">
+											RealName
+										</div></li><li class="listitem"><div class="para">
+											RecordName
+										</div></li><li class="listitem"><div class="para">
+											UniqueID
+										</div></li><li class="listitem"><div class="para">
+											UserShell
+										</div></li></ul></div></li><li class="listitem"><div class="para">
+									Click <span class="guibutton"><strong>OK</strong></span> to add the selected attributes to the <span class="guilabel"><strong>Users</strong></span> record.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Specify appropriate mappings for the attributes that you just added. For example:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Authentication Authority</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "#;Kerberosv5;;$uid$;EXAMPLE.COM" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map PrimaryGroupID to gidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map UniqueID to uidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Continue until all required entries have been mapped, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>OK</strong></span> to finish setting up the LDAP service configuration options.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">3.6.3. Configuring the LDAP Authorization Options</h3></div></div></div><div class="para">
+				You now need to add the LDAP service to the list of locations used to search for user authentication information.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the <span class="guilabel"><strong>Authentication</strong></span> tab, change the <span class="guilabel"><strong>Search</strong></span> value to <span class="guilabel"><strong>Custom path</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Select the configuration that you added in the Creating the LDAP Configuration step, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Click <span class="guibutton"><strong>Apply</strong></span> to update the LDAP configuration, and then exit the <span class="application"><strong>Directory Access</strong></span> application.
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">3.6.4. Configuring NTP</h3></div></div></div><div class="para">
+				Open the Date &amp; Time utility and point it to the IPA server URL to set the date and time automatically.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">3.6.5. Accessing the IPA Server Using SSH</h3></div></div></div><div class="para">
+				After configuring client authentication, you should be able to use SSH to connect to the IPA server without being prompted for a password.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						If you have a valid Kerberos ticket, SSH should proceed with GSSAPI authentication without asking for a password:
+					</div><pre class="programlisting"><span class="perl_Comment"># ssh admin at ipaserver.example.com</span></pre></li></ol></div></div><div class="section" id="Macintosh_OS_X-Configuring_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Macintosh_OS_X-Configuring_System_Login">3.6.6. Configuring System Login</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the Macintosh login window, log in as an IPA user.
+					</div></li><li class="listitem"><div class="para">
+						First, check the user ID to make sure that both the user and group IDs are correct for the current account.
+					</div><pre class="programlisting">$ <span class="perl_BString">id</span>
+
+<span class="perl_Others">uid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">gid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">groups=</span>3<span class="perl_Others">(</span>sys<span class="perl_Others">)</span>,100<span class="perl_Others">(</span>users<span class="perl_Others">)</span>,1070<span class="perl_Others">(</span>devel2<span class="perl_Others">)</span>,10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span></pre></li><li class="listitem"><div class="para">
+						Then, check that there is a valid Kerberos ticket. 
+<pre class="programlisting">$ klist
+
+Ticket cache: <span class="perl_BString">FILE</span>:/tmp/krb5cc_10678
+Default principal: jsmith at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+05/12/11 12:12:26  05/12/11 22:12:26  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+        renew <span class="perl_Keyword">until</span> 05/12/11 12:12:26
+
+
+Kerberos 4 ticket cache: /tmp/tkt10678
+klist: You have no tickets cached</pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					To open the Terminal application, navigate to <span class="application"><strong>Applications/Utilities/Terminal.app</strong></span> or use the keyboard shortcut <span class="keycap"><strong>Command-Shift-U</strong></span>. You can also drag the Terminal icon to the Dock to make it permanently available on your Desktop.
+				</div></div></div></div></div></div><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#using-the-ui">4.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">4.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">4.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="#logging-in">4.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="#switching-users">4.3. Switching Users</a></span></dt><dt><span cla
 ss="section"><a href="#ipa-files">4.4. A Summary of IPA Server Configuration Files and Directories</a></span></dt></dl></div><div class="section" id="using-the-ui"><div class="titlepage"><div><div><h2 class="title" id="using-the-ui">4.1. Using the IPA UI</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">4.1.1. Using a Browser on Another System</h3></div></div></div><div class="para">
+				If you are unable, or prefer not, to update <code class="filename">/etc/krb5.conf</code> with the IPA realm information, you can create another copy and set an appropriate environment variable. You can then run <code class="command">kinit</code> as before and use your browser to connect to IPA. This is especially useful if you need to manage multiple realms, and if you have overlapping domains.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					This procedure is not necessary if you use <code class="command">ipa-client-install</code> to set up your client.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_a_Browser_on_Another_System-To_set_up_a_browser_on_another_system_that_already_has_Kerberos_set_up_for_a_different_realm"><h6>Procedure 4.1. To set up a browser on another system that already has Kerberos set up for a different realm:</h6><ol class="1"><li class="step"><div class="para">
+						Copy the <code class="filename">/etc/krb5.conf</code> file from the IPA server to the client system. Do not overwrite the existing <code class="filename">krb5.conf</code> file. Run the following command on the IPA server:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"> # scp /etc/krb5.conf root at ipaclient:/etc/krb5_ipa.conf </code></pre>
+
+					</div></li><li class="step"><div class="para">
+						On the IPA client, open a shell and run the following commands: 
+<pre class="screen"><code class="command">$ export KRB5_CONFIG=/etc/krb5_ipa.conf</code>
+<code class="command">$ kinit user at EXAMPLE.COM</code>
+<code class="command">$ /usr/bin/firefox</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure and test <span class="application"><strong>Firefox</strong></span>.
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">4.1.2. Enabling Username/Password Authentication in Your Browser</h3></div></div></div><div class="para">
+				If Kerberos authentication fails, the browser login will also fail, preventing access to the IPA web interface. You can configure IPA to display a username/password authentication dialog box if this situation occurs.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Enabling_UsernamePassword_Authentication_in_Your_Browser-To_enable_failover_to_usernamepassword_authentication"><h6>Procedure 4.2. To enable failover to username/password authentication:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file, and change the <em class="parameter"><code>KrbMethodK5Passwd</code></em> attribute from <code class="literal">off</code> to <code class="literal">on</code>.
+					</div></li><li class="step"><div class="para">
+						Restart the <code class="systemitem">httpd</code> service: 
+<pre class="screen"><code class="command"># service httpd restart</code></pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							You need to perform this procedure on all of the IPA servers in your deployment.
+						</div></li><li class="listitem"><div class="para">
+							This change may not be preserved between IPA updates.
+						</div></li></ul></div></div></div></div></div><div class="section" id="logging-in"><div class="titlepage"><div><div><h2 class="title" id="logging-in">4.2. Logging into the IPA UI</h2></div></div></div><div class="para">
+			To be able to perform any administrative task you need to authenticate to the server. During the configuration step you were prompted to create two users. The first of these, <code class="literal">Directory Manager</code>, is the superuser, used to perform rare, low-level tasks. The second user, <code class="literal">admin</code>, is used to perform normal administrative activities.
+		</div><div class="para">
+			To authenticate as the <code class="literal">admin</code> user:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Open a new terminal window. This is to ensure that all default aspects of the environment (especially paths) are set correctly.
+				</div></li><li class="step"><div class="para">
+					In this window, type <code class="command">kinit admin</code>.
+				</div></li><li class="step"><div class="para">
+					When you are prompted to enter a password, use the password that you specified during the configuration step for the <code class="literal">admin</code> user.
+				</div></li></ol></div><div class="para">
+			As a result of this operation you will acquire what is known as a Kerberos <em class="firstterm">ticket</em>. You can use the <code class="command">klist</code> command to inspect the details of the ticket that you have acquired.
+		</div><div class="para">
+			You can now authenticate using the newly-created user and temporary password. Type <code class="command">kinit &lt;user login&gt;</code> to log in to IPA. This will prompt you for a password and then immediately request a password change.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The <span class="application"><strong>Kerberos</strong></span> client libraries used by the <code class="command">kinit</code> utility have some limitations. One of these limitations is the fact that the on-disc ticket storage is overwritten with any new invocation of <code class="command">kinit</code>. This means that if you authenticated as <code class="systemitem">admin</code>, then added user <code class="systemitem">foo</code>, set their password and then tried to authenticate as that user, the administrator's ticket would be lost. To prevent this from happening, a special environment variable, <code class="varname">KRB5CCNAME</code>, can be used. This allows you to keep credential caches separate in different shells. Refer to the <code class="command">kinit</code> man page for more information.
+			</div></div></div><div class="para">
+			You can browse the IPA man pages and help system to explore other IPA commands. Please take some time to become familiar with the ways other IPA objects can be created and modified.
+		</div></div><div class="section" id="switching-users"><div class="titlepage"><div><div><h2 class="title" id="switching-users">4.3. Switching Users</h2></div></div></div><div class="para">
+			One of the main advantages of IPA is that it uses <code class="systemitem">Kerberos</code> for authentication. This means that if the machine is configured to use IPA as an authentication server and you have an IPA account, then once you have logged in to the machine and authenticated, you can reuse your <code class="systemitem">Kerberos</code> credentials to access other services in the IPA domain. This avoids the need to constantly re-enter your password to access different services.
+		</div><div class="para">
+			For example, to connect to the IPA web interface, you can enter the server's address in your browser and it will use your <code class="systemitem">Kerberos</code> ticket to authenticate against IPA. Similar functionality is available if you try to access a file share, a wiki or any other application that is configured to be a <code class="systemitem">Kerberos</code> service in the IPA domain.
+		</div><div class="para">
+			If you log in to a machine using an account different from your IPA account, use the <code class="command">kinit</code> command to establish your <code class="systemitem">Kerberos</code> credentials. Similarly, if you need to log in to IPA as a different user, perhaps in another user role or as the administrator, you need to replace your existing credentials with those of the new user. Currently you can only store one set of tickets per logged-in user, and they are the credentials that will be used when you log in to IPA.
+		</div><div class="para">
+			For example, if your local account name is <code class="systemitem">localUser</code> but your IPA account name is <code class="systemitem">ipaUser</code>, run the following command, and enter your password when prompted:
+		</div><pre class="screen">$ kinit ipaUser
+Password for ipaUser at EXAMPLE.COM:
+</pre><div class="para">
+			This establishes your <code class="systemitem">Kerberos</code> credentials on the local machine. You can use the <code class="command">klist</code> command to verify that you received a <em class="firstterm">ticket granting ticket (TGT)</em> from the server. This should return output similar to the following:
+		</div><pre class="screen">$ klist
+Ticket cache: FILE:/tmp/krb5cc_500
+Default principal: ipaUser at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+11/10/08 15:35:45  11/11/08 15:35:45  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+
+Kerberos 4 ticket cache: /tmp/tkt500
+klist: You have no tickets cached
+</pre><div class="para">
+			You should now be able to connect to the IPA web interface. If you were already connected to the web interface as another user, refresh the browser to display the updated details for the new user.
+		</div><div class="para">
+			If you configured <code class="systemitem">SSSD</code> or <code class="systemitem">pam_krb5</code> on the machine with IPA, then the ticket is created for you when you log in to the machine requires authentication (for example, <code class="command">sudo</code>).
+		</div></div><div class="section" id="ipa-files"><div class="titlepage"><div><div><h2 class="title" id="ipa-files">4.4. A Summary of IPA Server Configuration Files and Directories</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div></div><div xml:lang="en-US" class="chapter" id="managing-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Managing Clients in the IPA Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">5.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">5.1.1. Adding Hosts to an IPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">5.1.2. Removing Hosts from an IPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">5.1.3. Managing DNS Zones</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Gu
 ide-Managing_DNS_Zones-Adding_DNS_Zones">5.1.3.1. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">5.1.3.2. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">5.1.3.3. Deleting Records from DNS Zones</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#enrolling-machines">5.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">5.2.1. Manual Host Enrollment with Privileged Administrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">5.2.2. Manual Host Enrollment with Separati
 on of Duties</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">5.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="#renaming-machines">5.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="#config-virt-machines">5.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="#certs">5.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">5.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">5.6. Client Problems</a></span></dt><dt><span class="section"><a href="#uninstalling-clients">5.7. Uninstalling an IPA Client</a>
 </span></dt></dl></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">5.1. Working with DNS</h2></div></div></div><div class="para">
+			A number of benefits exist if you take advantage of IPA's ability to automatically install and configure a DNS, in particular the ability to ease the modification of DNS records when adding hosts to IPA. For example, options exist to add and remove IP addresses, A entries, PTR entries, etc. These options are not available if you are not using an IPA-based DNS.
+		</div><div class="para">
+			IPA stores all DNS information as discrete records in LDAP, and communicates with LDAP using the <span class="package">bind-dyndb-ldap</span> plug-in and the <code class="filename">install/share/60basev2.ldif</code> schema. You can install and configure the DNS as part of the IPA server installation, using the <code class="option">--setup-dns</code> option, or you can add it later using the <code class="command">ipa-dns-install</code> command.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				The following options are currently only available with IPv4 addresses.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">5.1.1. Adding Hosts to an IPA DNS</h3></div></div></div><div class="para">
+				If you are using an IPA-based DNS system, you can use the <code class="option">--ip-address</code> and <code class="option">--force</code> options to the <code class="command">ipa host-add</code> command to provide the IP address and hostname of the IPA machine to the DNS. For example, 
+<pre class="screen"><code class="command">$ ipa host-add --force --ip-address=192.168.166.31 puma.example.com </code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">5.1.2. Removing Hosts from an IPA DNS</h3></div></div></div><div class="para">
+				IPA provides the <code class="command">ipa host-del</code> command to delete IPA hosts. You can pass the <code class="option">--updatedns</code> option to this command to remove the associated records from the DNS. It will attempt to remove any record, A, AAAA, PTR, NS, SRV, and other entries that reference this host. For example, 
+<pre class="screen"><code class="command">$ ipa host-del --updatedns puma</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">5.1.3. Managing DNS Zones</h3></div></div></div><div class="para">
+				IPA provides all the necessary commands to create and manage zones in an IPA-managed DNS server. You can create and delete zones and add entries to any of these zones using the appropriate IPA commands.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">5.1.3.1. Adding DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnszone-add</code> command to add a new zone to your DNS server. You can pass optional attributes on the command line, and you will be prompted for any required information. The following example demonstrates adding a new zone to your top-level domain.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You need to restart the <code class="systemitem">named</code> service whenever you create a new zone, otherwise the DNS server will not reply successfully to queries asking for records in the new zone. This is a one-time operation; any subsequent changes to the zone do not require any further action to be effective.
+					</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_add_the_sub_domain_translation_to_the_ipadocs.org_domain"><h6>Procedure 5.1. To add the sub-domain "translation" to the ipadocs.org domain</h6><ol class="1"><li class="step"><div class="para">
+							Ensure you have a valid Kerberos ticket: 
+<pre class="screen"><code class="command">$ kinit admin</code>
+Password for admin at IPADOCS.ORG:</pre>
+
+						</div></li><li class="step"><div class="para">
+							Run the following command to add the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-add translation.ipadocs.org</code></pre>
+
+						</div></li><li class="step"><div class="para">
+							Reload the <code class="systemitem">named</code> service (ensure you have <code class="systemitem">root</code> privileges): 
+<pre class="screen"><code class="command"># service named reload</code></pre>
+
+						</div></li></ol></div><div class="para">
+					Use the <code class="command">ipa dnszone-show</code> command to display details about the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-show translation.ipadocs.org</code>
+  Zone name: translation.ipadocs.org
+  Authoritative name server: ipaserver.ipadocs.org.
+  Administrator e-mail address: root.translation.ipadocs.org.
+  SOA serial: 2011090201
+  SOA refresh: 3600
+  SOA retry: 900
+  SOA expire: 1209600
+  SOA minimum: 3600
+  Active zone: TRUE</pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><h5 class="formalpara">Using Dynamic DNS Updates</h5>
+						Dynamic DNS updates are not enabled by default for new DNS zones served by IPA; that is, zones added by the <code class="command">ipa dnszone-add</code> command. This may lead to errors in the <code class="command">ipa-client-install</code> script when it joins this domain and tries to add a DNS record pointing to this new client.
+					</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_enable_dynamic_DNS_updates"><h6>Procedure 5.2. To enable dynamic DNS updates</h6><ul><li class="step"><div class="para">
+							Use the following command to enable dynamic updates:
+						</div><pre class="screen"><code class="command">$ ipa dnszone-mod clients.example.com --allow-dynupdate \ </code>
+                        <code class="command">--update-policy="grant TESTRELM krb5-self * A; grant TESTRELM krb5-self * AAAA;"</code></pre><div class="para">
+							In this example, <code class="systemitem">clients.example.com</code> is the custom DNS domain managed by the IPA server and TESTRELM is the Kerberos realm.
+						</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">5.1.3.2. Adding Records to DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-add</code> command to add various types of records to DNS zones. The following examples demonstrate adding some of these types of records.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv4_Type_A_Resource_Records"><h5 class="formalpara">Adding IPv4 (Type A) Resource Records</h5>
+						Type A resource records map hostnames to IPv4 addresses. To add a type A resource record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165</code></pre>
+						 This creates the record <code class="uri">www.example.com</code> with the IP address 10.64.14.165. Refer to <a href="http://tools.ietf.org/html/rfc1035">http://tools.ietf.org/html/rfc1035</a> for detailed information on Type A resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv6_Type_AAAA_Resource_Records"><h5 class="formalpara">Adding IPv6 (Type AAAA) Resource Records</h5>
+						Type AAAA resource records (<em class="firstterm">quad-A records)</em> map hostnames to IPv6 addresses. Uses the same command syntax to add AAAA resource records, as follows: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+						 This creates the same record as in the previous example but with an IPv6 address. Refer to <a href="http://tools.ietf.org/html/rfc3596">http://tools.ietf.org/html/rfc3596</a> for detailed information on Type AAAA resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_Service_SRV_Resource_Records"><h5 class="formalpara">Adding Service (SRV) Resource Records</h5>
+						<em class="firstterm">Service (SRV) resource records</em> map service names, for example, LDAP, to the DNS name of the server that is providing that particular service. Use the <code class="command">ipa dnsrecord-add</code> command to add SRV records to the DNS database. You need to add these records using a particular format for both the name of the record and the associated RDATA. For example: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="0 100 389 ipaserver.ipadocs.org"</code>
+<code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="1 100 389 ipareplica.ipadocs.org"</code></pre>
+
+					</div><div class="para">
+					Each record must be entered using the format <em class="replaceable"><code>_service._protocol</code></em>. RDATA is entered using the format <em class="replaceable"><code>"priority weight port target"</code></em>. Refer to <a href="http://tools.ietf.org/html/rfc2782">http://tools.ietf.org/html/rfc2782</a> for a detailed explanation.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa dnsrecord-add</code> command only creates forward entries, not reverse entries.
+					</div></div></div><div class="para">
+					IPA DNS integration supports the following DNS record types: 
+<pre class="programlisting">A, AAAA, A6, AFSDB, APL, CERT, CNAME, DHCID, DLV, DNAME, DNSKEY, DS, HIP, IPSECKEY, KX, LOC,
+MX, NAPTR, NS, NSEC, NSEC3, NSEC3PARAM, PTR, RRSIG, RP, SIG, SPF, SRV, SSHFP, TA, TXT</pre>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">5.1.3.3. Deleting Records from DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-del</code> command to remove records from DNS zones. The following examples demonstrate how to remove the records added in the preceding examples.
+				</div><div class="para">
+					To remove the A type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --a-rec 10.64.14.213</code></pre>
+
+				</div><div class="para">
+					To remove the AAAA type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+
+				</div><div class="para">
+					Alternatively, you can use the <code class="option">--del-all</code> option to remove all associated records.
+				</div><div class="para">
+					You can also delegate zones if you want to allow other areas of your company intranet to reach your DNS server, or if you want to allow access from outside your firewalls. Refer to the <a href="http://www.isc.org/software/bind/documentation">ISC BIND documentation</a> for further information.
+				</div><div class="para">
+					Refer to the <code class="command">ipa help dns</code> help page for more information about working with DNS and IPA.
+				</div></div></div></div><div class="section" id="enrolling-machines"><div class="titlepage"><div><div><h2 class="title" id="enrolling-machines">5.2. Enrolling Machines</h2></div></div></div><div class="para">
+			Enrollment is the process whereby a host entry is created and saved in the directory server, and a keytab for that host entry is generated on the server and provisioned to the client. This keytab is saved with specific ownership and permission properties in a specific directory on the client.
+		</div><div class="para">
+			With the host entry successfully created and the keytab in place, enrollment is complete and the client machine can now automatically connect to and communicate with the IPA server.
+		</div><div class="para">
+			The enrollment process itself is performed by the <code class="command">ipa-client-install</code> command, part of the <span class="package">ipa-client</span> package. After installing the client packages, the system administrator invokes this command, providing their Kerberos credentials as parameters. The <code class="command">ipa-client-install</code> command authenticates against IPA using these credentials.
+		</div><div class="para">
+			The actual steps that constitute the enrollment process are not consistent. Instead, they depend on the enrollment scenario being implemented. IPA currently supports the following enrollment scenarios: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Manual host enrollment with privileged administrator
+					</div></li><li class="listitem"><div class="para">
+						Manual enrollment with separation of duties
+					</div></li><li class="listitem"><div class="para">
+						Bulk host deployment
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These are examined in more detail below.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">5.2.1. Manual Host Enrollment with Privileged Administrator</h3></div></div></div><div class="para">
+				This scenario implements the following sequence of operations: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							The Administrator logs into the machine that they want to enroll with IPA.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator installs the IPA client packages on that machine.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator runs the <code class="command">ipa-client-install</code> command, providing their Kerberos credentials as parameters.
+						</div><div class="para">
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										The <code class="command">ipa-client-install</code> command authenticates against IPA using the administrator's credentials.
+									</div></li><li class="listitem"><div class="para">
+										The host entry for the machine is synthesized and saved in the directory server.
+									</div></li><li class="listitem"><div class="para">
+										The keytab is generated on the server and provisioned to the client machine.
+									</div></li></ul></div>
+
+						</div></li><li class="listitem"><div class="para">
+							The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+						</div></li></ol></div>
+
+			</div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the IPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">5.2.2. Manual Host Enrollment with Separation of Duties</h3></div></div></div><div class="para">
+				This scenario assumes that there are different administrators with different levels of privileges regarding host-related operations. One administrator (A) can add and edit host entries, and thus enroll the hosts as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">Section 5.2.1, “Manual Host Enrollment with Privileged Administrator”</a>. The second administrator (B) has insufficient permissions to create host entries, but is allowed to enroll machines. The following sequence of operations is engaged:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Administrator A authorizes enrollment of a host by creating the host entry in the back end using the webUI or command-line script.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B installs the IPA client packages on the machine.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B invokes the enrollment script, providing their Kerberos credentials as parameters to the script.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script authenticates against IPA using Administrator B's credentials.
+								</div></li><li class="listitem"><div class="para">
+									The keytab is generated on the server and provisioned to the client machine.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+					</div></li></ol></div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the IPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">5.2.3. Bulk Host Deployment</h3></div></div></div><div class="para">
+				This scenario is very useful for automatic provisioning of multiple hosts (or virtual machines). In this scenario you can pre-create a number of hosts on the IPA server and set passwords on them. You can use your kickstart operation to perform the enrollment. For example, the <span class="application"><strong>cobbler</strong></span> utility makes this relatively easy because you can store variables in the <span class="application"><strong>cobbler</strong></span> system configuration.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There are two ways to set the password. You can either supply your own or have IPA generate a random one.
+				</div></div></div><div class="para">
+				This scenario implies the following sequence of operations:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						The host entry is pre-created on the IPA server. This can be done using:
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The webUI – manually
+								</div></li><li class="listitem"><div class="para">
+									The command line interface – manually or using a script
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						When the entry is created a user password is set to a suitable value.
+					</div></li><li class="listitem"><div class="para">
+						The password is set to expire after the first authentication in the same way as the user password after it has been reset by an administrator.
+					</div></li><li class="listitem"><div class="para">
+						The bulk provisioning scripts and tools (such as kickstart) will be hard coded to use the same password that was used to create host entries on the server side.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script (kickstart) installs the IPA packages.
+								</div></li><li class="listitem"><div class="para">
+									The script (kickstart) runs the enrollment script and passes in the password.
+								</div></li><li class="listitem"><div class="para">
+									The enrollment script connects to the IPA server using the provided password and a bind DN derived from the machine name. It then authenticates using a simple bind over SSL.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Because the password is set to expire, the Kerberos keytab will be generated and the password attribute cleared.
+					</div></li></ol></div></div></div><div class="section" id="renaming-machines"><div class="titlepage"><div><div><h2 class="title" id="renaming-machines">5.3. Renaming Machines</h2></div></div></div><div class="para">
+			The hostname of a system is critical for the correct operation of Kerberos and SSL. Both of these security mechanisms rely on the hostname to ensure that communication is occurring between the specified hosts, and that no "man-in-the-middle" or other attacks are affecting the system.
+		</div><div class="para">
+			In an environment where virtual machines are commonplace, or perhaps in a clustered environment, copying, moving, and renaming hosts could be quite common, resulting in frequent demands for renames of machines.
+		</div><div class="para">
+			Red Hat Enterprise Linux does not provide a simple rename command to facilitate the renaming of an IPA host. Renaming a host in an IPA domain involves deleting the entry in IPA, uninstalling the client software, changing the hostname, and re-enrolling using the new name.
+		</div><div class="para">
+			Due to the nature of service principals, renaming hosts also requires the regeneration of service principals. Each service has a Kerberos principal in the form of <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;@&lt;REALM&gt;</code>, for example, <code class="systemitem">ldap/server.example.com at EXAMPLE.COM</code>. This principal can be referred to as a "service principal". In some cases the <code class="systemitem">@&lt;REALM&gt;</code> is omitted, leaving only <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;</code>. (The "/" is a "slash" separator, not an "or" operator.)
+		</div><div class="para">
+			The following procedure renames the host <code class="systemitem">server.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code>, to the new hostname <code class="systemitem">master.example.com</code>. This procedure uses example file names, hostnames and domain names throughout; you need to update these examples to suit your own environment.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine"><h6>Procedure 5.3. To rename an IPA machine:</h6><ol class="1"><li class="step"><div class="para">
+					Identify which services are running on the machine. These need to be re-created when the machine is re-enrolled: 
+<pre class="screen"><code class="command"># ipa service-find server.example.com</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Each host has a default service which does not appear in the list of services. This service can be referred to as the "host service". The service principal for the host service is <code class="systemitem">host/&lt;hostname&gt;</code>, for example, <code class="systemitem">host/server.example.com</code>. This principal can also be referred to as the "host principal".
+					</div></div></div></li><li class="step"><div class="para">
+					Identify all host groups to which this machine belongs: 
+<pre class="screen"><code class="command"># ipa hostgroup-find server.example.com</code></pre>
+
+				</div><div class="para">
+					Identify which of these services have certificates associated with them. The <code class="systemitem">host</code> service always has an associated certificate, so no further action is required for this service.
+				</div></li><li class="step"><div class="para">
+					For any principals in addition to the standard <code class="systemitem">host</code> principal, you need to determine the location of the corresponding keytabs for these services on <code class="systemitem">server.example.com</code>. The keytab location is different for each service, and IPA does not store this information.
+				</div></li><li class="step"><div class="para">
+					On <code class="systemitem">server.example.com</code>, un-enroll from the IPA domain: 
+<pre class="screen"><code class="command"># ipa-client-install --uninstall</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					For each identified keytab other than <code class="filename">/etc/krb5.keytab</code>, remove the old principals: 
+<pre class="screen"><code class="command"># ipa-rmkeytab -k /path/to/keytab -r EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					On another machine using <code class="systemitem">admin</code> (or delegated) credentials, remove the host. This will remove all services and revoke all certificates issued for this host via those services: 
+<pre class="screen"><code class="command"># ipa host-del server.example.com</code></pre>
+
+				</div><div class="para">
+					At this point the host has been completely removed from IPA, and can be recreated with the new name.
+				</div></li><li class="step"><div class="para">
+					Rename the machine to <code class="systemitem">master.example.com</code>.
+				</div></li><li class="step"><div class="para">
+					Re-enroll with IPA: 
+<pre class="screen"><code class="command"># ipa-client-install</code></pre>
+
+				</div><div class="para">
+					This generates a <code class="systemitem">host</code> principal for <code class="systemitem">master.example.com</code> in <code class="filename">/etc/krb5.keytab</code>.
+				</div></li><li class="step"><div class="para">
+					For every service that needs a new keytab, run the following command: 
+<pre class="screen"><code class="command"># ipa service-add &lt;service name&gt;/master.example.com</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					If you need certificates for services, use either <code class="command">certmonger</code> or the IPA administration tools.
+				</div></li><li class="step"><div class="para">
+					Re-add the host to any applicable host groups.
+				</div></li></ol></div></div><div class="section" id="config-virt-machines"><div class="titlepage"><div><div><h2 class="title" id="config-virt-machines">5.4. Reconfiguring Virtual Machines</h2></div></div></div><div class="para">
+			There are two cases where it might be necessary to reconfigure a VM enrolled in an IPA domain: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The VM is copied.
+					</div></li><li class="listitem"><div class="para">
+						The VM is migrated from one IPA domain to another.
+					</div><div class="para">
+						This means that there is an IPA configuration that needs to be removed and the machine needs to be enrolled in the new realm.
+					</div></li></ul></div>
+
+		</div><div class="para">
+			In each case, the procedure is identical to that described for renaming an IPA machine: <a class="xref" href="#proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine">Procedure 5.3, “To rename an IPA machine:”</a>. Although it is possible to <span class="emphasis"><em>not</em></span> completely unconfigure the client, there is no real downside to doing this (that is, running the <code class="command">ipa-client-install --uninstall</code> command).
+		</div><div class="para">
+			If you cannot use the <code class="command">ipa-client-install --uninstall</code> command, or it is failing for some reason, use the following manual procedure to remove the IPA configuration from the client. Bear in mind, however, that this procedure cannot be undone:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Remove the old hostname from the main keytab. This method removes *ALL* principals in the domain: 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -r EXAMPLE.COM</code></pre>
+
+				</div><div class="para">
+					To remove on a per-principal basis (per-principal and per-encryption type): 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -p host/server.example.com at EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Disable certificate tracking in <code class="systemitem">certmonger</code>: 
+<pre class="programlisting"><code class="command">$ ipa-getcert stop-tracking -n Server-Cert -d /etc/pki/nssdb</code></pre>
+
+				</div><div class="para">
+					If there are any additional certificates being tracked by <code class="systemitem">certmonger</code>, you need to perform this step for each nickname and database pair.
+				</div></li><li class="step"><div class="para">
+					Remove the old host from IPA. This is not strictly required but it is certainly cleaner. 
+<pre class="programlisting"><code class="command">$ ipa host-del <em class="replaceable"><code>HOSTNAME</code></em></code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Add the new host to IPA, or re-join using administrator privileges: 
+<pre class="programlisting"><code class="command">$ ipa-join</code></pre>
+
+				</div></li></ol></div></div><div class="section" id="certs"><div class="titlepage"><div><div><h2 class="title" id="certs">5.5. Configuring Certificate-Based Machine Authentication</h2></div></div></div><div class="para">
+			IPA v2 extends the scope of authentication to include machines on the network. Machine authentication is required for the IPA server to trust the machine and to accept IPA connections from the client software installed on that machine. After authenticating the client, the IPA server can respond to its requests.
+		</div><div class="para">
+			IPA supports two different approaches to machine authentication: Key Tables (or <em class="firstterm">keytabs</em>, a symmetric key resembling to some extent a user password); and Machine Certificates. IPA clients use XML-RPC calls to request keytabs and certificates. Keys and certificate requests are generated on machines applying for certificates. Certificates are generated by the CA, in response to certificate requests submitted to IPA and stored in IPA's DS, and at the same time delivered to the machine for use in PKI machine authentication.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">5.5.1. Authentication Usage Scenarios</h3></div></div></div><div class="para">
+				Usage scenarios are split into the following categories:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Deployment of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Authentication using machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Revocation of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Renewal of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Recovery from destruction of IPA server
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">5.6. Client Problems</h2></div></div></div><div class="para">
+			If you are unable to log into a machine or the standard NSS tools fail to return user and group information (for example, <code class="command">getent passwd admin</code> fails), inspect the SSSD logs in <code class="filename">/var/log/sssd/</code>. You should start with the log file for your domain (<code class="filename">sssd_example.com.log</code>).
+		</div><div class="para">
+			To increase the log level, set <code class="varname">debug_level</code> = 9 in the <code class="literal">[domain/<em class="replaceable"><code>example.com</code></em>]</code> section of the <code class="filename">/etc/sssd/sssd.conf</code> file, and restart the <code class="systemitem">sssd</code> daemon for this change to take effect. Monitor the <code class="filename">/var/log/sssd/sssd_example.com.log</code> file for any relevant information.
+		</div></div><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">5.7. Uninstalling an IPA Client</h2></div></div></div><div class="para">
+			For Red Hat Enterprise Linux clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the IPA domaine. To remove the client, use the <code class="option">--uninstall</code> option.
+		</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --uninstall</span></pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				There is an uninstall option with the <code class="command">ipa-join</code> command. This is called by <code class="command">ipa-client-install --uninstall</code> as part of the uninstallation process. However, while the <code class="command">ipa-join</code> option removes the client from the domain, it does not actually uninstall the client or properly remove all of the IPA-related configuration. Do not run <code class="command">ipa-join -u</code> to attempt to uninstall the IPA client. The only way to uninstall a client completely is to use <code class="command">ipa-client-install --uninstall</code>.
+			</div></div></div></div></div><div xml:lang="en-US" class="chapter" id="users" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Managing Users and User Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#home-directories">6.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="#adding-users">6.2. Adding Users</a></span></dt><dt><span class="section"><a href="#editing-users">6.3. Editing Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">6.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">6.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_
 Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">6.5. Deleting IPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">6.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#user-groups">6.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">6.6.1. Creating IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">6.6.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">6.6.2. Editing IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Editing_IP
 A_Groups-Using_the_Command_Line">6.6.2.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">6.6.3. Deleting IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">6.6.3.1. Using the Command Line</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#user-pwdpolicy">6.7. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">6.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">6.7.2. Changing Passwords as the IPA Administrator</a></span
 ></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">6.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">6.7.4. Editing the Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">6.7.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">6.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the
 _Priority_of_Password_Policies">6.7.5.1. Setting the Priority of Password Policies</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">6.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">6.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">6.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">6.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="#searching">6.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="se
 ction"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">6.8.1. Searching for Users</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">6.8.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">6.8.2. Searching for Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">6.8.2.1. Using the Command Line</a></span></dt></dl></dd></dl></dd></dl></div><div class="section" id="home-directories"><div class="titlepage"><div><div><h2 class="title" id="home-directories">6.1. Managing User Home Directories</h2></div></div></div><div class="para">
+			IPA, as part of managing users, can manage user home directories. However, the IPA server has expectations about 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The default prefix for users' home directories is <code class="filename">/home</code>.
+					</div></li><li class="listitem"><div class="para">
+						IPA does not automatically create home directories when users log in.
+					</div><div class="para">
+						To automatically create home directories, you can use the <code class="systemitem module">pam_mkhomedir</code> module. IPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+					</div><div class="para">
+						Pass the <code class="option">--mkhomedir</code> option to the <code class="command">ipa-client-install</code> command to enable the <code class="systemitem">pam_mkhomedir</code> module.
+					</div></li><li class="listitem"><div class="para">
+						It is possible to use an NFS file server that provides <code class="filename">/home</code> that can be made available to all client machines.
+					</div></li><li class="listitem"><div class="para">
+						If a suitable directory and mechanism are not available for the creation of home directories, users may not be able to log in.
+					</div></li></ul></div>
+
+		</div></div><div class="section" id="adding-users"><div class="titlepage"><div><div><h2 class="title" id="adding-users">6.2. Adding Users</h2></div></div></div><div class="para">
+			IPA supports a wide range of <span class="property">username</span> formats, but you need to be aware of any restrictions that may apply to your particular environment. For example, a <span class="property">username</span> that starts with a digit may cause problems for some UNIX systems.
+		</div><div class="para">
+			The range of <span class="property">username</span> formats supported by IPA can be described by the following regular expression:
+		</div><pre class="screen"><code class="command">[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]</code></pre><div class="para">
+			The trailing $ symbol is permitted for Samba 3.x machine support.
+		</div><div class="para">
+			Use the <code class="command">ipa user-add</code> command to add users to IPA. You can pass attributes directly on the command line, or run the command with no parameters to enter interactive mode. Interactive mode prompts you to enter the basic attributes required to add a new user. You can add further attributes using the <code class="command">ipa user-mod</code> command. Use the <code class="command">ipa user-mod --list</code> command to view a list of the attributes that you can modify using this command.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_the_Command_Line-To_create_the_user_jlamb_using_the_command_line"><h6>Procedure 6.1. To create the user <code class="systemitem">jlamb</code> using the command line:</h6><ul><li class="step"><div class="para">
+					Open a shell and run the following command:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command">$ ipa user-add jlamb --first=John --last=Lamb --password</code></pre>
+
+				</div><div class="para">
+					This will prompt for a password and then complete the new entry with default values.
+				</div></li></ul></div><div class="para">
+			The following example illustrates using the <code class="command">ipa user-add</code> command in interactive mode to create a user account:
+		</div><pre class="screen"># ipa user-add
+First name: Jinny
+Last name: Pattanajee
+User login [jpattanajee]: jpattan
+--------------------
+Added user "jpattan"
+--------------------
+User login: jpattan
+First name: Jinny
+Last name: Pattanajee
+Home directory: /home/jpattan
+GECOS field: jpattan
+Login shell: /bin/sh
+Kerberos principal: jpattan at MYDOMAIN.NET
+UID: 387115841
+</pre><div class="para">
+			Press <span class="keycap"><strong>Enter</strong></span> at each prompt to accept the default values (enclosed in square brackets), or type an alternative.
+		</div><div class="para">
+			Refer to the <code class="command">ipa user-add</code> help page for more information.
+		</div></div><div class="section" id="editing-users"><div class="titlepage"><div><div><h2 class="title" id="editing-users">6.3. Editing Users</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa user-mod</code> command to modify user account details, such as adding, removing or changing attributes. Refer to the following examples:
+		</div><div class="para">
+			To update attributes for the user <code class="systemitem">jsmith</code>:
+		</div><div class="para">
+			<code class="command">$ ipa user-mod jsmith <code class="option">--email=johnsmith at mydomain.com</code> <code class="option">--title=Editor</code></code>
+		</div><div class="para">
+			To retrieve a list of attributes for a user:
+		</div><div class="para">
+			<code class="command">$ ipa user-show --raw &lt;user name&gt;</code>
+		</div><div class="para">
+			The list of attributes corresponds to those available in the web interface, not including any custom attributes that may have been defined.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">6.4. Activating and Deactivating User Accounts</h2></div></div></div><div class="para">
+			IPA user accounts can be set to a status of <code class="literal">Active</code> or <code class="literal">Inactive</code>. If you deactivate a user account, that user can no longer log in to IPA, change their password, or perform any other tasks. Any existing connections will remain valid until their <code class="systemitem">Kerberos</code> TGT and other tickets expire, but they will not be able to renew them. The account and all associated information still exists, but is inaccessible by the user.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">6.4.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-enable</code> and <code class="command">ipa user-disable</code> commands to enable and disable user accounts, respectively. Refer to the following examples:
+			</div><div class="para">
+				To disable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-disable jsmith</code>
+			</div><div class="para">
+				To enable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command"> $ ipa user-enable jsmith</code>
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">6.5. Deleting IPA Users</h2></div></div></div><div class="para">
+			If you delete an IPA user account, all of the information stored in the entry for that identity is lost. This includes the user's full name, group membership, phone numbers, and passwords. The actual user account and home directory still exist, be they on a server, local machine, or other provider, but they are no longer accessible by IPA.
+		</div><div class="para">
+			Unlike deactivation, if you delete a user account, it cannot be retrieved. If you need this user account again, you need to recreate it and add all of the account details manually.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Unlike in earlier versions of IPA, it is now possible to delete the <code class="systemitem">admin</code> user. If, however, you delete all of the <code class="systemitem">admin</code> users then you will need to use the Directory Manager account to create a new administrative user. Alternatively, if you have a user in the group management role, they can add a new <code class="systemitem">admin</code> user.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">6.5.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-del</code> command to delete user accounts. For example:
+			</div><div class="para">
+				To delete the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-del jsmith</code>
+			</div><div class="para">
+				If you intend to delete multiple users, you can use the <code class="option">--continue</code> option to prevent the command from stopping should it encounter any errors. For example:
+			</div><div class="para">
+				<code class="command">$ ipa user-del <code class="option">--continue</code> <em class="parameter"><code>user_01</code></em> <em class="parameter"><code>user_02</code></em> <em class="parameter"><code>user_03</code></em></code>
+			</div><div class="para">
+				If you run this command without using the <code class="option">--continue</code> option, IPA will delete the listed user accounts unless it encounters any errors, at which point it stops. For example, if <em class="parameter"><code>user_02</code></em> did not exist, the previous command would only delete <em class="parameter"><code>user_01</code></em>; <em class="parameter"><code>user_03</code></em> would not be affected.
+			</div><div class="para">
+				The <code class="option">--continue</code> option returns a summary of successes and failures to <code class="systemitem">stdout</code>.
+			</div></div></div><div class="section" id="user-groups"><div class="titlepage"><div><div><h2 class="title" id="user-groups">6.6. Creating User Groups</h2></div></div></div><div class="para">
+			IPA uses groups to facilitate the management and administration of all types of objects, such as users, hosts, tasks, roles, and others. This section introduces <code class="systemitem">User Groups</code> and how they are used within IPA. Other object groups behave and are used in similar ways; these are discussed elsewhere.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-User_Groups"><h5 class="formalpara">User Groups</h5>
+				Three groups are created during the installation process: <code class="systemitem">ipausers</code>, <code class="systemitem">admins</code>, and <code class="systemitem">editors</code>. All of these groups are required for IPA operation.
+			</div><div class="para">
+			The IPA Administrator is a member of the <code class="systemitem">admins</code> group. All other users belong to the global group <code class="systemitem">ipausers</code>, and you can create as many additional groups as you require.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Some operating systems limit the number of groups that you can create. For example, <code class="systemitem">Solaris</code> and <code class="systemitem">AIX</code> allow only 16 groups per user. IPA Administrators need to be aware of this limitation, especially when using nested groups.
+			</div></div></div><div class="para">
+			The <code class="systemitem">editors</code> group is a special group used by the web interface. Members of this group have at least one delegation, which means they can edit records apart from their own.
+		</div><div class="para">
+			You can create groups based on the departments within your organization, for example, Development, Finance, and HR. You can also create groups based on the permissions, or roles, required to manage your departmental or other groups.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Nested_Groups"><h5 class="formalpara">Nested Groups</h5>
+				You can also create nested groups. For example, you can create a group called "Documentation", and then create sub-groups such as "Writers", "Translators", and "Editors". You can add users to each of the sub-groups to suit the needs of your organization. Any users that you add to a sub-group automatically become members of the parent group.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Avoid the creation of cyclic groups; that is, groups that contain groups that in turn contain their own ancestors, and avoid creating group names that contain spaces. Either of these conditions can lead to unexpected behavior.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">6.6.1. Creating IPA Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">6.6.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-add</code> command to add groups. You can include attributes on the command line or use the command interactively. For example:
+				</div><div class="para">
+					To create a group called "Engineering" using the command line:
+				</div><pre class="screen">$ ipa group-add
+Group name: Engineering
+Description: All members of the engineering group
+-------------------------
+Added group "engineering"
+-------------------------
+  Group name: Engineering
+  Description: All members of the engineering group
+  GID: 387115842
+</pre><div class="para">
+					Alternatively, include all of the required attributes on the command line:
+				</div><pre class="screen">$ ipa group-add --desc='All authors, editors, and translators' Documentation
+---------------------------
+Added group "documentation"
+---------------------------
+  Group name: documentation
+  Description: All authors, editors, and translators
+  GID: 387115845</pre><div class="para">
+					The group name and description are mandatory fields. If either of these are not included on the command line, you will be prompted to include them.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_the_Command_Line-Adding_members_to_a_new_group"><h5 class="formalpara">Adding members to a new group</h5>
+						You cannot add members to a newly-created group using the <code class="command">ipa group-add</code> command. First you need to create the group, and then use the <code class="command">ipa group-add-member</code> command to add members. For example:
+					</div><pre class="screen">$ ipa group-add-member --users=user01,user02,user03 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member users: user01,user02,user03
+-------------------------
+Number of members added 3
+-------------------------
+</pre><div class="para">
+					You can use the same process to create nested groups:
+				</div><pre class="screen">$ ipa group-add-member --groups=group01,group02 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member groups: group01,group02
+  -------------------------
+  Number of members added 2
+  -------------------------
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">6.6.2. Editing IPA Groups</h3></div></div></div><div class="para">
+				You can edit many of the attributes that define a group, as well as add or remove members. Some attributes are read-only by default, however you can edit these attributes if required.
+			</div><div class="para">
+				You cannot edit the group name. The group name is the primary key, so changing it is the equivalent of deleting the group and creating a new one.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">6.6.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-mod</code> command to modify specific attributes of IPA groups. IPA provides numerous commands for working with groups, such as <code class="command">ipa group-add-member</code> and <code class="command">ipa group-detach</code>; run the <code class="command">ipa help group</code> command to access the IPA group help page for more information.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">6.6.3. Deleting IPA Groups</h3></div></div></div><div class="para">
+				When you delete an IPA group, only the immediate group is removed; members of the group are not affected.
+			</div><div class="para">
+				When you delete an IPA group, any delegations that apply to that group are also removed. For example, suppose you added an "EngineeringManager" group specifically to set up delegations for the Engineering Manager. If you delete the EngineeringManager group, then those delegations are also lost. These delegations cannot be retrieved. If you need this group and delegation again, you need to recreate them.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">6.6.3.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-del</code> command to delete groups. For example:
+				</div><div class="para">
+					To delete the Engineering group:
+				</div><div class="para">
+					<code class="command">$ ipa group-del Engineering</code>
+				</div></div></div></div><div class="section" id="user-pwdpolicy"><div class="titlepage"><div><div><h2 class="title" id="user-pwdpolicy">6.7. Setting an Individual Password Policy</h2></div></div></div><div class="para">
+			IPA has a default policy of never exposing passwords, even hashed passwords, to clients, in the interests of system security. This policy applies even if you still rely on NIS server functionality to some degree, for example, as a result of a full or partial migration from NIS to IPA. IPA normally expects a switch to Kerberos for authentication, but this may not always be possible.
+		</div><div class="para">
+			The IPA password policy supports the specification of various password attributes that help to ensure the security of your system, and also that of individual user accounts. You can specify the password lifetime, length, and the types of characters required, all as part of the IPA password policy.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						In Red Hat Enterprise Linux 6.1, the IPA password policy is enforced by the <abbr class="abbrev">KDC</abbr>. Only a limited number of attributes are currently supported, but this will be extended in later versions.
+					</div></li><li class="listitem"><div class="para">
+						Because the password policy is enforced by the <abbr class="abbrev">KDC</abbr>, any further policy specifications that you implement as part of the Directory Server password policy will not be visible in IPA, and neither will they be enforced.
+					</div></li><li class="listitem"><div class="para">
+						Different rules apply to changing passwords, depending on your login credentials.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">6.7.1. Changing Passwords as the Directory Manager</h3></div></div></div><div class="para">
+				If you reset a password using <em class="parameter entry"><code>cn=Directory Manager</code></em> credentials (only possible if you manually perform an <code class="systemitem">LDAP</code> password change operation) then you override any checks and the password is set to whatever you specify. The IPA password policy is ignored.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">6.7.2. Changing Passwords as the IPA Administrator</h3></div></div></div><div class="para">
+				If you reset a password using <code class="systemitem">admin</code> credentials (that is, as part of the <code class="systemitem">admins</code> group), the IPA password policy is ignored, but the expiration date is set to "now". This means that the user is forced to change the password at login time, and the password policy is then enforced. This is also true for users who have had password changing rights delegated to them.
+			</div><div class="para">
+				Consequently, the IPA Administrator can easily create users with "default" passwords and reset user's passwords, but will not know the actual, final password entered by the user. Further, any password that is transmitted from the IPA Administrator to the user, even over insecure channels, is a temporary password. Consequently, it is not critical if it is accidentally disclosed, provided that the user promptly resets it.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">6.7.3. Changing Passwords as a Regular User</h3></div></div></div><div class="para">
+				If you are logged in as a regular user (that is, you are not part of the <code class="systemitem">admins</code> group, or possessed of any elevated privileges), then you can only change your own password, and these changes are always subject to the IPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">6.7.4. Editing the Password Policy</h3></div></div></div><div class="para">
+				You can use either the web interface or the command line to edit the IPA password policy. However, you can only edit those attributes supported by IPA.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">6.7.4.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa pwpolicy-*</code> commands to create and modify IPA password policies. These commands are provided as part of the <code class="command">ipa pwpolicy</code> plug-in functionality. The <code class="command">ipa help pwpolicy</code> command displays the help page and some examples of using this plug-in.
+				</div><div class="para">
+					For example, use the following command to update the minimum global password length to 10 characters, and to specify that no history of passwords be kept:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-mod --minlength=10 --history=0</code>
+				</div><div class="para">
+					To display the global password policy:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-show</code>
+				</div><div class="para">
+					Refer to <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">Section 6.7.6, “Password Policy Attributes”</a> for information on password policy attributes.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">6.7.5. Setting Different Password Policies for Different User Groups</h3></div></div></div><div class="para">
+				The IPA password policy plug-in (<code class="command">ipa pwpolicy</code>) manages both global and per-group password policies. You can use this plug-in to display or modify existing password policies to suit the needs of your environment.
+			</div><div class="para">
+				The following examples demonstrate how to display and modify existing password policies.
+			</div><div class="para">
+				To display the password policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="para">
+				To add a new policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					When adding or modifying the password policy for a group, that group needs to already exist but does not need to contain any members.
+				</div></div></div><div class="para">
+				To remove an attribute from a password policy, use the <code class="command">ipa pwpolicy-mod</code> command to set an empty value for the required attribute to delete it.
+			</div><div class="para">
+				The following example illustrates adding a password policy with three specific attributes to an existing group:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-add --minlife=1 --maxlife=5 --priority=1 g1</code>
+Group: g1
+Max lifetime (days): 5
+Min lifetime (hours): 1
+Priority: 1
+</pre><div class="para">
+				The following command uses the <code class="command">ipa pwdpolicy-mod</code> command to set an empty value to the <em class="parameter"><code>minlife</code></em> attribute:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-mod --minlife= g1</code>
+Group: g1
+Max lifetime (days): 5</pre><div class="para">
+				To display the policy for a given user:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --user=tuser1</code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Password policies are not cumulative. That is, you cannot override a single setting in a policy and let it fall back to the global policy on all the others; it is all or nothing.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">6.7.5.1. Setting the Priority of Password Policies</h4></div></div></div><div class="para">
+					The following example demonstrates the use of password priority, where a user and two groups are created, with a separate password policy for each group. Each policy has a different priority, and the user is added to both groups.
+				</div><div class="procedure"><ol class="1"><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_a_user"><h5 class="formalpara">Adding a user</h5>
+								Use the <code class="command">ipa user-add</code> command to add a new user:
+							</div><pre class="screen">
+<code class="command"># ipa user-add --first=Tim --last=User tuser1</code>
+---------
+Added user "tuser1"
+---------
+  User login: tuser1
+  First name: Tim
+  Last name: User
+  Home directory: /home/tuser1
+  GECOS field: tuser1
+  Login shell: /bin/sh
+  Kerberos principal: tuser1 at IPANETWORK.ORG
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_groups"><h5 class="formalpara">Adding the user groups</h5>
+								Use the <code class="command">ipa group-add</code> command to add two new groups:
+							</div><pre class="screen">
+<code class="command"># ipa group-add --desc=Group1 g1</code>
+----------
+Added group "g1"
+----------
+  Group name: g1
+  Description: Group1
+
+# ipa group-add --desc=Group2 g2
+----------
+Added group "g2"
+----------
+Group name: g2
+Description: Group2
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Specifying_the_password_policies"><h5 class="formalpara">Specifying the password policies</h5>
+								Use the <code class="command">ipa pwpolicy-add</code> command to specify different policies for each group:
+							</div><pre class="screen">
+<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=g1</code>
+---------------------------
+Added policy for group "g1"
+---------------------------
+  Group: g1
+  Minimum lifetime (in hours): 10
+
+# ipa pwpolicy-add --minlife=20 --priority=20 --group=g2
+---------------------------
+Added policy for group "g2"
+---------------------------
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_to_the_groups"><h5 class="formalpara">Adding the user to the groups</h5>
+								Use the <code class="command">ipa group-add-member</code> command to add the user that you previously created to each group. You can then use the <code class="command">ipa pwpolicy-show</code> command to display the policy that is in effect for the user.
+							</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g1</code> group and then check the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g1</code>
+  Group name: g1
+  Description: Group1
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+$ ipa pwpolicy-show --user=tuser1
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre></li><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g2</code> group and recheck the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g2</code>
+  Group name: g2
+  Description: Group2
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre><div class="para">
+									Notice that the password policy that is in effect for the user <code class="systemitem">tuser1</code> is taken from the <code class="systemitem">g1</code> group, because it has a higher priority.
+								</div></li></ol></div></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Removing_the_user_from_a_single_group"><h5 class="formalpara">Removing the user from a single group</h5>
+								Finally, use the <code class="command">ipa group-remove-member</code> command to remove the user from the <code class="systemitem">g1</code> group to demonstrate that they still have a custom policy.
+							</div><pre class="screen">
+<code class="command">$ ipa group-remove-member --users=tuser1 g1</code>
+---------------------------
+Number of members removed 1
+---------------------------
+    Users:
+    Groups:
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="command">ipa help &lt;topic&gt;</code> command to display a list of the commands available for working with various topics.
+					</div></div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">6.7.6. Password Policy Attributes</h3></div></div></div><div class="para">
+				The password policy is enforced by the <code class="systemitem module">pwd_extop</code> SLAPI plug-in. IPA 2.0 supports the following password policy attributes:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Password Lifetime</strong></span> (<span class="property">krbMinPwdLife</span>): The minimum period of time, in hours, that a user's password must be in effect before the user can change it. The default value is one hour.
+					</div><div class="para">
+						You can use this attribute to prevent users from changing their password to a "temporary" value and then immediately changing it back to the original value.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Password Lifetime</strong></span> (<span class="property">krbMaxPwdLife</span>): The maximum period of time, in days, that a user's password can be in effect before it must be changed. The default value is 90 days.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Number of Character Classes</strong></span> (<span class="property">krbPwdMinDiffChars</span>): The minimum number of different classes, or types, of character that must exist in a password before it is considered valid. The default value is 0 (zero).
+					</div><div class="para">
+						For example, setting <span class="property">krbPwdMinDiffChars</span> = 3 requires that passwords contain at least one character from three of the supported classes.
+					</div><div class="para">
+						The following character classes are supported:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Upper-case characters
+							</div></li><li class="listitem"><div class="para">
+								Lower-case characters
+							</div></li><li class="listitem"><div class="para">
+								Digits
+							</div></li><li class="listitem"><div class="para">
+								Special characters (for example, punctuation)
+							</div></li><li class="listitem"><div class="para">
+								8-bit characters (characters whose decimal code starts at 128 or below, for example, Â, Ã, and Ä)
+							</div></li></ul></div><div class="para">
+						The following special classes also exist:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Number of repeated characters
+							</div><div class="para">
+								This weights in the opposite direction, so that if you have too many repeated characters you will not meet the quorum to satisfy the "level" expressed by <span class="property">krbPwdMinDiffChars</span>.
+							</div></li></ul></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Length of Password</strong></span> (<span class="property">krbPwdMinLength</span>): The minimum number of characters that must exist in a password before it is considered valid. The default value is eight characters.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Password History Size</strong></span> (<span class="property">krbPwdHistoryLength</span>): The number of previous passwords that IPA stores, and which a user is prevented from using. For example, if you set this value to 10, IPA prevents a user from reusing any of their previous 10 passwords. The default value is 0 (zero) (disable password history).
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							If password history checking is enabled, and a user attempts to use one of the passwords in the history list, the error message returned by the system may be misleading. For example, you may see the following error:
+						</div><pre class="screen">A database error occurred: Constraint violation: Password fails to meet minimum strength criteria
+</pre><div class="para">
+							This is because <span class="package">python-ldap</span> prevents the retrieval of extended information on password policy failures over <code class="systemitem">LDAP</code>.
+						</div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Even with <span class="property">krbPwdHistoryLength</span> set to zero, users cannot reuse their existing password.
+						</div></div></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Priority</strong></span> (<span class="property">priority</span>): The priority determines which policy is in effect. The lower the number the higher priority. This is important if a user is in several groups, each with a password policy set.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Consecutive Failures</strong></span> (<span class="property">maxfail</span>): Specifies the maximum number of consecutive failures to input the correct password before the user's account is locked.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Fail Interval</strong></span> (<span class="property">failinterval</span>): Specifies the period (in seconds) after which the failure count will be reset.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Lockout Time</strong></span> (<span class="property">lockouttime</span>): Specifies the period (in seconds) for which a lockout is enforced.
+					</div></li></ul></div><div class="para">
+				Refer to the <code class="command">ipa help pwpolicy-add</code> help page for more information on configuring the IPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">6.7.7. Notifying Users of Password Expiration</h3></div></div></div><div class="para">
+				If it is installed and configured, SSSD can use the PAM module to send messages to users, warning them about imminent password expiration. Red Hat Enterprise Linux has a <code class="option">pam_pwd_expiration_warning</code> option to fine tune this feature. You can also manually search for passwords that are due to expire by a specified date. For example, to retrieve all user entries whose passwords are due to expire before March 1st, 2011, run the following command:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command">$ ldapsearch -Y GSSAPI -b "cn=users,cn=accounts,dc=example,dc=com"</code> <code class="command">'(krbPasswordExpiration&lt;=20110301000000Z)'</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">6.7.8. Using SSH for Password Authentication</h3></div></div></div><div class="para">
+				If you use password authentication (no GSSAPI authentication, and no ticket on the client) with a new user, or with a user whose password has expired, you need to enable Challenge-Response authentication. Otherwise, the password changing dialog box will not display.
+			</div><div class="para">
+				This is not enabled by default because some older <code class="systemitem">SSL</code> clients may not support Challenge-Response authentication, and it is needed only if the password has expired.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_SSH_for_Password_Authentication-To_enable_Challenge_Response_authentication"><h5 class="formalpara">To enable Challenge-Response authentication:</h5>
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Set <em class="parameter"><code>ChallengeResponseAuthentication</code></em> to <code class="literal">yes</code> in the <code class="filename">/etc/ssh/sshd_config</code> file.
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">6.7.9. Using Local Logins</h3></div></div></div><div class="para">
+				User identity and authentication is managed by SSSD in recent versions of Red Hat Enterprise Linux. The default settings specified by the IPA installation script include timeout settings that still allow local logins to succeed if the client cannot access the IPA server. These settings are specified in the <code class="filename">/etc/sssd/sssd.conf</code> file, and can be tuned to suit your particular deployment. Further, if SSSD's password caching feature is enabled, a user can log in even if the IPA server is down. A typical deployment would normally include two or more servers for redundancy, and so this would not normally be a problem.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+					These timeout settings are only set on operating systems that support the IPA installation script, meaning Red Hat Enterprise Linux 6.1 and later. On other versions, specify these values manually or it may be impossible to log into the host if no IPA servers are available.
+				</div></div></div></div></div><div class="section" id="searching"><div class="titlepage"><div><div><h2 class="title" id="searching">6.8. Searching for Users and Groups</h2></div></div></div><div class="para">
+			IPA provides extensive search capabilities, which enable you to perform simple and partial-match searches on a range of attributes, including:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					First Name (givenname)
+				</div></li><li class="listitem"><div class="para">
+					Last Name (sn)
+				</div></li><li class="listitem"><div class="para">
+					Login (uid)
+				</div></li><li class="listitem"><div class="para">
+					Job Title (title)
+				</div></li><li class="listitem"><div class="para">
+					Organizational Unit Name (ou)
+				</div></li><li class="listitem"><div class="para">
+					Phone Number (telephoneNumber)
+				</div></li></ul></div><div class="para">
+			Searches are not case sensitive, and automatically search across multiple fields. Search results are displayed with exact matches listed first, followed by partial matches.
+		</div><div class="para">
+			The default display lists users in alphabetical order. Click any column title to sort in alphabetical or numerical order. Click the title again to sort in reverse order. The sort order is indicated by an icon next to the title.
+		</div><div class="para">
+			Not all fields are indexed for searching. For example, you cannot search on the following user details:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Initials
+				</div></li><li class="listitem"><div class="para">
+					Account Status
+				</div></li><li class="listitem"><div class="para">
+					Home Directory
+				</div></li><li class="listitem"><div class="para">
+					Login Shell
+				</div></li><li class="listitem"><div class="para">
+					Gecos
+				</div></li><li class="listitem"><div class="para">
+					Home Page
+				</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot use wildcards to search for users or groups. The search string must include at least one character that appears in one of the indexed search fields.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">6.8.1. Searching for Users</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">6.8.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa user-find</code> command to search for users from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa user-find</code> [
+							options
+						] {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find User utility, you can only search for a single string using the command line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa user-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa user-find</code> command to find users whose record contains the string "kay":
+				</div><pre class="screen">$ ipa user-find kay
+---------------
+2 users matched
+---------------
+User login: klim
+First name: Kay
+Last name: Lim
+Home directory: /home/klim
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+
+User login: kming
+First name: Kay
+Last name: Ming
+Home directory: /home/kming
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+----------------------------
+Number of entries returned 2
+----------------------------</pre><div class="para">
+					If you do not see the entry that you are looking for, you may need to adjust the <code class="option">--searchrecordslimit</code> option in the default IPA configuration.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">6.8.2. Searching for Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">6.8.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-find</code> command to search for groups from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa group-find</code> {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find Group utility, you can only search for a single string using the command-line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa group-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa group-find</code> command to find groups that contain the string "documentation":
+				</div><pre class="screen">$ ipa group-find documentation
+---------------
+1 group matched
+---------------
+Group name: documentation
+Description: Group for all documentation authors
+GID: 1453400012
+Member users: dkim, mkang, lming, klim
+----------------------------
+Number of entries returned 1
+----------------------------</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa group-find</code> command searches both group names and group descriptions. If your search results are too extensive, use a more specific search string.
+					</div></div></div></div></div></div></div><div xml:lang="en-US" class="chapter" id="hosts" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Managing Hosts and Host Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#adding-hosts">7.1. Adding and Editing Hosts</a></span></dt><dt><span class="section"><a href="#host-groups">7.2. Creating Host Groups</a></span></dt></dl></div><div class="para">
+		XXXXX introXXXXXXXX
+	</div><div class="section" id="adding-hosts"><div class="titlepage"><div><div><h2 class="title" id="adding-hosts">7.1. Adding and Editing Hosts</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div><div class="section" id="host-groups"><div class="titlepage"><div><div><h2 class="title" id="host-groups">7.2. Creating Host Groups</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div></div><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Using IPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-kerberos">8.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">8.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">8.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">8.3.1. Creating an IPA Service</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_
 a_Service">8.3.1.1. Requesting a Certificate for a Service</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">8.3.1.2. Using certmonger to Manage Certificate Requests</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">8.3.1.3. Using NSS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">8.3.2. Configuring an NFS Service Principal on the IPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">8.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">8.5. Rotating Keys</a></span></dt><dt><span class=
 "section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">8.6. Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">8.1. About Kerberos</h2></div></div></div><div class="para">
+			The Kerberos server is a part of IPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <em class="firstterm">ticket</em>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
+		</div><div class="para">
+			To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <em class="firstterm">ticket-granting ticket</em> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+		</div><div class="para">
+			<code class="systemitem">Kerberos</code> is a network authentication protocol which allows users to authenticate to services with the help of a KDC. <code class="systemitem">Kerberos</code> authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <em class="firstterm">principal names</em>, and those users and services are often referred to simply as <em class="firstterm">principals</em>.
+		</div><div class="para">
+			A service principal consists of three components: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						the service name
+					</div></li><li class="listitem"><div class="para">
+						the fully-qualified domain name (FQDN)
+					</div></li><li class="listitem"><div class="para">
+						the Kerberos realm
+					</div></li></ul></div>
+
+		</div><div class="para">
+			The service name is an arbitrary case-sensitive string, such as <code class="systemitem">host</code>, <code class="systemitem">HTTP</code>, <code class="systemitem">ldap</code>, or <code class="systemitem">DNS</code>. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the <code class="systemitem">host</code> service principal.
+		</div><div class="para">
+			The syntax, or structure, of a service principal is as follows: <code class="systemitem">service/FQDN at REALM</code>. For example, the host service principal for a machine named <code class="systemitem">test.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code> would be <code class="systemitem">host/test.example.com at EXAMPLE.COM</code>. By convention, this principal is stored in <code class="filename">/etc/krb5.keytab</code>.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				When you run the <code class="command">ipa-client-install</code> command, it retrieves the host service principal and stores it in the <code class="filename">/etc/krb5.keytab</code> file. This host principal is stored within the host record so that the service commands cannot be used with this principal. The idea behind this is that after you have run the <code class="command">ipa-client-install</code> command, your client should be fully prepared to participate in the IPA network.
+			</div></div></div><div class="para">
+			Clients use service principals to inform the KDC which service they need a ticket for. The KDC uses the key assigned to the service principal to encrypt the service ticket it grants to client. Service principals and their associated keys are stored in a keytab file. If the KDC has the service principal and the key assigned to that principal, it can still provide the client with a ticket, but the service server will not be able to decrypt the ticket without the key stored in that keytab file.
+		</div><div class="para">
+			Service principals are typically released per service, although it is possible for one service principal to be used for more than one service.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-The_Importance_of_Service_Principals_and_keytabs"><h5 class="formalpara">The Importance of Service Principals and keytabs</h5>
+				Service principals and their associated keys play a critical role in a <code class="systemitem">Kerberos</code>-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their <code class="systemitem">Kerberos</code> credentials.
+			</div><div class="para">
+			For example, if a user tries to mount an <code class="systemitem">NFS</code> directory using <code class="systemitem">Kerberos</code>, then both the <code class="systemitem">NFS</code> server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the IPA <code class="systemitem">NFS</code> configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-Protecting_keytab_Files"><h5 class="formalpara">Protecting keytab Files</h5>
+				To protect your keytab files, consider the following general rules with respect to their permissions and ownership: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Owner: <span class="property">uid</span> of the process that will use the keytab
+						</div></li><li class="listitem"><div class="para">
+							Mode: 0600
+						</div></li></ul></div>
+				 For example, set the owner of the <span class="application"><strong>Apache</strong></span> keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Clients attempting to mount <code class="systemitem">NFS</code> exports rely on the existence of a valid principal and secret key on both the <code class="systemitem">NFS</code> server and the client host. Clients themselves should not have access to the <code class="systemitem">NFS</code> keytab. The ticket for the <code class="systemitem">NFS</code> connection will be given to clients from the KDC.
+			</div><div class="para">
+				Failure to export an updated keytab can cause problems that are difficult to isolate. For example, existing service connections may continue to function, but no new connections may be possible.
+			</div><div class="para">
+				Due to the critical role that keytabs play in authenticating users and services, and the issues that can arise if they are compromised, ensure that all keytab files are appropriately secured, and have suitable file ownership and permissions established.
+			</div></div></div></div><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">8.2. Setting Kerberos Ticket Policies</h2></div></div></div><div class="para">
+			Kerberos tickets are issued subject to the restraints of the <em class="firstterm">Kerberos ticket policy</em>. This policy defines the maximum ticket lifetime and also the maximum renewal age, the period during which the ticket is renewable. You can use the <code class="command">ipa krbtpolicy-mod</code> command to modify the policy to suit your environment. You can also use the <code class="command">ipa krbtpolicy-reset</code> command to reset the policy to the default values.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Use the following command to restart the KDC: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div></div></div><div class="para">
+			Kerberos authentication is the core of the IPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+		</div><div class="para">
+			IPA uses a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age; that is, the period during which the ticket is renewable. You can also create a per-user ticket policy by specifying the user login.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Changes to the global policy require a restart of the KDC service to take effect, as follows: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div><div class="para">
+				Changes to per-user policies take effect immediately for newly-requested tickets, for example, when the user next runs <code class="command">kinit</code>.
+			</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">8.3. Creating and Using Service Principals</h2></div></div></div><div class="para">
+			You can use the web interface to create service principals and also to search for existing service principals. For security and other reasons, however, it is not possible to retrieve a keytab using the web interface. This has to be done either on the command line on the system where the service is accessed, or on the IPA server itself, and the keytab then exported to the client host.
+		</div><div class="para">
+			The following example demonstrates creating a service principal and keytab on a client host for the <code class="systemitem">HTTP</code> service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the IPA server is <code class="systemitem">ipaserver.example.com</code>: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add ipaclient.example.com</code>
+<code class="command"># ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com /</code>
+<code class="command">-k /etc/httpd/conf/ipa.keytab</code></pre>
+
+		</div><div class="para">
+			Note the location of the keytab. By default, <span class="application"><strong>IPA</strong></span> saves its <code class="systemitem">HTTP</code> keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the IPA interface would stop working, because the original key would also be deleted.
+		</div><div class="para">
+			Similar locations can be specified for each service that needs to be made Kerberos aware. There is no specific location that must be used, but, when using <code class="command">ipa-getkeytab</code>, you should avoid using <code class="filename">/etc/krb5.keytab</code>. This file should not contain service-specific keytabs; each service should have its keytab saved in a specific location and the access privileges (and possibly SELinux rules) should be configured so that only this service has access to the keytab.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The realm name is optional. The IPA server automatically appends the <code class="systemitem">Kerberos</code> realm for which it is configured. You cannot specify a different realm.
+					</div></li><li class="listitem"><div class="para">
+						The hostname must resolve to a <code class="systemitem">DNS</code> A record for it to work with <code class="systemitem">Kerberos</code>. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
+					</div></li><li class="listitem"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command is part of the <span class="package">ipa-client</span> package, which is only available for Red Hat Enterprise Linux 6.1 or later. For other clients, you need to use this procedure on the server and manually copy the keytab to the client.
+					</div></li><li class="listitem"><div class="para">
+						You can use the <code class="option">-e</code> flag to include a comma-separated list of encryption types to include in the keytab. This supersedes any default encryption type. Refer to the <code class="command">ipa-getkeytab</code> man page for more information.
+					</div></li></ul></div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				The <code class="command">ipa-getkeytab</code> command resets the secret for the specified principal. This means that all other keytabs for that principal are rendered invalid.
+			</div></div></div><div class="para">
+			IPA provides a range of tools and commands to facilitate the creation and administration of services and the service principals and certificates required to use them. Some of this can be automated, but there will always be a certain amount of manual intervention required to create services and certificates after the initial joining of a host to a realm. These requirements and procedures are discussed in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">8.3.1. Creating an IPA Service</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Prerequisites"><h5 class="formalpara">Prerequisites</h5>
+					Before you can create a service for an IPA host, you need to ensure that the host exists. This should be true if it has already joined the realm. Use the following command to determine if the host exists: 
+<pre class="screen"><code class="command"># ipa host-show myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				If the host does <span class="emphasis"><em>not</em></span> exist in the realm, you will see an error message similar to the following: 
+<pre class="screen"><span class="errortext">ipa: ERROR: myserver.mydomain.net: host not found</span></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-To_create_an_IPA_service"><h5 class="formalpara">To create an IPA service:</h5>
+					Use the following command to create a service for that host: 
+<pre class="screen"><code class="command"># ipa service-add test/myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				This will produce output similar to the following:
+			</div><pre class="screen">
+-------------------------------------------------------
+Added service "test/myserver.mydomain.net at MYDOMAIN.NET"
+-------------------------------------------------------
+  Principal: test/myserver.mydomain.net at MYDOMAIN.NET
+  Managed by: myserver.mydomain.net</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">8.3.1.1. Requesting a Certificate for a Service</h4></div></div></div><div class="para">
+					Use the following command to request a certificate for the new service. The certificate request is contained in the <code class="filename">example.csr</code> file. 
+<pre class="screen"><code class="command"># ipa cert-request --principal=test/myserver.mydomain.net example.csr </code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="option">--add</code> option to create the service when requesting the certificate.
+					</div></div></div><div class="para">
+					If necessary, create the CSR file using openssl. The following is an example session creating such a file:
+				</div><pre class="screen"><code class="command"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key</code>
+Generating a 2048 bit RSA private key
+.........................................................+++
+.............................+++
+writing new private key to 'private.key'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [XX]:AU
+State or Province Name (full name) []:QLD
+Locality Name (eg, city) [Default City]:BNE
+Organization Name (eg, company) [Default Company Ltd]:MYDOMAIN.NET
+Organizational Unit Name (eg, section) []:ECS
+Common Name (eg, your name or your server's hostname) []:myserver.mydomain.net
+Email Address []:authors at mydomain.net
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:</pre></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">8.3.1.2. Using certmonger to Manage Certificate Requests</h4></div></div></div><div class="para">
+					You can also use <span class="application"><strong>certmonger</strong></span> to manage the certificate request process for you. Use the following command to request a certificate: 
+<pre class="screen"><code class="command"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</code></pre>
+
+				</div><div class="para">
+					The <code class="filename">/etc/pki/nssdb</code> file is the global NSS database, and <code class="literal">Server-Cert</code> is the nickname of this certificate. There is nothing special about this name; it can be anything, but it does need to be unique within this database. Use the <code class="command">ipa-getcert list</code> command to display the current status of certificates managed by <span class="application"><strong>certmonger</strong></span>.
+				</div><div class="para">
+					If you use <span class="application"><strong>certmonger</strong></span> to request a certificate for a service, you need to use the <code class="option">-K &lt;principal&gt;</code> option. Without this option, <span class="application"><strong>certmonger</strong></span> assumes it is requesting a certificate for the host service (host/fqdn at REALM). For example:
+				</div><pre class="screen"><code class="command"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K</code>
+<code class="command">HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</code></pre><div class="para">
+					You need to use the <code class="option">-N</code> option to specify the subject when using the <code class="option">-K</code> option. The subject format is as follows: CN=&lt;fqdn&gt;,O=&lt;subject base&gt;
+				</div><div class="para">
+					You can configure the IPA subject base as part of the IPA server installation process; the default value is the same as the default value for the realm name, which is derived from the hostname by default. Use the following command to determine the subject base: 
+<pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code></pre>
+					 IPA will reject requests with invalid subject base values.
+				</div><div class="para">
+					Refer to the <code class="systemitem">certmonger</code> man page and also to <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">Section B.1, “What is certmonger?”</a> for more information.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">8.3.1.3. Using NSS</h4></div></div></div><div class="para">
+					If you need to create an NSS database in which to store your key, use the <code class="command">certutil</code> command as follows: 
+<pre class="screen"><code class="command">$ certutil -N -d /path/to/database/dir</code>
+<code class="command">$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" \</code>
+<code class="command">-d /path/to/database/dir -a &gt; example.csr</code></pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_NSS-CSR_File_Formats"><h5 class="formalpara">CSR File Formats</h5>
+						The format of the CSR is partly dependent upon the CA back end you are using.
+					</div><div class="para">
+					If you are using Dogtag, then the Common Name (CN) is the only part of the request subject that is used; all other components are ignored.
+				</div><div class="para">
+					If you are using the selfsigned CA back end, then the subject must match the configured certificate subject base. You can find this with:
+				</div><pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code>
+
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+					This means you need to use MYDOMAIN.NET for the organization. IPA will reject requests whose subject base differs from this value.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">8.3.2. Configuring an NFS Service Principal on the IPA Server</h3></div></div></div><div class="para">
+				The following procedure describes how to configure <code class="systemitem">NFS</code> on the IPA server and to set up an <code class="systemitem">NFS</code> service principal.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 8.1. Configuring <code class="systemitem">NFS</code> on the IPA Server</h6><ol class="1"><li class="step"><div class="para">
+						Configure the export directory. 
+<pre class="screen"><code class="command"># mkdir /export</code>
+<code class="command"># chmod 777 /export</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure the <code class="filename">/etc/exports</code> file as follows:
+					</div><div class="para">
+						
+<pre class="programlisting">/export  *(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5i(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5p(rw,fsid=0,insecure,no_subtree_check)
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						To enable secure <code class="systemitem">NFS</code>, add the following line to <code class="filename">/etc/sysconfig/nfs</code>
+					</div><div class="para">
+						
+<pre class="programlisting">SECURE_NFS=yes
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Add a service principal and keytab for <code class="systemitem">NFS</code>. 
+<pre class="screen"><code class="command"># ipa service-add nfs/ipaserver.example.com</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com \</code>
+ <code class="command">-k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on an older Red Hat Enterprise Linux machine, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's <code class="systemitem">rpc.gssd</code> and the server's <code class="systemitem">rpc.svcgssd</code> daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="step"><div class="para">
+						Run the following commands to reload the NFS configuration and restart the required services: 
+<pre class="screen"><code class="command"># exportfs -a</code>
+<code class="command"># restart services</code>
+<code class="command"># service nfs restart</code>
+<code class="command"># service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Note the use of the <code class="option">-k</code> option when restarting <code class="systemitem">rpcgssd</code>. This is necessary to update the NFS configuration with the path to the NFS keytab.
+						</div></div></div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">8.4. Refreshing Kerberos Tickets</h2></div></div></div><div class="para">
+			Some compliance or company security policies may require that system administrators manually refresh Kerberos tickets, perhaps annually or more frequently. The current version of IPA does not provide automatic renewal of Kerberos tickets.
+		</div><div class="para">
+			Manually refreshing Kerberos tickets is a two step process: you first need to find all of the keytabs that are older than a certain date, and then obtain a new keytab for the host or service in question. This process is described in detail below.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Refreshing_Kerberos_Tickets-How_to_manually_refresh_Kerberos_keytabs"><h6>Procedure 8.2. How to manually refresh Kerberos keytabs</h6><ol class="1"><li class="step"><div class="para">
+					Find all keytabs, both for host services and for any other services, issued before today. Use the following queries (update the dates as necessary): 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Dates are expressed in YYYYMMDD format, and times in HHMMSS format (GMT).
+						</div></div></div>
+
+				</div></li><li class="step"><div class="para">
+					Log into each machine and obtain a new keytab for the given service. To do this, you need to know the location of the keytab on the target system. For example, the default location for the <code class="systemitem">host/</code> principal is <code class="filename">/etc/krb5.keytab</code>. Use the <code class="command">ipa-getkeytab</code> command to retrieve a new <code class="systemitem">host/</code>principal: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM \</code>
+  <code class="command">-s ipa.example.com -k /etc/krb5.keytab</code></pre>
+
+				</div><div class="para">
+					To retrieve a new keytab for the <code class="systemitem">HTTP</code> service, run the following command instead: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM \</code>
+<code class="command">-s ipa.example.com -k /etc/httpd/conf/ipa.keytab</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command does not delete the old keytab in case it already exists in the file.
+					</div></div></div></li></ol></div><div class="para">
+			You can use the <code class="command">klist</code> command to view the new key version number (KVNO): 
+<pre class="screen"><code class="command"># klist -kt /path/to/keytab</code></pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Some services, such as NFSv4, only support a limited set of encryption types. Ensure that you pass the appropriate arguments to the <code class="command">ipa-getkeytab</code> command.
+			</div></div></div></div><div class="section" id="rotating-keys"><div class="titlepage"><div><div><h2 class="title" id="rotating-keys">8.5. Rotating Keys</h2></div></div></div><div class="para">
+			Kerberos keys are similar to passwords, and in the interests of security they should occasionally be changed. The frequency of these changes may be determined by company or other policies. Each key has an associated version number, which are stored in the <em class="parameter"><code>KVNO</code></em> parameter.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Rotating_Kerberos_Keys-Obtaining_a_new_service_principal_Kerberos_key"><h5 class="formalpara">Obtaining a new service principal Kerberos key</h5>
+				Use the <code class="command">ipa-getkeytab</code> command to create a new Kerberos key. For example, use the following command to refresh your IPA keytab: 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+				 This will add a new set of keys to your existing keytab. That is, you should now have two identical sets of principals, each with a separate <em class="parameter"><code>KVNO</code></em>.
+			</div><div class="para">
+			Use the <code class="command">klist</code> command to view the existing keys: 
+<pre class="screen"><code class="command"># klist -kt /etc/dirsrv/ds.keytab</code>
+Ticket cache: FILE:/tmp/krb5cc_0
+Default principal: admin at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+03/08/11 13:57:18  03/09/11 13:57:16  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+03/08/11 13:57:27  03/09/11 13:57:16  HTTP/ipa.example.com at EXAMPLE.COM
+03/08/11 13:57:32  03/09/11 13:57:16  ldap/ipa.example.com at EXAMPLE.COM
+</pre>
+
+		</div><div class="para">
+			Use the <code class="command">kvno</code> command to display the version number of a service ticket that you have been issued: 
+<pre class="screen"><code class="command"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+			 The <code class="option">-c</code> option specifies which credentials cache to use. The credentials cache (Ticket cache) is included in the output of the <code class="command">klist</code> command, above.
+		</div><div class="para">
+			Tickets issued against the old service will continue to work as expected but new tickets will be issued using the highest <em class="parameter"><code>KVNO</code></em>. This is to avoid any disruption to system operations. No service restart should be needed.
+		</div><div class="para">
+			You should maintain the old records for at least the amount of time that valid tickets are issues (8 hours by default) so that any clients that have a ticket encrypted with the old key will continue to work. However, there is no real need to remove old keys.
+		</div><div class="para">
+			IPA does not currently provide an automated method of performing this task for all service tickets. Use the following queries to display a list of all services that have been issued keytabs: 
+<pre class="screen"><code class="command"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code>
+<code class="command"># ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code></pre>
+
+		</div><div class="para">
+			This will display service and host keytab information. It is not possible to determine if it has a key directly, but you can infer that a keytab was issued by looking at the last change date.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">8.6. Kerberos Errors</h2></div></div></div><div class="para">
+			If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the server: <code class="filename">/var/log/krb5kdc.log</code>
+					</div></li><li class="listitem"><div class="para">
+						If you were using the framework also look in <code class="filename">/var/log/httpd/error_log</code>
+					</div></li></ul></div>
+
+		</div></div></div><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-automount">9.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">9.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">9.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-automount">9.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">9.2.1. Configuring autofs on Linux</a></span></dt><dd><dl><dt><span class="section"><a href
 ="#sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">9.2.1.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">9.2.2. Solaris automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">9.2.2.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">9.2.3. Configuring Indirect Maps</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">9.2.3.1. Configuring Direct Maps</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">9.
 2.4. Links</a></span></dt></dl></dd></dl></div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">9.1. About Automount and IPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure <code class="command">automount</code> on <code class="systemitem">Linux</code> and <code class="systemitem">Solaris</code> for use with IPA. It details the procedures and configuration changes necessary to set up <code class="command">automount</code>, the <code class="filename">auto.master</code> file and other map files used by <code class="command">autofs</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">9.1.1. Known Issues with Automount</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Known_Issues_with_Automount-Additional_Schema_Required_for_Some_Systems"><h5 class="formalpara">Additional Schema Required for Some Systems</h5>
+					If you are supporting <code class="systemitem">Solaris</code> clients, you need to use the 2307bis-style <code class="command">automount</code> schema, although Sun's version is NOT identical to the one at <a href="http://people.redhat.com/nalin/schema/autofs.schema">http://people.redhat.com/nalin/schema/autofs.schema</a>.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">9.1.2. Assumptions</h3></div></div></div><div class="para">
+				In order to illustrate the <code class="command">automount</code> configuration procedures, this chapter assumes that: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							The IPA server is correctly installed and operational.
+						</div></li><li class="listitem"><div class="para">
+							The domain is <code class="systemitem">example.com</code>.
+						</div></li><li class="listitem"><div class="para">
+							The NFS server is also configured as an IPA client.
+						</div></li><li class="listitem"><div class="para">
+							You have root access to the server where you want <code class="command">autofs</code> to work. For the purposes of this exercise, this server is called <code class="systemitem">nfsserver.example.com</code>
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">nfsserver.example.com</code> server can communicate with the <code class="systemitem">LDAP</code> server for users and groups.
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">NFS</code> service is running on <code class="systemitem">nfsserver.example.com</code>
+						</div></li></ul></div>
+
+			</div><div class="para">
+				This chapter also assumes that the user has at least a basic understanding of <code class="systemitem">NFS</code> and automount.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Assumptions-NFS_Configuration"><h5 class="formalpara">NFS Configuration</h5>
+					Configuring <code class="systemitem">NFS</code> is beyond the scope of this document. Refer to the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html</a> for information on how to configure <code class="systemitem">NFS</code>.
+				</div><div class="para">
+				The following is an example of a suitable entry in the <code class="filename">/etc/exports</code> file:
+			</div><pre class="programlisting">/home 192.168.1.0/16 (rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
+</pre><div class="para">
+				You should test that you can mount the <code class="filename">/home</code> directory from the command line before proceeding with the <code class="command">automount</code> configuration. This makes troubleshooting easier if the configuration does not work.
+			</div></div></div><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">9.2. Configuring Automount</h2></div></div></div><div class="para">
+			IPA natively supports automount and so only minimal configuration is required. IPA 2.0 also introduces the concept of a <em class="firstterm">location</em>, which allows for different sets of maps for different purposes, or locations. 
+			<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					You can direct different clients to use different map sets. These map sets use a tree structure, which means that you cannot share maps between locations.
+				</div></div></div>
+			 Any extra steps required for configuring automount on Linux or Solaris are described below. Refer to the <code class="command">ipa help automount</code> help page for more information and a list of available commands.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">9.2.1. Configuring autofs on Linux</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-To_configure_autofs_on_Linux"><h6>Procedure 9.1. To configure autofs on Linux:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/sysconfig/autofs</code> file as follows. This specifies the attributes that <code class="command">autofs</code> searches for:
+					</div><pre class="programlisting">#
+# Other common LDAP naming
+#
+MAP_OBJECT_CLASS="automountMap"
+ENTRY_OBJECT_CLASS="automount"
+MAP_ATTRIBUTE="automountMapName"
+ENTRY_ATTRIBUTE="automountKey"
+VALUE_ATTRIBUTE="automountInformation"
+</pre></li><li class="step"><div class="para">
+						You also need to specify which <code class="systemitem">LDAP</code> server to use, and the <em class="parameter"><code>basedn</code></em> for <code class="systemitem">LDAP</code> searches:
+					</div><pre class="programlisting">LDAP_URI="ldap://ipa.example.com"
+SEARCH_BASE="cn=&lt;location&gt;,cn=automount,dc=example,dc=com"
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							The default value for <em class="parameter"><code>location</code></em> is <code class="literal">default</code>.
+						</div></div></div></li><li class="step"><div class="para">
+						Save the file and restart <code class="systemitem">autofs</code>:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># service autofs restart</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">9.2.1.1. Testing the Configuration</h4></div></div></div><div class="para">
+					Test the configuration by attempting to list a user's <code class="filename">/home</code> directory:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+				</div><div class="para">
+					If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors or other indications of what the problem might be. You can also increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">9.2.2. Solaris automount</h3></div></div></div><div class="para">
+				The following procedure describes the steps required to configure <code class="command">automount</code> for <code class="systemitem">Solaris</code>.
+			</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+						If the <code class="systemitem">NFS</code> server is running on <code class="systemitem">Linux</code>, you need to specify on the <code class="systemitem">Solaris</code> machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
+					</div><pre class="programlisting">NFS_CLIENT_VERSMAX=3
+</pre></li><li class="step"><div class="para">
+						IPA does not configure automount by default, so you need to use the <code class="command">ldapclient</code> command to manually configure your host to use LDAP:
+					</div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none \
+-a defaultSearchBase=dc=example,dc=com \
+-a defaultServerList=ipa.example.com \
+-a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com \
+-a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com \
+-a serviceSearchDescriptor=auto_master:automountMapName=auto.master, \
+	cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a serviceSearchDescriptor=auto_home:automountMapName=auto_home, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a objectClassMap=shadow:shadowAccount=posixAccount \
+-a searchTimelimit=15 \
+-a bindTimeLimit=5
+</pre></li><li class="step"><div class="para">
+						Enable <code class="command">automount</code> as follows:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># svcadm enable svc:/system/filesystem/autofs</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">9.2.2.1. Testing the Configuration</h4></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Testing_the_Configuration-_To_test_the_automount_configuration_run_the_following_commands_"><h6>Procedure 9.2.  To test the <code class="command">automount</code> configuration, run the following commands: </h6><ol class="1"><li class="step"><div class="para">
+							
+<pre class="screen"><code class="command"># ldapclient -l auto_master</code>
+dn: automountkey=/home,automountmapname=auto.master,cn=&lt;location&gt;,cn=automount,dc=example,dc=com
+objectClass: automount
+objectClass: top
+automountKey: /home
+automountInformation: auto.home
+</pre>
+
+						</div></li><li class="step"><div class="para">
+							Attempt to list a user's <code class="filename">/home</code> directory:
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+						</div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">9.2.3. Configuring Indirect Maps</h3></div></div></div><div class="para">
+				An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
+			</div><div class="para">
+				The following example creates an indirect map for <code class="filename">/usr/man</code> using the built-in IPA commands. This creates a single indirect map, <code class="filename">/usr/man/man1</code>, which:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Creates a new <code class="command">automount</code> map called <code class="filename">auto.man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds <code class="filename">auto.man</code> to <code class="filename">auto.master</code> on the mount point <code class="filename">/usr/man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds an indirect mount of <code class="filename">man1</code> to <code class="filename">auto.man</code>
+					</div></li></ul></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-How_to_create_an_indirect_map"><h6>Procedure 9.3. How to create an indirect map:</h6><ol class="1"><li class="step"><div class="para">
+						Create a new location:
+					</div><pre class="screen"><code class="command">$ ipa automountlocation-add baltimore</code>
+  Location: baltimore</pre></li><li class="step"><div class="para">
+						Create a map for man pages:
+					</div><pre class="screen"><code class="command">$ ipa automountmap-add baltimore auto.man</code>
+  Map: auto.man</pre></li><li class="step"><div class="para">
+						Add this map to the location's auto.master on the mount point /usr/man:
+					</div><pre class="screen"><code class="command">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man</code>
+  Key: /usr/man
+  Mount information: auto.man</pre></li></ol></div><div class="para">
+				Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
+			</div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
+/etc/auto.master:
+/-      /etc/auto.direct
+/usr/man        /etc/auto.man
+---------------------------
+/etc/auto.direct:
+---------------------------
+/etc/auto.man:</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_an_Indirect_Map_on_Solaris"><h5 class="formalpara">Configuring an Indirect Map on Solaris</h5>
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
+  cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">9.2.3.1. Configuring Direct Maps</h4></div></div></div><div class="para">
+					Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
+				</div><div class="para">
+					To add a direct map configuration, IPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
+				</div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automount
+    automountKey: '/-'
+    automountInformation: auto.direct
+</pre><pre class="programlisting">automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automountMap
+    automountMapName: auto.direct
+</pre><div class="para">
+					Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
+				</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Direct_Maps-How_to_create_a_direct_map"><h6>Procedure 9.4. How to create a direct map:</h6><ol class="1"><li class="step"><div class="para">
+							Create a new location:
+						</div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
+  Location: brisbane</pre></li><li class="step"><div class="para">
+							Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
+						</div><pre class="screen"><code class="command">$ ipa automountkey-add brisbane auto.direct --key=/share \</code>
+  <code class="command">--info="-ro,soft, ipaserver.ipadocs.org:/home/share"</code>
+  Key: /share
+  Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">9.2.4. Links</h3></div></div></div><div class="para">
+				The following pages were used as references for this work:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://efod.se/blog/archive/2006/06/27/autofs-and-ldap">http://efod.se/blog/archive/2006/06/27/autofs-and-ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://www.linuxjournal.com/article/6266">http://www.linuxjournal.com/article/6266</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/showthread.php?t=138992">http://forums.fedoraforum.org/showthread.php?t=138992</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap">http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide">http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide</a>
+					</div></li></ul></div></div></div></div><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-active-directory">10.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">10.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">10.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">10.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting
 _up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">10.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">10.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">10.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">10.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failu
 res">10.7. Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
+		To synchronize user identity information between 389 Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the 389 Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between 389 Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the <em class="parameter"><code>ipaWinSyncUserAttr</code></em> parameter to specify which attributes and values to add to new users that are synchronized from Active Directory.
+	</div><div class="section" id="about-active-directory"><div class="titlepage"><div><div><h2 class="title" id="about-active-directory">10.1. About Active Directory, IPA, and Identity Management</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">10.1.1. Domain Name Considerations</h3></div></div></div><div class="para">
+				IPA clients find, or discover, IPA servers using a process known as <em class="firstterm">Service Discovery</em>. This can occur automatically, using DNS, or manually, by entering the IPA server details during the client configuration phase. If your Active Directory installation is in the same domain as the IPA server, it is possible that when you install IPA clients they will not discover the IPA server, but rather the Active Directory DNS. This means that IPA commands run on the client will fail because the client cannot contact the IPA server.
+			</div><div class="para">
+				To avoid this situation, use a separate domain for your IPA and Active Directory servers. If this is not possible, use the <em class="parameter"><code>--force</code></em> parameter when you run the <code class="command">ipa-client-install</code> script.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">10.2. Setting up Active Directory</h2></div></div></div><div class="para">
+			The Windows Sync utility requires TLS/SSL to synchronize password changes. Therefore, you need to set up Active Directory as an SSL server. The easiest way to achieve this is to install Microsoft Certificate System in Enterprise Root Mode; Active Directory will then automatically enroll to retrieve its SSL server certificate.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You need to install both the <code class="command">winsync</code> and <code class="command">passsync</code> utilities to synchronize User IDs and attributes as well as passwords.
+			</div><div class="para">
+				You need to install the <code class="command">passsync</code> utility on all AD domain controllers to enable password synchronization from AD to IPA.
+			</div></div></div><div class="para">
+			Refer to the <a href="http://directory.fedoraproject.org/wiki/Howto:WindowsSync">Fedora Project Windows Sync Howto</a> for information on setting up Active Directory as an SSL server.
+		</div><div class="para">
+			After you have installed Microsoft Certificate System, you need to save the CA certificate in ASCII (PEM) format. This CA Certificate is required to create the synchronization agreement.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-To_save_the_CA_certificate_in_ASCII_format"><h6>Procedure 10.1. To save the CA certificate in ASCII format:</h6><ol class="1"><li class="step"><div class="para">
+					Navigate to My Network Places and drill down to the CA distribution point. On Windows 2003 Server this is typically <code class="filename">C:\WINDOWS\system32\certsrv\CertEnroll\</code>
+				</div></li><li class="step"><div class="para">
+					Double-click the security certificate file (<code class="filename">.crt</code> file) to display the <span class="guilabel"><strong>Certificate</strong></span> dialog box.
+				</div></li><li class="step"><div class="para">
+					On the <span class="guilabel"><strong>Details</strong></span> tab, click <span class="guibutton"><strong>Copy to File</strong></span> to start the <span class="application"><strong>Certificate Export Wizard</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>Next</strong></span>, select <span class="guilabel"><strong>Base-64 encoded X.509 (.CER)</strong></span> and then click <span class="guibutton"><strong>Next</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Specify a suitable directory and file name for the exported file. The file name is not important. Click <span class="guibutton"><strong>Next</strong></span> to export the certificate, and then click <span class="guibutton"><strong>Finish</strong></span>. You should receive a message stating that the export was successful.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>OK</strong></span> to exit the wizard.
+				</div></li></ol></div><div class="para">
+			Refer to <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">Section 10.4, “Creating Synchronization Agreements”</a> for information on how to use the CA Certificate to create the synchronization agreement.
+		</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-Select_Base_64_encoded_X.509_to_export_the_security_certificate_as_ASCII"><div class="figure-contents"><div class="mediaobject" align="center"><img src="images/ASCII_Cert_Export.png" align="middle" width="444" alt="Select Base-64 encoded X.509 to export the security certificate as ASCII" /></div></div><h6>Figure 10.1. Select Base-64 encoded X.509 to export the security certificate as ASCII</h6></div><br class="figure-break" /></div><div class="section" id="configuring-active-directory"><div class="titlepage"><div><div><h2 class="title" id="configuring-active-directory">10.3. Configuring Active Directory Synchronization</h2></div></div></div><div class="para">
+			The Windows Sync plug-in is installed on the IPA server, and enables one-way replication of users and groups from Windows to IPA. The <code class="command">ipa-server-install</code> script automatically installs the plug-in configuration entry and enables it by default. The Windows Sync plug-in is only ever called if Windows Sync is used.
+		</div><div class="para">
+			The passsync plug-in for Windows uses a standard <code class="command">ldapmodify</code> operation to change users' passwords. These operations take effect immediately, and are still normally subject to password policy settings. When the special user used by passsync sets the password, these password policies should be bypassed and the password should not be set to immediately expire, as is the case when a normal administrator resets a user password. To achieve this, you need to add a list of passSync Manager DNs to the password plug-in configuration. These users will be exempt from password policy enforcement in the same way that the Directory Manager is exempt. This currently requires a manual configuration, as follows:
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Windows_Sync_on_the_IPA_Server-To_add_a_list_of_passSync_Manager_DNs_to_the_password_plug_in_configuration"><h6>Procedure 10.2. To add a list of passSync Manager DNs to the password plug-in configuration:</h6><ol class="1"><li class="step"><div class="para">
+					As Directory Manager, modify the entry <em class="parameter"><code>cn=ipa_pwd_extop,cn=plugins,cn=config</code></em>
+				</div></li><li class="step"><div class="para">
+					Add or update the <em class="parameter"><code>passSyncManagersDNs</code></em> attribute. This is a multi-valued list of DNs that bypass password policy.
+				</div></li></ol></div><div class="para">
+			The following is an example of adding the new entry <code class="literal">uid=admin</code>:
+		</div><pre class="screen">% ldapmodify -x -D "cn=Directory Manager" -W
+Enter LDAP Password: *******
+dn: cn=ipa_pwd_extop,cn=plugins,cn=config
+changetype: modify
+add: passSyncManagersDNs
+passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=example,dc=com
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The entry <em class="parameter"><code>cn=Directory Manager</code></em> always bypasses policy and does not need to be explicitly listed.
+			</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">10.4. Creating Synchronization Agreements</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa-replica-manage connect</code> command to create synchronization agreements. The following command-line arguments apply to creating synchronization agreements:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<code class="option">--winsync</code> — specifies that this is a Windows Sync agreement. Winsync replication occurs every five minutes.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--binddn</code> — the full DN of the user to use. The DS will bind to Active Directory as this user to read and write changes. This user requires read, search, and write permissions on the Active Directory subtree, including password changes, as well as permission to use the DirSync control (that is, it must be able to use replication).
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--bindpw</code> — the password for the user specified by the <code class="option">--binddn</code> argument.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--passsync</code> — the password for the Windows PassSync user, and a required argument to <code class="command">ipa-replica-manage</code> when creating winsync agreements.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--cacert</code> — the full path and file name of the ASCII/PEM-encoded Windows Active Directory CA certificate. This certificate will be installed in the Directory Server certificate database as "Imported CA".
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--win-subtree</code> — the DN of the Windows subtree containing the users you want to synchronize. The default value is <em class="parameter"><code>cn=Users,$SUFFIX</code></em> — this is what Windows AD typically uses as the default value.
+				</div></li></ul></div><div class="para">
+			The following example illustrates adding a new WinSync agreement:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Creating_Synchronization_Agreements-Adding_a_WinSync_agreement_between_an_IPA_server_and_an_AD_server."><h6>Example 10.1. Adding a WinSync agreement between an IPA server and an AD server.</h6><div class="example-contents"><pre class="screen"><code class="command">ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=example,dc=com \</code>
+<code class="command">--bindpw password --passsync password --cacert /path/to/certfile.cer adserver.example.com -v</code></pre></div></div><br class="example-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">10.5. Modifying Synchronization Agreements</h2></div></div></div><div class="para">
+			You can change the behavior of the synchronization agreement to suit the changing needs of your organization. You can modify a number of attributes related to the synchronization agreement using default tools provided with IPA.
+		</div><div class="para">
+			The following example illustrates changing the synchronization behavior of account lock status. By default, account lock status is synchronized between IPA and AD. This means that accounts that are locked in IPA are also locked (disabled) in AD, and vice versa. You can change this synchronization behavior as follows:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Configuring_the_IPA_WinSync_agreement_to_not_synchronize_account_lock_status_information."><h6>Example 10.2. Configuring the IPA WinSync agreement to not synchronize account lock status information.</h6><div class="example-contents"><pre class="screen"><code class="command">$ ldapmodify -x -D "cn=directory manager" -w password</code>
+dn: cn=ipa-winsync,cn=plugins,cn=config
+changetype: modify
+replace: ipaWinSyncAcctDisable
+ipaWinSyncAcctDisable: none
+
+modifying entry "cn=ipa-winsync,cn=plugins,cn=config"
+</pre></div></div><br class="example-break" /><div class="para">
+			The default value of the <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> attribute is <code class="literal">both</code>. If you change this value to <code class="literal">none</code>, as described in the example, account lock status synchronization is completely disabled. Valid values for <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> are <code class="literal">both</code>, <code class="literal">to_ad</code>, <code class="literal">to_ds</code>, and <code class="literal">none</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">10.5.1. Changing the Default Synchronization Subtree</h3></div></div></div><div class="para">
+				When you create synchronization agreements, two default containers are used as the source of the user accounts to synchronize between IPA and Windows Active Directory. IPA uses the <em class="parameter"><code>cn=users,cn=accounts,$SUFFIX</code></em> subtree as the default container, and Windows uses the <em class="parameter"><code>CN=Users,$SUFFIX</code></em> subtree. You can use the <em class="parameter"><code>--win-subtree</code></em> argument to the <code class="command">ipa-replica-manage connect</code> command to override the default Windows subtree.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					If you pass such arguments to the bash or other shell, ensure that you quote spaces and other shell metacharacters. For example, the argument <em class="parameter"><code>--win-subtree=cn=users, dc=example, dc=com</code></em> will fail. The argument <em class="parameter"><code>--win-subtree="cn=users, dc=example, dc=com"</code></em> will succeed.
+				</div></div></div><div class="para">
+				IPA does not currently support modifying the default synchronization container while you are creating the synchronization agreement. You can, however, change the container after the agreement has been established. To do so, you can either modify the <code class="filename">dse.ldif</code> file directly (ensure that you stop the directory server before editing this file), or use <code class="command">ldapmodify</code> to change <em class="parameter"><code>nsds7WindowsReplicaSubtree</code></em>.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">10.6. Deleting Synchronization Agreements</h2></div></div></div><div class="para">
+			You can use the IPA administration tools to delete existing synchronization agreements. For example, to delete an agreement with the AD server <code class="systemitem">adserver.example.com</code>, run the following command:
+		</div><div class="para">
+			<code class="command"># ipa-replica-manage disconnect adserver.example.com</code>
+		</div><div class="para">
+			This removes the replication agreement between the IPA and AD servers. To complete the operation, you need to remove the AD certificate from the IPA server. Run the following command to remove the AD certificate:
+		</div><div class="para">
+			<code class="command"># certutil -D -d /etc/dirsrv/slapd-$REALM/ -n "Imported CA"</code>
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">10.7. Winsync Agreement Failures</h2></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Symptom"><h5 class="formalpara">Symptom</h5>
+				If the creation of a winsync agreement fails, you may see an error message similar to the following: 
+<pre class="screen">"Update failed! Status: [81  - LDAP error: Can't contact LDAP server]
+</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Cause"><h5 class="formalpara">Cause</h5>
+				One example of this error occurring is if you use an invalid Windows Server Certificate when creating the winsync agreement. This can result in the wrong certificates being created in the certificate database in the <code class="filename">/etc/dirsrv/slapd-DOMAIN-NAME/</code> directory, and with same name, for example "Imported CA". The following is an example of a corrupt certificate database after such a failure (note the duplicate "Imported CA" entries): 
+<pre class="screen"><code class="command">$ certutil -L -d /etc/dirsrv/slapd-DOMAIN-NAME/</code>
+
+Certificate Nickname                                         Trust Attributes
+SSL,S/MIME,JAR/XPI
+
+CA certificate                                               CTu,u,Cu
+Imported CA                                                  CT,,C
+Server-Cert                                                  u,u,u
+Imported CA                                                  CT,,C</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Solution"><h5 class="formalpara">Solution</h5>
+				To resolve this issue, you need to clear the certificate database, as follows: 
+<pre class="screen"><code class="command"># certutil -d /etc/dirsrv/slapd-DOMAIN-NAME -D -n "Imported CA"</code></pre>
+
+			</div><div class="para">
+			This will delete the CA from the AD server ("Imported CA"). You need to do this after each failed invocation.
+		</div><div class="para">
+			You may also see the following message:
+		</div><pre class="screen">"Windows PassSync entry exists, not resetting password"
+</pre><div class="para">
+			This is not an error, but rather a notification that IPA is not re-adding the <code class="systemitem">passync</code> user, and neither is it changing the original password. The <code class="systemitem">passync</code> user is a special user entry that can change passwords in IPA.
+		</div></div></div><div xml:lang="en-US" class="chapter" id="nis" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Identity: Integrating with NIS Domains and Netgroups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-nis">11.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">11.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">11.1.2. The IPA Approach to Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">11.1.2.1. How IPA Stores Netgroups</a></span></dt></dl></dd><dt><span class="section"><a href="#adding-netgroups">11.1.3. Adding Netgroups</a></span></dt><dt><span
  class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">11.1.4. IPA Netgroup Commands</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">11.1.4.1. Examples</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">11.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">11.2.1. Exposing Automount Maps to NIS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">11.2.1.1. Example Automount Map Configuration</a></span></dt><
 /dl></dd></dl></dd><dt><span class="section"><a href="#migrintg-from-nis">11.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">11.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">11.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></div><div class="section" id="about-nis"><div class="titlepage"><div><div><h2 class="title" id="about-nis">11.1. About NIS and IPA</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">11.1.1. What are Netgroups?</h3></div></div></div><div class="para">
+				Netgroups are a concept introduced in the directory service NIS. They were designed to contain users, hosts (machines) and other netgroups. A netgroup is a user-host-domain triplet. Refer to the following for more details about netgroups and their uses:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4">http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F">http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F</a>
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Do not read beyond the section "What are NIS netgroups good for?"; netgroup entries are different in IPA.
+				</div></div></div><div class="para">
+				Despite this difference, it is important to underline that there are two plug-ins in IPA that make the data in the new format available via NIS or the old standard RFC2307 and RFC2307bis LDAP schema. For details, refer to the documentation and examples at: <a href="https://fedorahosted.org/slapi-nis/">https://fedorahosted.org/slapi-nis</a>. The entries stored using the new schema are converted into the standard NIS netgroup map and served via the NIS protocol by the first plug-in described on the slapi-nis project page and the compatibility plug-in can be used to create a virtual LDAP view that matches the standard 2307 or 2307bis schema for netgroups using the IPA-specific schema.
+			</div><div class="para">
+				Historically, netgroups have been used to define groups of hosts or users. The advantage of netgroups for user aggregation has been that netgroups allow nesting while normal UNIX user groups do not. Netgroups also provide the only way to aggregate hosts. There is no notion of host groups in NIS, although for effective centralized system management they are definitely needed. It is important to understand that netgroups are collections of entities, be they users, hosts, or both, but there is no relation between particular user-host pairs defined in the netgroup triplet.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">11.1.2. The IPA Approach to Netgroups</h3></div></div></div><div class="para">
+				IPA defines both user groups and host groups, each of which allow nesting. This is a much cleaner way of aggregation and allows better separation of duties and access control. In an IPA deployment, netgroups are a much less attractive approach to grouping than with other LDAP-based systems compliant with RFC 2307 (this defines the LDAP schema for users, groups, netgroups and other maps).
+			</div><div class="para">
+				Client-side applications, for example, SUDO, need netgroups because there is no alternative to host grouping on the client side. Consequently, netgroups are far from obsolete on the client side. A lot of effort is still required within SSSD and IPA to provide clean interfaces to reliably (both online and offline) relay centrally-managed information to applications running on a client machine. IPA therefore provides a way to define and store netgroups, but they are viewed as secondary to user groups and host groups.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">11.1.2.1. How IPA Stores Netgroups</h4></div></div></div><div class="para">
+					IPA stores netgroups in a different format from that specified in RFC2307 and RFC2307bis. The netgroup entries defined by the IPA schema allow relating different objects (users, groups, hosts, host groups) to each other. IPA also provides what is known as a <em class="firstterm">compat (compatibility)</em> plug-in. This plug-in creates a virtual view of the data stored in native IPA entries in the format expected by the RFC-compliant clients. This means that even though the internal data representation of netgroups is different from the RFC, this deviation does not affect clients due to the presence of the <code class="systemitem">compat</code> plug-in.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Comparison_of_Schema"><h5 class="formalpara">Comparison of Schema</h5>
+						To realize the differences, we can compare the standard RFC schema for netgroups and the schema used by IPA. IPA defines the following object class:
+					</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup'
+  DESC 'IPA version of NIS netgroup'
+  SUP ipaAssociation
+  STRUCTURAL
+  MAY ( externalHost $ nisDomainName $ member $ memberOf )
+  X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The IPA netgroup object class is derived from the association object class:
+				</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation'
+    ABSTRACT
+    MUST ( ipaUniqueID $ cn )
+    MAY ( memberUser $ userCategory $
+    memberHost $ hostCategory $
+    ipaEnabledFlag $ description )
+    X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The RFC2307bis schema defines the netgroup object as:
+				</div><pre class="programlisting">objectClasses: (1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+    SUP top
+    STRUCTURAL
+    DESC 'Abstraction of a netgroup. May refer to other netgroups'
+    MUST cn
+    MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Discussion"><h5 class="formalpara">Discussion</h5>
+						The <em class="parameter"><code>nisNetgroupTriple</code></em> is a string consisting of the host-user-domain triplet. The IPA format allows referencing of other objects present in IPA, such as users and groups, instead of manually adding them to the value of the netgroup triplet. Such an arrangement provides a better administrative experience when a user or group is removed or renamed. Inspecting the <em class="parameter"><code>memberUser</code></em> attribute of the association, you can see that it can hold the DN of a user or a user group. In the same way, the <em class="parameter"><code>memberHost</code></em> attribute can hold a reference to a host or a host group entry. This means that the netgroup can function as a wrapper for groups of users and groups of hosts.
+					</div><div class="para">
+					For examples and more information on the meaning of the user and host category attributes, refer to: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities ">http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities </a>
+							</div></li><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Netgroups">http://www.freeipa.org/page/DS_Design_Summary#Netgroups</a>
+							</div></li></ul></div>
+
+				</div></div></div><div class="section" id="adding-netgroups"><div class="titlepage"><div><div><h3 class="title" id="adding-netgroups">11.1.3. Adding Netgroups</h3></div></div></div><div class="para">
+				NIS groups traditionally contain a so-called netgroup triple of the format: (machine, user, domain)
+			</div><pre class="screen">machine - machine name, a host name
+user - user name
+domain - NIS domain of the machine and user
+</pre><div class="para">
+				IPA does not use this triple. Instead, it uses the membership relationship between LDAP entries. It is a simple matter to add users, hosts, and even their groups as members of a netgroup. The domain field is constant for each netgroup and defaults to the current IPA domain.
+			</div><div class="para">
+				The following is an example of a netgroup displayed using the IPA CLI:
+			</div><pre class="screen"><code class="command"># ipa netgroup-show net1</code>
+Netgroup name: net1
+Description: test netgroup
+NIS domain name: panda
+Member User: admin
+Member Host: icefloat.panda</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There is no necessary relationship between the machine and the user. Only one of those fields is usually used at a time to avoid confusion.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">11.1.4. IPA Netgroup Commands</h3></div></div></div><div class="para">
+				The IPA netgroup management plug-in conforms to the Create, Read, Update, Delete (CRUD) command-naming conventions used in all other plug-ins that ship with the default IPA installation. You can use the following command to display a list of the IPA commands available for working with netgroups:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command"># ipa help netgroup</code></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Creating_New_Netgroups"><h5 class="formalpara">Creating New Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add</code> command to add new netgroups to IPA:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				NAME - the name of the netgroup (can be anything, but must be unique)
+			</div><div class="para">
+				DESCRIPTION - the netgroup description (required)
+			</div><div class="para">
+				NISDOMAIN - the NIS domain name. Defaults to the current IPA domain
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Deleting_Netgroups"><h5 class="formalpara">Deleting Netgroups</h5>
+					Use the <code class="command">ipa netgroup-del</code> command to delete IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-del NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Displaying_Netgroups"><h5 class="formalpara">Displaying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-show</code> command to display information about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-show NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Modifying_Netgroups"><h5 class="formalpara">Modifying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-mod</code> command to modify details about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				Same as <code class="command">ipa netgroup-add</code>, except modifying the description is required and NISDOMAIN does not default to anything.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Searching_for_Netgroups"><h5 class="formalpara">Searching for Netgroups</h5>
+					Use the <code class="command">ipa netgroup-find</code> command to search for IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] [--uuid=UUID]</code></pre><div class="para">
+				CRITERIA is an optional substring, and if included in the query it must appear in either the name, the description or the NIS domain of the groups you are searching for. Other options are the same as <code class="command">ipa netgroup-add</code>, except that nothing is required and there are no default values. There is a new <code class="envar">UUID</code> option that allows searching netgroups by <code class="envar">ipaUniqueID</code>. If one of these options is set, the command returns only exact matches of this option.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Adding_Users_and_Hosts_to_Netgroups"><h5 class="formalpara">Adding Users and Hosts to Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add-member</code> command to add users and hosts to IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] [--hosts=HOSTS] \</code>
+  <code class="command">[--hostgroups=HOSTGROUPS] [--netgroups=NETGROUPS]</code></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Removing_Users_and_Hosts_From_Netgroups"><h5 class="formalpara">Removing Users and Hosts From Netgroups</h5>
+					Use the <code class="command">ipa netgroup-remove-member</code> command to remove users and hosts from IPA netgroups:
+				</div><pre class="screen">
+		<div class="cmdsynopsis"><p><code class="command">ipa netgroup-remove-member</code> {
+					NAME
+				} [
+					--users=USERS
+				] [
+					--groups=GROUPS
+				] [
+					--hosts=HOSTS
+				] [
+					--hostgroups=HOSTGROUPS
+				] [
+					--netgroups=NETGROUPS
+				]</p></div></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">11.1.4.1. Examples</h4></div></div></div><div class="para">
+					The following examples provide an introduction to using the <code class="command">ipa netgroup-*</code> commands:
+				</div><pre class="screen">
+<code class="command"># ipa netgroup-add net0 --desc="test netgroup"</code>
+  Netgroup name: net0
+  Description: test netgroup
+  NIS domain name: pavlova
+  IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a
+
+<code class="command"># ipa netgroup-mod net0 --desc="description change"</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+
+<code class="command"># ipa netgroup-add-member net0 --users=admin --hosts=testbox.pavlova</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member User: admin
+  Member Host: testbox.pavlova
+-------------------------
+Number of members added 2
+-------------------------
+
+<code class="command"># ipa netgroup-remove-member net0 --users=admin</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member Host: testbox.pavlova
+---------------------------
+Number of members removed 1
+---------------------------
+
+<code class="command"># ipa netgroup-del net0</code>
+
+<code class="command"># ipa netgroup-show net0</code>
+ipa: ERROR: no such entry
+</pre></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">11.2. Configuring the Network Information Service (NIS)</h2></div></div></div><div class="para">
+			The Network Information Service (NIS) is an RPC service, used in conjunction with <code class="systemitem">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+		</div><div class="para">
+			IPA provides a NIS server plug-in to facilitate the integration of NIS clients with an IPA domain, including exposing any automount maps that have been configured.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">11.2.1. Exposing Automount Maps to NIS Clients</h3></div></div></div><div class="para">
+				Currently, when the NIS service is enabled, the server is automatically configured to serve the NIS domain with the IPA domain's name, and to serve IPA users, groups, and netgroups (passwd, group, and netgroup maps) to the NIS domain.
+			</div><div class="para">
+				If you have defined automount maps, these maps need to be manually added to the NIS server plug-in's configuration in the directory server in order to expose them to NIS clients.
+			</div><div class="para">
+				The NIS plug-in needs to know the name of the NIS domain, the name of the NIS map, how to find the directory entries to use as the NIS map's contents, and which attributes to use as the NIS map's key and value. Most of these settings will be the same for every map.
+			</div><div class="para">
+				The IPA server stores the automount maps, grouped by automount location, in the <em class="parameter"><code>cn=automount</code></em> branch of the IPA domain's tree.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">11.2.1.1. Example Automount Map Configuration</h4></div></div></div><div class="para">
+					If you have created an automount map named <code class="filename">auto.example</code> in a location named "default", you first need to add an entry to the configuration for the NIS server running on a host named <code class="systemitem">dirsrv</code>, as follows: 
+<pre class="screen">LOCATION=default
+NISDOMAIN=example.com
+NISMAP=auto.master
+NISSERVER=dirsrv
+IPASUFFIX=`echo ${NISDOMAIN} | sed -e 's,^,dc=,g' -e 's,\.,\,dc=,g'`
+
+ldapadd -h ${NISSERVER} -x -D "cn=Directory Manager" -W &lt;&lt; EOF
+dn: nis-domain=${NISDOMAIN}+nis-map=${NISMAP},
+ cn=NIS Server, cn=plugins, cn=config
+objectClass: extensibleObject
+nis-domain: ${NISDOMAIN}
+nis-map: ${NISMAP}
+nis-filter: (objectclass=automount)
+nis-key-format: %{automountKey}
+nis-value-format: %{automountInformation}
+nis-base: automountmapname=${NISMAP}, ${LOCATION:+cn=${LOCATION},}
+ cn=automount, ${IPASUFFIX}
+
+EOF
+</pre>
+
+				</div><div class="para">
+					This entry instructs the plug-in to create a map named <code class="filename">auto.master</code> in the domain named <code class="systemitem">${NISDOMAIN}</code>, and that the data for that map should be read from the entries at and below <em class="parameter"><code>automountmapname=${NISMAP}</code></em>, which exists inside a container named <code class="systemitem">cn=${LOCATION}</code>. This container is in the automount section of the IPA data store. The keys for the entries in the automount map in NIS are the values of the <em class="parameter"><code>automountKey</code></em> attribute for the directory server entries, and the corresponding values in the NIS map are the values of the <em class="parameter"><code>automountInformation</code></em> attribute in those same entries.
+				</div><div class="para">
+					You then need to repeat the process for the <code class="filename">auto.direct</code> map, and then any other maps that you have defined.
+				</div></div></div></div><div class="section" id="migrintg-from-nis"><div class="titlepage"><div><div><h2 class="title" id="migrintg-from-nis">11.3. Migrating from NIS to IPA</h2></div></div></div><div class="para">
+			The IPA development team researched the topic of how netgroups are typically used in order to better determine an optimal migration design solution. This research shows that the main use cases for netgroups are the aggregation of users and the aggregation of hosts, but not both at the same time. IPA does not provide a special script or command to facilitate the migration of customers' existing netgroups to IPA. This operation must be performed by the system administrator himself or with the help of professional services. This chapter provides some guidelines to ease the process of migrating netgroups to IPA.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">11.3.1. Preparing Your Environment</h3></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					These procedures are guidelines only, and are provided to help clean your environment and make it more manageable. It is not a definitive set of instructions, and administrators need to be creative and factor in the real constraints present in their environment. If any steps described below are not possible due to independent conditions, we recommend migrating netgroups on a one-to-one basis. This is described later in this chapter.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment"><h6>Procedure 11.1. To prepare your environment</h6><ol class="1"><li class="step"><div class="para">
+						Inspect your client applications and determine which kind of grouping information they need from the central server. For example, if netgroups exist that contain only users, and any applications that rely on these netgroups can be converted to use UNIX groups instead of netgroups, then we recommend doing so. If this is not possible, we still recommend creating UNIX groups out of the netgroups. If no applications use them, we recommend deleting these netgroups altogether. Refer to the following example:
+					</div><ol class="a"><li class="step"><div class="para">
+								Given the following netgroup: <code class="systemitem">(host1, user1, )(host2, user2,)(host3, user3, )...</code>, create a group consisting of the users <code class="systemitem">user1</code>, <code class="systemitem">user2</code>, and <code class="systemitem">user3</code> (assuming it does not already exist).
+							</div></li><li class="step"><div class="para">
+								Create a netgroup that has a <em class="parameter"><code>memberUser</code></em> attribute equal to the DN of the newly-created group. This netgroup will be equivalent to your original netgroup.
+							</div></li></ol></li><li class="step"><div class="para">
+						Migrating hosts is more straightforward. The creation of a host group automatically triggers the creation of a netgroup that is linked to the newly-created host group. This functionality is enabled by default, and can be managed with the following commands: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage status</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage disable</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage enable</code>
+								</div></li></ul></div>
+
+					</div><div class="para">
+						This can be disabled when the clients no longer use netgroups for aggregation of hosts.
+					</div></li><li class="step"><div class="para">
+						If none of the above recommendations are possible and the netgroups need to be converted on a one-to-one basis, then:
+					</div><ol class="a"><li class="step"><div class="para">
+								Ensure that all users referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Ensure that all hosts referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Create a netgroup with the same name as the original netgroup.
+							</div></li><li class="step"><div class="para">
+								Add users and hosts as direct members of the netgroup, or, alternatively, put them into groups and then add those groups as members to the netgroup.
+							</div><div class="para">
+								For IPA clients, both methods result in the same thing — having the users and hosts managed in the netgroup — but from an administrative perspective, it may be simpler in some environments to use one option instead of the other.
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">11.3.2. Migrating Netgroups</h3></div></div></div><div class="para">
+				There are three main approaches that can be taken to the actual migration procedure:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dump the netgroups from the source into an LDIF file.
+							</div></li><li class="listitem"><div class="para">
+								Create a script that follows the instructions in <a class="xref" href="#proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment">Procedure 11.1, “To prepare your environment”</a> to convert the LDIF format into an LDIF file that contains IPA native objects.
+							</div></li><li class="listitem"><div class="para">
+								Run the conversion script and load the resulting LDIF file into IPA using the <code class="command">ldapmodify</code> command.
+							</div><div class="para">
+								Refer to <a href="http://linux.die.net/man/1/ldapmodify">http://linux.die.net/man/1/ldapmodify</a> or a similar man page for more details.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Create a script to retrieve data from the source (by parsing the LDIF file or by connecting to the original source of information using the client utility).
+							</div></li><li class="listitem"><div class="para">
+								Create a second script that invokes a sequence of IPA CLI commands. This script uses the information from the first script to create user, user group, host, host group and netgroup entries, and to create the appropriate associations.
+							</div><div class="para">
+								Refer to the IPA CLI help system for more details. Use the <code class="command">ipa help</code> command to display a list of available topics.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Use the UI to manually create a new structure of netgroups.
+							</div></li></ol></div></li></ol></div></div></div></div><div xml:lang="en-US" class="chapter" id="authz" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Policy: Configuring Authorization</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#configuring-host-access">12.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">12.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">12.3. HBAC Services</a></span></dt></dl></div><div class="section" id="configuring-host-access"><div class="titlepage"><div><div><h2 class="title" id="configuring-host-access">12.1. Configuring Host-Based Access Control</h2></div></div></div><div class="para">
+			Host-based access control (HBAC) uses <em class="firstterm">rules</em> to determine who can access what services on what hosts and from where. You can use HBAC to control which users or groups on a source host can access a service, or group of services, on a target host. Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
+		</div><div class="para">
+			You can also specify a category of users, target hosts, and source hosts. This is currently limited to "all", but might be expanded in the future.
+		</div><div class="para">
+			The available services and groups of services are controlled by the <code class="systemitem">hbacsvc</code> and <code class="systemitem">hbacsvcgroup</code> plug-ins, respectively.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">12.2. HBAC Service Groups</h2></div></div></div><div class="para">
+			HBAC service groups can contain any number of individual services (<em class="firstterm">members</em>), and are typically used to group similar services to make it easier to create HBAC rules. All HBAC service groups require a name and description. IPA provides a single default group, SUDO, used for SUDO-related services.
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvcgroup-find</code> command to display the existing HBAC groups: 
+<pre class="screen"><code class="command"># ipa hbacsvcgroup-find</code>
+----------------------------
+1 HBAC service group matched
+----------------------------
+  Service group name: SUDO
+  Description: Default group of SUDO related services
+----------------------------
+Number of entries returned 1
+----------------------------</pre>
+
+		</div><div class="para">
+			IPA provides commands for adding, removing and modifying HBAC service groups, adding and removing members to and from those groups, and displaying group information. Refer to the <code class="command">ipa help hbacsvcgroup</code> help page for more information.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">12.3. HBAC Services</h2></div></div></div><div class="para">
+			HBAC services refer to the PAM services that the IPA HBAC system can control access to. HBAC service names must exactly match the service name that PAM is evaluating. For example, use the following command to add the <code class="systemitem">tftp</code> service as an HBAC service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-add tftp</code>
+-------------------------
+Added HBAC service "tftp"
+-------------------------</pre>
+
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvc-find</code> command to search for HBAC services. Note that in this example, two results are returned; the newly-added <code class="systemitem">tftp</code> service and the preexisting <code class="systemitem">ftp</code> service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-find ftp</code>
+-----------------------
+2 HBAC services matched
+-----------------------
+Service name: ftp
+Description: ftp
+
+Service name: tftp
+----------------------------
+Number of entries returned 2
+----------------------------
+</pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">ipa help hbacsvc</code> help page for more information.
+		</div></div></div><div xml:lang="en-US" class="chapter" id="sudo" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Policy: Using sudo</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-sudo">13.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">13.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">13.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">13.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configurati
 on">13.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-sudo">13.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">13.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">13.2.2. Client Configuration for Sudo Rules</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">13.2.2.1. NIS Configuration Notes</a></span></dt></dl></dd></dl></dd></dl></div><div class="section" id="about-sudo"><div class="titlepage"><div><div><h2 class="title" id="about-sudo">13.1. About sudo and IPA</h2></div></div></div><div class="para">
+			The <code class="command">sudo</code> command allows a system administrator to delegate authority, allowing certain users (or groups of users) the ability to run one or more commands as root or as another user, and at the same time providing an audit trail of the commands and their arguments. For more information, including coverage of the options available for use with <code class="command">sudo</code>, refer to the <code class="command">sudo</code> and <code class="command">sudoers</code> man pages.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">13.1.1. Sudo with LDAP</h3></div></div></div><div class="para">
+				In the past, <code class="command">sudo</code> used a single, local, configuration file, <code class="filename">/etc/sudoers</code>. It is possible to share the same <code class="filename">sudoers</code> file among machines, but there is no built-in mechanism to distribute it. Some have attempted to work around this by synchronizing changes using CVS, RSYNC, RDIST, RCP, SCP, and even NFS. By using LDAP for <code class="filename">sudoers</code>, IPA provides a centrally-administered, globally-available configuration source for <code class="command">sudo</code>.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">13.1.2. Limitations of the Existing Sudo LDAP Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					The current schema relies on LDAP-stored POSIX groups for its groups of users. The limitation here is that you cannot use a group of users for <code class="command">sudo</code> without the users inheriting potential POSIX rights.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Hosts"><h5 class="formalpara">Groups of Hosts</h5>
+					The current schema does not have a concept of host groups. Instead, it relies on the legacy LDAP nisNetgroupTriple to manage groups of hosts.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					The current schema does not have a concept of command groups. This requires that individual commands be present in each Sudo rule. It also limits the ability to reuse a group of commands for multiple Sudo rules.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">13.1.3. Benefits of the IPA Alternative Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					Groups of users can be either POSIX or non-POSIX groups within IPA. This provides the flexibility to group users without assigning POSIX rights or GID information to the group.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Computers"><h5 class="formalpara">Groups of Computers</h5>
+					The IPA alternative schema also addresses the issue of host groups and netgroups for the purpose of sudo. The <code class="command">sudo</code> utility itself does not support host groups—a better and cleaner host grouping mechanism—but instead expects netgroups. To resolve this issue, IPA automatically creates a "shadow netgroup" with the same name as every host group that you create. This means that you can create host groups but still use netgroups with <code class="command">sudo</code> without encountering any problems.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					Command groups are a new concept introduced by IPA. These objects allow administrators the ability to create groups of <code class="command">sudo</code> commands that can be reused for multiple rules without the need of assigning individual commands throughout.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">13.1.4. Compatibility and Managed Entry Plug-in Configuration</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Compatibility_Translation_for_Native_Sudo"><h5 class="formalpara">Compatibility Translation for Native Sudo</h5>
+					The native <code class="command">sudo</code> binary does not yet support SSSD or the IPA Sudo Schema. As an interim solution, IPA has implemented a compatibility plug-in which transparently translates IPA Sudo rules into those supported by the current <code class="command">sudo</code> binary.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Managed_Entries_for_NIS_Netgroups"><h5 class="formalpara">Managed Entries for NIS Netgroups</h5>
+					In order to seamlessly support the current implementation of sudo, IPA provides a managed entry plug-in for NIS netgroups. Whenever an IPA host group is created, a translated nisNetgroupTriple is also created.
+				</div></div></div><div class="section" id="configuring-sudo"><div class="titlepage"><div><div><h2 class="title" id="configuring-sudo">13.2. Configuring sudo</h2></div></div></div><div class="para">
+			To fully implement Sudo rules, you need to perform various configuration steps on both the IPA server and client. You should first create a <em class="firstterm">Sudo command object</em>, and optionally create any <em class="firstterm">Sudo command groups</em>. Finally, create a <em class="firstterm">Sudo rule</em>, which should contain at least the following components: 
+			<div class="itemizedlist"><div class="para">
+					One or more:
+				</div><ul><li class="listitem"><div class="para">
+						users or groups of users
+					</div></li><li class="listitem"><div class="para">
+						hosts or groups of hosts
+					</div></li><li class="listitem"><div class="para">
+						commands or groups of commands
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These steps are described in detail in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">13.2.1. Server Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules"><h6>Procedure 13.1. How to configure your server to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Set up a host group, and add the client to the host group:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add bne_doc</code>
+  Description: BNE Documentation hosts
+  -------------------------------
+  Added hostgroup "bne_doc"
+  -------------------------------
+  Host-group: bne_doc
+  Description: BNE Documentation hosts</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add-member bne_doc --hosts ipaclient.ipadocs.org</code>
+  Host-group: bne_doc
+  Description: BNE Documentation hosts
+  Member hosts: ipaclient.ipadocs.org
+-------------------------
+Number of members added 1
+-------------------------</pre></li></ol></li><li class="step"><div class="para">
+						Set up a user group, and add the required users to this group. This procedure assumes that the IPA users already exist:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa group-add translators</code>
+  Description: Translation team
+  -------------------------
+  Added group "translators"
+  -------------------------
+  Group name: translators
+  Description: Translation team
+  GID: 1014000006</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa group-add-member translators --users yhuang,klim,hchoi</code>
+    Group name: translators
+    Description: Translation team
+    GID: 1014000006
+    Member users: yhuang, klim, hchoi
+-------------------------
+Number of members added 3
+-------------------------
+</pre></li></ol></li><li class="step"><div class="para">
+						Set up a bind user. This requires setting the password for the <code class="command">sudo</code> bind user. 
+<pre class="screen"><code class="command">$ LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipaserver.ipadocs.org -ZZ \</code>
+  <code class="command">-D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org</code>
+    New password: &lt;sudo user's password&gt;
+    Re-enter new password: &lt;sudo user's password&gt;
+    Enter LDAP Password: &lt;Directory Manager's password&gt;
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Set up the Sudo commands.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add one or more logically-related Sudo commands: 
+<pre class="screen"><code class="command">$ ipa sudocmd-add --desc 'For reading log files' '/usr/bin/less'</code>
+----------------------------------
+Added sudo command "/usr/bin/less"
+----------------------------------
+  Sudo Command: /usr/bin/less
+  Description: For reading log files</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add a suitable Sudo command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add --desc 'Read-only commands' readonly</code>
+-----------------------------------
+Added sudo command group "readonly"
+-----------------------------------
+  Sudo Command Group: readonly
+  Description: Read-only commands</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the command to the command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add-member --sudocmds '/usr/bin/less' readonly</code>
+  Sudo Command Group: readonly
+  Description: Read-only commands
+  Member Sudo commands: /usr/bin/less
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the Sudo rules.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add readonly-commands</code>
+-----------------------------------
+Added sudo rule "readonly-commands"
+-----------------------------------
+  Rule name: readonly-commands
+  Enabled: TRUE
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the allowable commands. These are the commands enabled by this Sudo rule when it is active. 
+<pre class="screen">$ ipa sudorule-add-allow-command --sudocmdgroups readonly readonly-commands
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the hosts. These are the hosts and host groups to which this Sudo rule applies when it is active. 
+<pre class="screen"><code class="command">$ ipa sudorule-add-host --hostgroups bne_doc readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the users (or groups of users). These are the IPA users affected by this Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add-user --groups translators readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Groups: translators
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">13.2.2. Client Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-How_to_configure_your_client_to_use_Sudo_rules"><h6>Procedure 13.2. How to configure your client to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Configure <code class="command">sudo</code> to look to LDAP for the <code class="filename">sudoers</code> file. Add the following line to <code class="filename">/etc/nsswitch.conf</code>: 
+<pre class="programlisting">sudoers:  ldap</pre>
+
+					</div><div class="para">
+						You can still use the local <code class="filename">/etc/sudoers</code> file in preference to the LDAP version. The following configuration uses the local file before referring to LDAP to find <code class="command">sudo</code> rules: 
+<pre class="programlisting">sudoers:  files ldap</pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure SSSD to look for NIS netgroups.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following line immediately after the <em class="parameter"><code>ipa_server</code></em> entry in the <code class="filename">/etc/sssd/sssd.conf</code> file: 
+<pre class="programlisting">ldap_netgroup_search_base = cn=ng,cn=compat,dc=ipadocs,dc=org</pre>
+
+							</div></li><li class="step"><div class="para">
+								Restart the SSSD daemon: 
+<pre class="screen"><code class="command"># service sssd restart</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Edit the LDAP configuration file for <code class="command">sudo</code>:
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following lines to the <code class="filename">/etc/nss_ldap.conf</code> file. You may have to create this file if it does not already exist: 
+<pre class="programlisting">sudoers_base ou=SUDOers,dc=ipadocs,dc=org
+binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org
+bindpw &lt;sudo user's password&gt;
+ssl start_tls
+tls_cacertfile /etc/ipa/ca.crt
+tls_checkpeer yes
+bind_timelimit 5
+timelimit 15
+uri ldap://ipaserver.ipadocs.org
+</pre>
+								 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+										The sudo user's password in this configuration is the same password you set up in <a class="xref" href="#proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules">Procedure 13.1, “How to configure your server to use Sudo rules:”</a>.
+									</div></div></div>
+
+							</div><div class="para">
+								If desired, you can also add the <em class="parameter"><code>sudoers_debug</code></em> parameter to this file to assist with any troubleshooting processes. Valid values for this parameter are 0, 1, and 2. Refer to <a href="http://www.gratisoft.us/sudo/readme_ldap.html">http://www.gratisoft.us/sudo/readme_ldap.html</a> for more information.
+							</div></li><li class="step"><div class="para">
+								To support compatibility with the legacy configuration, create the following symbolic link: 
+<pre class="screen"><code class="command"># ln -s /etc/nss_ldap.conf /etc/ldap.conf</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the NIS domain. Sudo still utilizes NIS netgroups, and so to support the client-side identification of NIS netgroup domains, you need to define your NIS domain name, as follows: 
+<pre class="screen"><code class="command"># nisdomainname example.com</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">13.2.2.1. NIS Configuration Notes</h4></div></div></div><div class="para">
+					Originally called <em class="firstterm">Yellow Pages (YP)</em>, NIS was created by Sun Microsystems and stands for Network Information Service. It was primarily used by UNIX to centrally manage authentication and enumeration information such as user/password, host/IP address, POSIX groups, and netgroups. NIS (the service) does not actually need to be configured on either the client or the server. Not only is it unnecessary, but might be considered a security risk if it were running. NIS is an RPC service and is insecure by today's standards, partly because: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								It provides no host authentication mechanisms
+							</div></li><li class="listitem"><div class="para">
+								It transmits all of its information over the network unencrypted, including password hashes
+							</div></li></ul></div>
+
+				</div><div class="para">
+					Modern Linux/BSD systems implement the <em class="firstterm">Name Service Switch (NSS)</em>, which provides a means of controlling and directing look ups for authentication and enumeration information.
+				</div><div class="para">
+					The IPA LDAP implementation provides the schema to support NIS as defined in <a href="http://tools.ietf.org/html/rfc2307">RFC 2307</a>. NIS objects are automatically created inside of LDAP and NSS_LDAP, or SSSD fetches them using an encrypted LDAP connection.
+				</div><div class="para">
+					Utilizing SSSD or NSS_LDAP, a client system can enumerate the necessary NIS information using authenticated and encrypted queries to the back end LDAP service provided by the IPA Server. This eliminates the need for NIS client configuration for systems that can support NIS using LDAP when utilizing IPA.
+				</div></div></div></div></div><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. Configuring the IPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#managing-access-to-ipa">14.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">14.1.1. Server-side Access Control</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">14.1.1.1. Types of Access Control</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#creating-roles">14.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">14.3. Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_
 Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">14.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="#search-limits">14.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="#disabling-anon-binds">14.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">14.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">14.7.1. Assigning UIDs and GIDs</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">14.7.1.1. Selecting ID Ranges</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Assigning_UI
 Ds_and_GIDs-Adding_New_Ranges">14.7.1.2. Adding New Ranges</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">14.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">14.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">14.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="#Using_OCSP">14.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">14.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="s
 ection"><a href="#ipa-cluster">14.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">14.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">14.10.1.1. Service-specific Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">14.10.1.2. SSL Server Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Servic
 es">14.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">14.11. Creating DNS Entries for IPA Replicas</a></span></dt><dt><span class="section"><a href="#promoting-replica">14.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="#logging">14.13. IPA Server Logging</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">14.1. Defining Access Controls within IPA</h2></div></div></div><div class="para">
+			Access control is a mechanism which defines user access. That is, it defines the rights that users and other objects have been granted in order to perform operations on other users or objects. When the IPA directory server receives a request, it uses the authentication information provided by the user in the bind operation together with <em class="firstterm">access control instructions (ACIs)</em> defined in the server to allow or deny access to directory information. The server can allow or deny permissions for actions, such as read, write, search, and compare, on directory server entries. The permission level granted to a user may depend on the authentication information provided.
+		</div><div class="para">
+			IPA implements a number of different methods for controlling access to the various objects, commands and processes that exist within an IPA domain. This includes a Kerberos Ticket Policy, a Password Policy, Host-based Access Control and SUDO Command Policies for controlling client access to services and commands; that is, outside of the IPA server, and a separate Access Control Model for controlling server-side objects; that is, LDAP entries within the IPA server.
+		</div><div class="para">
+			IPA relies on three separate types of access control rules:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Role-based rules: specify what operations an entity can perform based on its IPA Role.
+				</div></li><li class="listitem"><div class="para">
+					Self-service rules: specify what an entity can change within its own entry.
+				</div></li><li class="listitem"><div class="para">
+					Delegation rules: specify which groups can modify members of another group.
+				</div></li></ul></div><div class="para">
+			These three types of access control complement each other, and allow IPA administrators to create a very flexible set of access control permissions and restrictions.
+		</div><div class="para">
+			Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Users, groups, hosts, and host groups can be added to different IPA Roles. These roles provide the necessary permissions for access. You can create as many roles as you need to suit the requirements of your deployment.
+		</div><div class="para">
+			There are several aspects to working with roles. Because it is a hierarchical system, to create a fully operational role you need to create the role itself, add privileges to this role to establish what tasks it can and cannot perform, and finally add members to the role, such as users, groups, etc. The reverse is also true; if you remove a role, then any users or groups who relied on this role to perform certain tasks will no longer be able to do so.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot create nested roles. That is, a role cannot contain another role.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">14.1.1. Server-side Access Control</h3></div></div></div><div class="para">
+				The IPA Access Control Model is based on the underlying 389 Directory Server access control model, which uses access control instructions (ACIs) to define user access within the system. An ACI is a construct that can express a complex set of access control information.
+			</div><div class="para">
+				As explained in the directory server documentation, the three main parts of an ACI statement are: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Target
+						</div></li><li class="listitem"><div class="para">
+							Permission
+						</div></li><li class="listitem"><div class="para">
+							Bind Rule
+						</div></li></ul></div>
+
+			</div><div class="para">
+				The ACI structure itself is very flexible, but can also be confusing. IPA attempts to structure these ACIs in order to provide a formalized input and output that can be expressed on the command line and in the WebUI, while at the same time maintaining sufficient flexibility to create complex access control rules. In order to achieve this, IPA implements three types of access control. These are discussed in the following sections.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">14.1.1.1. Types of Access Control</h4></div></div></div><div class="para">
+					IPA relies on three separate types of access control rules: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Role-based
+							</div></li><li class="listitem"><div class="para">
+								Self-service
+							</div></li><li class="listitem"><div class="para">
+								Delegation
+							</div></li></ul></div>
+					 These three types of access control complement each other, allowing IPA administrators to create a very flexible set of access control permissions and restrictions.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Role_based_Access_Control"><h5 class="formalpara">Role-based Access Control</h5>
+						Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Different users who perform the same tasks within an organization are typically combined into a group, and this group is made a member of an IPA <em class="firstterm">Role</em>. This Role provides the member groups and users the necessary permissions to perform their assigned tasks.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Self_service_Access_Control"><h5 class="formalpara">Self-service Access Control</h5>
+						Self-service access control defines what operations an entity can perform on itself. This method of control is attribute based; that is, it defines what attributes can be modified for any particular entity. The ability of a user to update their own password is an example of self-service access control. Self-service access control applies to any authenticated entity performing an operation, not only to users. This method of access control should also be used with caution, to avoid the possibility that it lead to the elevation of an entity's privileges.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Delegation_Access_Control"><h5 class="formalpara">Delegation Access Control</h5>
+						Delegation access control defines what operations one group of users or entries can perform on another group of users or entries. In each case, the group of users or entries may be identified by a provided filter. The core difference between delegation access control rules and other rules is that the target—the object of the access control rule—is not a class of entries but rather a set of specific entries that are members of a group or retrieved by a specific filter. The delegation rules allow targeted management of specific user entries.
+					</div><div class="para">
+					In each case, the access control rule resolves the constituents of the IPA access control expression: "<em class="firstterm">Who</em> can do <em class="firstterm">What</em> to <em class="firstterm">Whom</em>". The following section explains these constituents in more detail.
+				</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression">14.1.1.1.1. The IPA Access Control Expression</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Who_of_Access_Control"><h5 class="formalpara">The "Who" of Access Control</h5>
+							In simple grammatical terms, the "who" of an IPA <em class="firstterm">access control instruction (ACI)</em>, or expression, is the subject. It specifies the entity that interacts with the system and tries to perform an administrative task. This task could be an administrator adding a user, a user changing his home address, or a host requesting a certificate for a service running on the host.
+						</div><div class="para">
+						It is important to understand that the "who" is not necessarily a person; it can be any entity that has successfully authenticated against IPA. In order to authenticate against the IPA server, this entity, the "who", needs to have a Kerberos principal. After the entity has authenticated, it can connect to the IPA server and try to issue administrative commands. The system will either allow or deny the requested operation based on this entity's permissions.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_What_of_Access_Control"><h5 class="formalpara">The "What" of Access Control</h5>
+							To continue the analogy with grammatical terms, the "what" of an IPA ACI is the verb. This specifies the actual administrative operation that the subject, the "who", is trying to perform. Such operations can target actual entries, such as adding or deleting users, or they can target specific attributes of entries, such as changing phone numbers for a user entry, or changing the member attributes of a group entry.
+						</div><div class="para">
+						Most entry attributes are optional, and the operations against attributes can be any of the following: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">Add</code> — allows the creation of a new attribute, or new values for multi-valued attributes.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Delete</code> — allows the removal of an attribute.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Read</code> — makes attributes accessible.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Write</code> — allows modification of existing attributes.
+								</div></li></ul></div>
+
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Whom_of_Access_Control"><h5 class="formalpara">The "Whom" of Access Control</h5>
+							The "whom" of an IPA ACI is the object, or <em class="firstterm">target</em>, upon which the ACI acts. Targets can be expressed in different ways: 
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										As a class of entries, for example: <code class="classname">user</code>; <code class="classname">group</code>; <code class="classname">host</code>.
+									</div></li><li class="listitem"><div class="para">
+										As a location in a specific part of the directory tree, for example: everything under <em class="parameter"><code>cn=accounts</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a specific attribute potentially used in many types of entries, for example: the <em class="parameter"><code>cn</code></em> attribute.
+									</div></li><li class="listitem"><div class="para">
+										As a specific entry, for example: <em class="parameter"><code>fqdn=mycomp.mywork.com</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a set of entries selected by filter, for example: <em class="parameter"><code>cn="filter"</code></em>.
+									</div></li></ul></div>
+
+						</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types">14.1.1.1.2. Directory Server ACIs and IPA Access Control Types</h5></div></div></div><div class="para">
+						The following table summarizes the relationship between the different Directory Server ACI components and the IPA access control types.
+					</div><div class="table" id="tabl-Enterprise_Identity_Management_Guide-Directory_Server_ACIs_and_IPA_Access_Control_Types-Summary_mapping_table_of_Directory_Server_ACI_component_types_to_IPA_access_control_types."><h6>Table 14.1. Summary mapping table of Directory Server ACI component types to IPA access control types.</h6><div class="table-contents"><table summary="Summary mapping table of Directory Server ACI component types to IPA access control types." border="1"><colgroup><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /></colgroup><thead><tr><th align="left">
+										Type of Access Control
+									</th><th align="left">
+										Target
+									</th><th align="left">
+										Permission
+									</th><th align="left">
+										Bind Rule
+									</th></tr></thead><tbody><tr><td align="left">
+										Role-based
+									</td><td align="left">
+										An entry as a whole (for add and delete), or a set of attributes of an entry.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										<div class="para">
+											Taskgroup.
+										</div>
+										 <div class="para">
+											(A taskgroup is a special internal entry developed as part of IPA to construct the access control hierarchy. A taskgroup is a "container" that is granted permission to perform specific tasks.)
+										</div>
+
+									</td></tr><tr><td align="left">
+										Self-service
+									</td><td align="left">
+										Attributes within the entity's own entry.
+									</td><td align="left">
+										Write permission for specific attributes. All attributes are readable unless globally hidden.
+									</td><td align="left">
+										The entity who authenticated.
+									</td></tr><tr><td align="left">
+										Delegation
+									</td><td align="left">
+										A group of users or a set of entries selected by a filter.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										A group of users, usually a group of administrative users.
+									</td></tr></tbody></table></div></div><br class="table-break" /></div></div></div></div><div class="section" id="creating-roles"><div class="titlepage"><div><div><h2 class="title" id="creating-roles">14.2. Creating Roles</h2></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_an_IPA_Role-To_set_up_a_new_role"><h6>Procedure 14.1. To set up a new role:</h6><ol class="1"><li class="step"><div class="para">
+					Add the new role:
+				</div><pre class="screen"><code class="command"># ipa role-add --desc="User Administrator" useradmin</code>
+  ------------------------
+  Added role "useradmin"
+  ------------------------
+  Role name: useradmin
+  Description: User Administrator</pre></li><li class="step"><div class="para">
+					Add the required privileges to the role:
+				</div><pre class="screen"><code class="command"># ipa role-add-privilege --privileges="User Administrators" useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Privileges: user administrators
+  ----------------------------
+  Number of privileges added 1
+----------------------------
+</pre></li><li class="step"><div class="para">
+					Add the required groups to the role. In this case, we are adding only a single group, <code class="systemitem">useradmin</code>, which already exists.
+				</div><pre class="screen"><code class="command"># ipa role-add-member --groups=useradmins useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Member groups: useradmins
+  Privileges: user administrators
+  -------------------------
+  Number of members added 1
+-------------------------
+</pre></li></ol></div><div class="para">
+			The result of this procedure is that any user in the <code class="systemitem">useradmins</code> group can add, modify, and remove users, change user passwords, add users to the default group, and unlock user accounts. You can use the <code class="command">ipa privilege-show</code> command to determine exactly which command set the user or group can access: 
+<pre class="screen"><code class="command"># ipa privilege-show 'user administrators'</code>
+  Privilege name: User Administrators
+  Description: User Administrators
+  Permissions: add users, change a user password, add user to default group, unlock user accounts,
+  remove users, modify users
+  Granting privilege to roles: useradmin</pre>
+
+		</div><div class="para">
+			As the needs of your enterprise change, you may need to modify the roles that you have established. For example, you may need to change the members of the role, or change the privileges associated with the role. You can use the <code class="command">ipa role-*</code> commands to perform these functions. For example, to remove an existing privilege from a role, use the <code class="command">ipa role-remove-privilege</code> command. To remove members from a role, use the <code class="command">ipa role-remove-member</code> command. Refer to the <code class="command">ipa role help</code> pages for more information.
+		</div><div class="para">
+			You can use the <code class="command">ipa role-del</code> command to delete IPA roles from your configuration. Bear in mind, however, that any entities that rely on this role for access to IPA objects or to perform certain tasks will no longer have that ability.
+		</div></div><div class="section" id="self-service"><div class="titlepage"><div><div><h2 class="title" id="self-service">14.3. Defining Self-Service Settings</h2></div></div></div><div class="para">
+			Self-service access control rules define the operations that an entity can perform on itself. These rules are attribute based; that is, they define what attributes can be modified for any particular entity. You can create self-service rules so that users can manage their own addresses, keep their contact details current, change their passwords, etc.
+		</div><div class="para">
+			Self-service rules are defined and managed by a number of sub-commands. Use the <code class="command">ipa help selfservice</code> command to display the list of available commands.
+		</div><div class="para">
+			The following example demonstrates how to add a new self-service rule that allows users to maintain their own name details. Note that access control rules whose names contain spaces or other special characters need to be quoted. 
+<pre class="screen"><code class="command">$ ipa selfservice-add "Users can manage their own name details" --permissions=write \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials</code>
+-----------------------------------------------------------
+Added selfservice "Users can manage their own name details"
+-----------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials</pre>
+
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-show</code> command to display the newly-created rule.
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-mod</code> command to manage your self-service rules. For example, you can add or remove various attributes from any of the defined rules, or change the permissions. For example, you can add telephone contact details to the rule we created in the previous example: 
+<pre class="screen"><code class="command">$ ipa selfservice-mod "Users can manage their own name details" \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials,homephone,mobile,telephonenumber</code>
+--------------------------------------------------------------
+Modified selfservice "Users can manage their own name details"
+--------------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials, homephone, mobile, telephonenumber</pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to include all of the required attributes when you modify a self-service rule, including existing ones.
+			</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">14.4. Specifying Default User Settings</h2></div></div></div><div class="para">
+			You can configure the default settings for IPA users to suit your deployment. For example, you can specify the maximum username length, the default path to the <code class="filename">/home</code> directory, the default shell, and other attributes.
+		</div><div class="para">
+			IPA supports the following User Settings:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Maximum Username Length</strong></span> (<span class="property">ipaMaxUsernameLength</span>): The maximum length of any username. The default value is eight.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Root for Home Directories</strong></span> (<span class="property">ipaHomesRootDir</span>): The root directory for all home directories. The default value is <code class="filename">/home</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default Shell</strong></span> (<span class="property">ipaDefaultLoginShell</span>): The default shell for all user accounts. The default value is <code class="command">/bin/sh</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default User Group</strong></span> (<span class="property">ipaDefaultPrimaryGroup</span>): The default group to which all newly created accounts are added. The default value is <code class="systemitem">ipausers</code>, which is automatically created during the IPA server installation process.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default E-mail Domain</strong></span> (<span class="property">ipaDefaultEmailDomain</span>): The default domain used to create email addresses for all newly created accounts. The default is the domain to which the IPA server belongs.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. The following is an example of how to set the maximum username length to 64 characters, and the default home directory to <code class="filename">/users/home</code>:
+		</div><pre class="screen"><code class="command"># ipa config-mod --maxusername=64 --homedirectory=/users/home</code>
+Max username length: 64
+Home directory base: /users/home
+Default shell: /bin/sh
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 100
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Migration mode: FALSE
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The default root directory for all home directories is <code class="filename">/home</code>, but it is the responsibility of the system administrator to ensure that whatever value is specified for this attribute is actually available.
+			</div><div class="para">
+				Red Hat Enterprise Linux includes a <code class="systemitem">PAM</code> module called <code class="systemitem module">pam_mkhomedir</code> that can automatically create a home directory if one does not exist for the user authenticating against the system. IPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+			</div></div></div></div><div class="section" id="search-limits"><div class="titlepage"><div><div><h2 class="title" id="search-limits">14.5. Setting Default Search Limits</h2></div></div></div><div class="para">
+			You can set limits on the number of records returned when performing various queries, for example when you run the <code class="command">ipa user-find</code> command. These limits are specified by the <em class="parameter"><code>Search size limit</code></em> attribute in the default IPA configuration. The default value for this attribute is 100.
+		</div><div class="para">
+			To view the current configuration, run the <code class="command"># ipa config-show</code> command. Refer to the <code class="command">ipa help config</code> help page for more information.
+		</div><div class="para">
+			The following is a sample IPA configuration:
+		</div><pre class="screen">[ming at myserver ~]$ ipa config-show
+Max username length: 32
+Home directory base: /home
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 20
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			You can use the <code class="command">ipa config-mod</code> command to specify a suitable value for the <em class="parameter"><code>Search size limit</code></em> attribute. For example, if you set this value to 10, the <code class="command">ipa user-find</code> command will only return 10 entries, even if many more entries exist. If you set this value to 0 (zero) or −1, it means that there are no restrictions on the number of entries that can be returned.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_Limits_for_Search_Results-Setting_search_size_limits"><h6>Procedure 14.2. Setting search size limits</h6><ul><li class="step"><div class="para">
+					To set the <em class="parameter"><code>Search size limit</code></em> attribute to 50, run the following command: 
+<pre class="programlisting"><code class="command"># ipa config-mod --searchrecordslimit=50</code></pre>
+
+				</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to be aware of the potential performance impact of setting the search size limit too high. You need to determine a suitable balance between the benefits of always returning all entries matched by a search, and the performance gained by implementing a search filter.
+			</div><div class="para">
+				Note also that if the size limit is set too high or removed completely it might affect the behavior of UI screens.
+			</div></div></div><div class="para">
+			You can configure various aspects of the IPA search functionality to suit your deployment. For example, you can restrict the number of fields upon which a user can base a search, or limit the number of records returned for any particular search.
+		</div><div class="para">
+			IPA supports the following search configuration attributes:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Time Limit</code></em>: The maximum time, in seconds, that a search will run before failing.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Records Limit</code></em>: The maximum number of records that a search can return. Set this value to zero (0) to specify no limit. The directory server limit (the default value is 2000) still applies.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>User Search Fields</code></em>: For a user search, specifies the fields to search for the values entered by a user.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Group Search Fields</code></em>: For a group search, specifies the fields to search for the values entered by a user.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. For example, to specify a search time limit of 60 seconds, use the following command: 
+<pre class="screen"><code class="command"># ipa config-mod --searchtimelimit=60</code></pre>
+			 Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="para">
+			If you add attributes to the user or group search fields, you should also create a new <code class="systemitem">LDAP</code> index for those attributes to avoid performance degradation. Conversely, the existence of too many indexes can impact write performance, so you need to balance one against the other.
+		</div><div class="para">
+			Refer to <a href="http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Indexes-Creating_Indexes.html">Creating Indexes</a> in the <em class="citetitle">Directory Server Administration Guide</em> for information on creating indexes.
+		</div></div><div class="section" id="disabling-anon-binds"><div class="titlepage"><div><div><h2 class="title" id="disabling-anon-binds">14.6. Disabling Anonymous Binds</h2></div></div></div><div class="para">
+			Even though the XML-RPC and WebUI always require authentication, the default IPA configuration allows anonymous binds to the LDAP port by anyone in the same domain as the IPA server, and consequent retrieval of a range of data, including user, group, netgroup, host, host group, and service records. This is generally considered insecure, and some RFC standards require that it be disabled to achieve compliance. With anonymous binds disabled, all connections to the directory server need to provide a valid identity.
+		</div><div class="para">
+			To disable anonymous binds, perform this LDAP modification: 
+<pre class="screen"><code class="command"># ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password:
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+
+<code class="command"># service dirsrv restart</code></pre>
+
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">14.7. Implementing Unique UID and GID Attributes</h2></div></div></div><div class="para">
+			An IPA deployment needs to handle the dual constraints of generating random UID and GID values, while ensuring that replicas never generate the same UID or GID value. It is also important to minimize the chance that any two deployments of IPA have overlapping ranges.
+		</div><div class="para">
+			The system administrator—or whoever is performing the IPA installation—can impact the logic that deals with these constraints only once, when the system is being installed.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">14.7.1. Assigning UIDs and GIDs</h3></div></div></div><div class="para">
+				To assign UIDs and GIDs, IPA uses the directory server DNA plug-in. This plug-in is configured with a range of IDs and will assign a new ID whenever an entry requiring the uidNumber or gidNumber attributes is added to the system.
+			</div><div class="para">
+				For simplicity, and to allow configuring User Private Groups (UPGs) at any time, IPA uses a single range of UIDs and GIDs, instead of using two separate ranges. When UPGs are active, the private group gidNumber is numerically identical to the uidNumber of its user.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">14.7.1.1. Selecting ID Ranges</h4></div></div></div><div class="para">
+					When the first IPA server is installed, a range of 200,000 IDs is randomly selected between the values 1MiB and 2GiB, approximately. There are 10,000 possible ranges. The selection of a random range provides a high probability of non-conflicting IDs if, at a later stage, a trust relationship or merge between two separate installations needs to occur.
+				</div><div class="para">
+					IDs are assigned in order by a single master, but ID ranges can be split and distributed between replicas. When a replica is installed it is configured with an invalid depleted range, and a place in the shared tree where it can expose information about the ranges it manages. The first time an allocation is needed, the replica will notice it has no more IDs available and will contact one of the other available masters (typically the one with the greatest available range). A special extended operation is performed to split the range in two, so that the original master and the replica will each receive half of the previously available range for their use. When a range comes close to depletion (by default when less than 100 IDs are available), a new range is requested.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">14.7.1.2. Adding New Ranges</h4></div></div></div><div class="para">
+					If the domain-wide range is close to depletion, the system administrator needs to manually select and add a new range to one of the masters. All other replicas will manage sharing the range among them as necessary.
+				</div><div class="para">
+					To add a new range, the Directory Manager must connect to the LDAP server and add the new range as a dash-separated minimum/maximum value pair in the <em class="parameter"><code>dnaNextRange</code></em> attribute in the DNA configuration entry for the ranges in question. For example, the following command adds a new range of 100k values:
+				</div><pre class="screen"><code class="command">% ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password: *******
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: modify
+add: dnaNextRange
+dnaNextRange: 123400000-123500000</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						This command only adds the specified range of values; it does not check that the values in that range are actually available. This check will be performed when an attempt is made to allocate those values. If, for example, you added a range that contained mostly values that were already allocated, time would be lost as the system cycled through searching for unallocated values, and then finally failing if none were available.
+					</div></div></div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">14.8. Configuring Certificates and Certificate Authorities</h2></div></div></div><div class="para">
+			IPA creates a self-signed Certificate Authority (<abbr class="abbrev">CA</abbr>) during the installation process. If you have your own or a preferred <abbr class="abbrev">CA</abbr>, however, and want to use your own certificates, IPA provides the necessary tools to import certificates for use by Directory Server and the <code class="systemitem">HTTP</code> server. While not a prerequisite for the correct operation of IPA, it is recommended that you save an <acronym class="acronym">ASCII</acronym> copy of your <abbr class="abbrev">CA</abbr> certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code> to ensure that users download the correct certificate.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">14.8.1. Installing Your Own Certificate</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by Directory Server, <code class="systemitem">HTTP</code> Server, or both.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Installing_Your_Own_Certificate-To_install_the_certificate_for_use_by_Directory_Server"><h5 class="formalpara">To install the certificate for use by Directory Server:</h5>
+					<code class="command"> # /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12 </code>
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">14.8.2. Using Your Own Certificate with Firefox</h3></div></div></div><div class="para">
+				To continue using the <span class="application"><strong>Firefox</strong></span> auto-configuration feature, you need an object-signing certificate, and you need to regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					The following procedure assumes that the signing certificate is provided as a PKCS#12 file.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_Your_Own_Certificate_with_Firefox-To_use_your_own_certificate_with_Firefox"><h6>Procedure 14.3. To use your own certificate with Firefox:</h6><ol class="1"><li class="step"><div class="para">
+						Create a suitable directory and then create the new certificate database in that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/signdb</code>
+<code class="command"># certutil -N -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Import the signing certificate into that same directory. 
+<pre class="screen"><code class="command"># pk12util -i /path/to/pkcs12.p12 -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Make a temporary signing directory, and copy the IPA javascript file to that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/sign</code>
+<code class="command"># cp /usr/share/ipa/html/preferences.html /tmp/sign</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Use the certificate you created earlier to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file. 
+<pre class="screen"><code class="command"># signtool -d /tmp/signdb -k Signing_cert_nickname \</code>
+<code class="command">-Z /usr/share/ipa/html/configure.jar -e .html</code></pre>
+
+					</div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h3 class="title" id="Using_OCSP">14.8.3. Using OCSP</h3></div></div></div><div class="para">
+				<code class="systemitem">The Online Certificate Status Protocol (OCSP)</code> is natively provided by the CA embedded into IPA. This is so that any client that supports it can use OCSP for certificate validity checks.
+			</div><div class="para">
+				The OCSP responder URL is encoded into the certificates issued by IPA. In order for that responder to be available, port 9180 needs to be open in the firewall. The OCSP URL uses the following format: 
+<pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre>
+
+			</div><div class="para">
+				For more information on OCSP, refer to the RFC at <a href="http://www.ietf.org/rfc/rfc2560.txt">http://www.ietf.org/rfc/rfc2560.txt</a>
+			</div></div></div><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">14.9. Setting an IPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
+			If you have a standard Apache instance running on port 80, you can configure IPA to run on a secondary port, for example, on port 8089. You should be aware, however, that in this configuration, IPA does not use <code class="systemitem">SSL</code>; all requests will use standard <code class="systemitem">HTTP</code>.
+		</div><div class="para">
+			The following procedure assumes that IPA is configured to run on port 80, and that you want to move it to port 8089.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_IPA_to_run_as_an_Apache_Virtual_Host-To_configure_IPA_to_run_on_port_8089"><h6>Procedure 14.4. To configure IPA to run on port 8089:</h6><ol class="1"><li class="step"><div class="para">
+					Log in as the <code class="systemitem">root</code> user.
+				</div></li><li class="step"><div class="para">
+					Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file. Add the following three lines to the beginning of the file:
+				</div><pre class="programlisting">Listen 8089
+NameVirtualHost *:8089
+&lt;VirtualHost *:8089&gt;
+</pre></li><li class="step"><div class="para">
+					Add the following line to the end of the file:
+				</div><pre class="programlisting">&lt;/VirtualHost&gt;
+</pre><div class="para">
+					This wraps the entire IPA configuration in a virtual host, and ensures that Apache is listening to that port.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You cannot use port 8080. This port is used by the <code class="systemitem">ipa_webgui</code> service.
+					</div></div></div></li><li class="step"><div class="para">
+					Comment out the following rewrite rules from the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file:
+				</div><pre class="programlisting">----------------------------------------------------------------------
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+RewriteCond %{HTTP_HOST}    !^host.foo.com$ [NC]
+RewriteRule ^/(.*)          http://host.foo.com/$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
+RewriteCond %{SERVER_PORT}  !^443$
+RewriteCond %{REQUEST_URI}  !^/(errors|config|favicon.ico)
+RewriteRule ^/(.*)          https://host.foo.com/$1 [L,R=301,NC]
+---------------------------------------------------------------------
+</pre></li><li class="step"><div class="para">
+					Reload the <code class="systemitem">httpd</code> service.
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># service httpd reload</code></pre>
+
+				</div></li></ol></div><div class="para">
+			This configures IPA to run on port 8089, leaving port 80 free for your normal web site.
+		</div></div><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">14.10. Using IPA in a Cluster</h2></div></div></div><div class="para">
+			The IPA server currently does not specifically handle the case of a service running in a cluster. That is, the IPA server is not <em class="firstterm">cluster aware</em>. It is possible to configure a clustered service to be part of IPA, although a certain amount of manual configuration is required. This involves sharing and synchronizing Kerberos keys across all of the participating hosts, and also configuring services running on the hosts to respond to whatever names the clients want to use.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">14.10.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
+				Use the following procedure to set up the Kerberos credentials for an environment where your managed host is a cluster of nodes.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><h6>Procedure 14.5. Configuring Kerberos Credentials for a Clustered Environment</h6><ol class="1"><li class="step"><div class="para">
+						Enroll all of the hosts in the IPA domain, and collect any keytabs that have been set up. At a minimum, this is <code class="filename">/etc/krb5.keytab</code>, although additional services may have their keys in other files.
+					</div></li><li class="step"><div class="para">
+						Use the <code class="command">ktutil</code> command to produce a single keytab file that contains the contents of all of the keytab files.
+					</div><ol class="a"><li class="step"><div class="para">
+								For each file, use the <code class="command">rkt</code> command to read the keys from that file.
+							</div></li><li class="step"><div class="para">
+								Use the <code class="command">wkt</code> command to write all of the keys which have been read to a new keytab file.
+							</div></li></ol></li><li class="step"><div class="para">
+						Replace the keytab files on each host with the newly-created keytab file.
+					</div></li></ol></div><div class="para">
+				Each host in this cluster should now be able to impersonate any other host.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">14.10.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
+					Additional service-specific configuration may be required if cluster members do not reset their hostnames when they take over for a failed service. 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								For <code class="systemitem">sshd</code>, set <em class="parameter"><code>GSSAPIStrictAcceptorCheck no</code></em> in <code class="filename">/etc/ssh/sshd_config</code>
+							</div></li><li class="listitem"><div class="para">
+								For <code class="systemitem">mod_auth_kerb</code>, set <em class="parameter"><code>KrbServiceName Any</code></em> in <code class="filename">/etc/httpd/conf.d/auth_kerb.conf</code>
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">14.10.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
+					For SSL servers, it is important that the subject name or a <em class="parameter"><code>subjectAlternativeName</code></em> value for the server's certificate look correct when a client connects to the clustered item. The simplest way to do this is to keep the private key and certificate synchronized across all of the hosts, but it is better to share the private key if possible. Ensuring that certificates issued to each cluster member contain <em class="parameter"><code>subjectAlternativeName</code></em> values naming all of the cluster members should satisfy any client connection requirements.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">14.10.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
+				One aspect of applying IPA in a cluster use case is using the same service principal for multiple services, spread across different machines. This is a simple procedure and could be implemented as follows: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Retrieve a service principal in the normal way, using the <code class="command">ipa-getkeytab</code> command, or use the keytab that is set up when the host joins the realm. That is, by using <code class="command">ipa-join</code>, which creates or updates the <code class="filename">/etc/krb5.keytab</code> file with a host/principal.
+						</div></li><li class="listitem"><div class="para">
+							When you have the principal in a keytab on the system, you can direct multiple servers or services to use the same file, or you can copy the file to discrete locations as required.
+						</div></li></ol></div>
+
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">14.11. Creating DNS Entries for IPA Replicas</h2></div></div></div><div class="para">
+			You can use the <code class="option">--ip-address</code> option with the <code class="command">ipa-replica-prepare</code> command to pre-create DNS entries for a replica. If you include this option, IPA will add the A and PTR records for the replica to the DNS. For example: 
+<pre class="screen"><code class="command">$ ipa-replica-prepare master2.example.com --ip-address 192.168.1.2</code></pre>
+
+		</div></div><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">14.12. Promoting a Read-Only Replica to an IPA Server</h2></div></div></div><div class="para">
+			The only difference between a replica and the master server is that the master owns the self-signed CA. If you copy the appropriate files from the master to the replica, import the CA into the replica directory server, and delete the existing replication agreements, that replica will then appear as a master server.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				If you install with the <code class="option">--selfsign</code> option, follow this procedure if you want to promote a replica to a master. This is because the private key for the self-signed CA is stored in the Apache database (<code class="filename">/etc/httpd/alias</code>). The private key for a Dogtag Certificate System CA is stored in its own security database.
+			</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Promoting_Replicas_to_Function_as_Master_Servers-To_promote_a_replica_to_a_master_server"><h6>Procedure 14.6. To promote a replica to a master server:</h6><ol class="1"><li class="step"><div class="para">
+					Copy the <code class="filename">/var/lib/ipa/ca_serialno</code> file from the master to the replica.
+				</div></li><li class="step"><div class="para">
+					Import the CA into the replica DS NSS database, as follows: 
+<pre class="screen"># cd /etc/dirsrv/slapd-REALM
+# pk12util -i /path/to/cacert.p12 -d .
+</pre>
+
+				</div><div class="para">
+					The password on the <code class="filename">PKCS#12</code> file is stored as <code class="filename">/etc/dirsrv/slapd-REALM/pwdfile.txt</code> on the original server.
+				</div></li><li class="step"><div class="para">
+					Delete the existing replication agreements, as follows: 
+<pre class="screen"># ipa-replica-manage del master.example.com
+</pre>
+
+				</div></li></ol></div><div class="para">
+			You now have two identical IPA servers, neither of which know about the other. You can shut down the old master and bring up the new machine (if you are introducing a new replica into your network). Create a replica file on the new master and install it on the new machine.
+		</div></div><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">14.13. IPA Server Logging</h2></div></div></div><div class="para">
+			If you are using the IPA command-line tools or the WebUI to manage IPA data then you should refer to the following sections to help troubleshoot any problems.
+		</div><div class="para">
+			You should first check the <code class="filename">/var/log/httpd/error_log</code> file. This may contain more information on the error and/or a python stacktrace.
+		</div><div class="para">
+			To see the LDAP queries that are being made by the framework you can inspect the <code class="filename">/var/log/dirsrv/slapd-INSTANCE/access</code> file. Note that this file is buffered and so it only writes to disk about every 30 seconds.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Server_Debugging_Output"><h5 class="formalpara">Increasing Server Debugging Output</h5>
+				To increase the server debugging output you can create the <code class="filename">/etc/ipa/server.conf</code> file and include the following entry: 
+<pre class="programlisting">[global]
+debug=True</pre>
+				 You need to restart the <code class="systemitem">httpd</code> daemon for this change to take effect.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Client_Debugging_Output"><h5 class="formalpara">Increasing Client Debugging Output</h5>
+				You can increase debugging output on the client with the <code class="option">-v</code> global option: 
+<pre class="screen"><code class="command">$ ipa -v user-show admin</code></pre>
+				 You can use the <code class="option">-v</code> option twice to display the XML-RPC exchange: 
+<pre class="screen"><code class="command">$ ipa -vv user-show admin</code></pre>
+
+			</div></div></div><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="#id3000418">
+					Is it possible to change the IP address of the master server?
+				</a></dt><dt>Q: <a href="#id2983137">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</a></dt><dt>Q: <a href="#id3072944">
+					What is the difference between a replica and a master server?
+				</a></dt><dt>Q: <a href="#id2828262">
+					Can I promote a replica to function as the master? How?
+				</a></dt><dt>Q: <a href="#id2672811">
+					Why does the ipa-client-install script fail to find the IPA server on a network that uses Active Directory DNS?
+				</a></dt><dt>Q: <a href="#id3061243">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</a></dt></dl><div class="qandaset"><div id="id3000418" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Is it possible to change the IP address of the master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. If you are only changing the IP address then it is sufficient to update the <code class="filename">/etc/hosts</code> file, the system configuration and the DNS entry.
+				</div></div></div></div><div id="id2983137" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					User and group name lengths are specified in the policy. The default maximum username length is 32 characters. The maximum configurable length for user or group names is 255 characters. This restriction was introduced because some non-Linux operating systems have limitations on the length of username that they can support.
+				</div><div class="para">
+					You can modify these settings either in the user interface or on the command line. For example, to specify the maximum username length, run the following command: <code class="command">ipa config-mod  --maxusername=INT</code>
+				</div></div></div></div><div id="id3072944" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					What is the difference between a replica and a master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					The only difference between a replica and the initial IPA install (the "master") is that the first server owns the self-signed CA.
+				</div></div></div></div><div id="id2828262" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can I promote a replica to function as the master? How?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. Refer to <a class="xref" href="#promoting-replica">Section 14.12, “Promoting a Read-Only Replica to an IPA Server”</a>.
+				</div></div></div></div><div id="id2672811" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why does the <code class="command">ipa-client-install</code> script fail to find the IPA server on a network that uses Active Directory DNS?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					This is probably due to the fact that Active Directory has its own SRV records for Kerberos and LDAP, and so the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
+				</div></div></div></div><div id="id3061243" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes, assuming that Servers A and B contain non-cloned CAs whose portion of internal storage has been replicated to share revocation information only.
+				</div></div></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Services: Working with certmonger</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</h2></div></div></div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon, together with its command line clients, attempts to simplify the process of generating public/private key pairs and Certificate Signing Requests (CSRs), and submitting CSRs to Certificate Authorities (CAs) for signing.
+		</div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon also monitors certificates for imminent expiration and, with the help of a CA, can optionally refresh certificates that are about to expire. It can also drive the entire IPA enrollment process, from key generation through to enrollment itself and refreshing certificates.
+		</div><div class="para">
+			The set of certificates that <code class="systemitem">certmonger</code> monitors is tracked in files stored in a user-configurable directory. The default location is <code class="filename">/var/lib/certmonger/requests</code>.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger">B.2. Using certmonger</h2></div></div></div><div class="para">
+			Probably the simplest use case is to generate a certificate which is signed by the subject itself. These are not typically used in production, but are suitable for demonstration and testing purposes. Consider the following command:
+		</div><pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/server.crt -k /tmp/server.key</code></pre><div class="para">
+			This informs <code class="systemitem">certmonger</code> that we want a key to be stored in the file <code class="filename">/tmp/server.key</code>, to generate a corresponding certificate, and to store that certificate in the file <code class="filename">/tmp/server.crt</code>. Using <code class="command">selfsign-getcert</code> also implicitly tells <code class="systemitem">certmonger</code> to <span class="emphasis"><em>self-sign</em></span> the CSR, which it generates and uses internally, with the subject's own key. During this process, certmonger:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					checked for the existence of a key in the specified location
+				</div></li><li class="listitem"><div class="para">
+					having determined that no such key existed, proceeded to create one
+				</div></li><li class="listitem"><div class="para">
+					created the CSR
+				</div></li><li class="listitem"><div class="para">
+					used the same key to produce a signed certificate.
+				</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS">B.3. Using certmonger with NSS</h2></div></div></div><div class="para">
+			The previous example used plain files for holding the key and the certificate, but certmonger can also take advantage of NSS database storage. In this scenario, you need to pass the database's location and a nickname for the certificate to certmonger. Consider the following example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -d /tmp -n Test-Certificate</code></pre>
+
+		</div><div class="para">
+			You can specify a number of options on the command line for the CSR, such as the subject name and different types of SAN values, or you can accept the default values. For example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/babs.crt -k /tmp/babs.key \</code>
+<code class="command">-N "CN=Bob Diddley" -K bdiddley at EXAMPLE.COM -E bob at example.com</code></pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">getcert</code> man page for more information about the available command options.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA">B.4. Using certmonger with IPA</h2></div></div></div><div class="para">
+			The only difference between using <code class="systemitem">certmonger</code> with the IPA CA and producing a self-signed certificate is changing the command prefix. Instead of using <code class="command">selfsign-getcert</code>, use the <code class="command">ipa-getcert</code> command. For example: 
+<pre class="screen"><code class="command">ipa-getcert request -r \</code>
+  <code class="command">-f /etc/httpd/conf/ssl.crt/server.crt \</code>
+  <code class="command">-k /etc/httpd/conf/ssl.key/server.key \</code>
+  <code class="command">-N CN=`hostname --fqdn` \</code>
+  <code class="command">-D `hostname --fqdn` \</code>
+  <code class="command">-U id-kp-serverAuth</code></pre>
+
+		</div></div></div><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</h2></div></div></div><div class="para">
+			This appendix addresses the situation where a customer has previously deployed an internal Directory Server (DS) and is planning to use IPA instead. The customer needs to transfer all user data from the DS to IPA so that IPA can function fully and correctly. The goal is to perform this migration without requiring that users change their passwords or perform some other specific action.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</h3></div></div></div><div class="para">
+				It is not practical to identify and address each of the scenarios in which a DS and IPA might be deployed, and where migration might be required. Consequently, the following assumptions are made:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						This is a one-to-one transition from one DS realm to one IPA realm. No consolidation is involved.
+					</div></li><li class="listitem"><div class="para">
+						User passwords are stored as a hash in the source DS in a form that the IPA DS can understand
+					</div></li><li class="listitem"><div class="para">
+						You are using LDAP as the central authentication service, and the client machines are configured to use <code class="systemitem">pam_ldap</code> and <code class="systemitem">nss_ldap</code>
+					</div></li><li class="listitem"><div class="para">
+						Some machines might be present that are managed by <code class="systemitem">NIS</code> or are not part of the DS deployment, but are planned to be part of the IPA domain
+					</div><div class="para">
+						Machines that cannot be moved from the <code class="systemitem">NIS</code> domain to LDAP or IPA because they are old and do not support <code class="systemitem">nss_ldap</code> are assumed to remain in and be served by the <code class="systemitem">NIS</code> domain. The migration of such machines to the IPA domain, while possible, is a challenging task and is out of the scope of the current use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</h3></div></div></div><div class="para">
+				A number of issues exist that need to be considered when planning the migration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A generic DS uses a different schema and <em class="firstterm">Directory Information Tree (DIT)</em> when compared to IPA. No known DS uses the same flat DIT structure that IPA uses. IPA is optimized for performance, and attempts to avoid any architectural design flaws that have occurred in the past.
+					</div></li><li class="listitem"><div class="para">
+						IPA uses Kerberos for authentication, and so each user requires that Kerberos keys be stored in the IPA DS, in addition to the standard LDAP hashes used by the DS
+					</div><div class="para">
+						In order to generate these keys, the password needs to be available in clear text to IPA's DS password plug-in. It is available when the user is created in IPA using IPA tools or LDAP, but this is not the case when the user is migrated from other external storage such as another DS. Consequently, the existing password hashes can be reloaded, but the Kerberos hashes cannot be generated. IPA provides a number of solutions to overcome this issue; these are described later in this appendix.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</h3></div></div></div><div class="para">
+				The following have been identified as typical migration scenarios:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA but do not use its Kerberos features for now
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features using only IPA v1 functionality. That is, do not use SSSD.
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features on some machines, while some machines will use SSSD and some will not; this is the primary use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</h3></div></div></div><div class="para">
+				The following sections describe the initial, pre‐migration state, and the final, post‐migration state of a DS deployment when migrating to a single IPA domain.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</h4></div></div></div><div class="para">
+					In the initial state, there is a single data source (the Directory Server) and a single client machine configuration. This client configuration uses <code class="systemitem">LDAP</code> to connect to the Directory Server and retrieve information about users and groups. This configuration uses <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> for authentication and identity lookups. These modules enable the client systems to use data retrieved from the DS just as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. The following diagram illustrates this type of implementation, where <code class="systemitem">LDAP</code> is used to connect to the DS for both authentication and authorization. The case where <code class="systemitem">Kerberos</code> is used for authentication and <code class="systemitem">LDAP</code> for identity, and where these two data stores are synchronized, is not
  described here. Consequently, the initial state may not be as simple or as straightforward as displayed here, however the approach and the final state will be similar.
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure C.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</h4></div></div></div><div class="para">
+					In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure C.2, “Final state of deployment after migrating to IPA”</a>
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure C.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">C.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
+							Clients connect to IPA via SSSD. SSSD is integrated into the PAM and NSS stacks by means of PAM_SSS and NSS_SSS, respectively. SSSD's LDAP back end is configured for both authentication and for identity lookups. In this use case, IPA functions like a normal DS.
+						</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Kerberos authentication can be configured instead of LDAP authentication. In this case, IPA acts as a normal DS for identity lookups and a normal KDC for Kerberos authentication.
+						</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_IPAs_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using IPA's Back End</h5>
+							This configuration is similar to that described above, except that SSSD has a special back end that is more IPA-aware. If this back end is configured, then SSSD can take advantage of specific IPA features, such as silent password migration and host-based access control.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-LDAP_connected_Machines"><h5 class="formalpara">LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_LDAP and NSS_LDAP. In this use case, too, IPA functions like a normal Directory Server.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-KRB5LDAP_connected_Machines"><h5 class="formalpara">KRB5/LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_KRB5 and NSS_LDAP. This is the same configuration as that provided for IPA v1.x
+						</div><div class="para">
+						In the initial state, clients use LDAP to communicate with the Directory Server to retrieve information about users and groups. <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> are modules that enable the client systems to use data retrieved from the Directory Server as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. In the final state, IPA provides all of the same functionality and many more features besides.
+					</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
+				The migration from DS to IPA requires:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Installing IPA on a suitable machine
+					</div></li><li class="listitem"><div class="para">
+						Migrating the user data. This step is performed by an IPA command which:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dumps the data from DS
+							</div></li><li class="listitem"><div class="para">
+								Converts the data into a format suitable for IPA
+							</div></li><li class="listitem"><div class="para">
+								Loads the converted data into IPA
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						Reconfiguring clients to connect to IPA. This is required because the IPA Directory Information Tree (DIT) is different from the DS DIT.
+					</div></li></ol></div><div class="para">
+				To achieve a successful migration, changes are required both on the client and on the server machines. Reconfiguration of the clients is not required immediately after changes are made to the server. This allows for a transition period, without which it would not be possible to deploy the solution.
+			</div><div class="para">
+				At present the only option is to run IPA and DS concurrently until all the clients are reconfigured to point to IPA. Two main migration strategies currently exist:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate the server first
+					</div></li><li class="listitem"><div class="para">
+						Deploy SSSD first
+					</div></li></ul></div><div class="para">
+				Each approach is valid and accomplishes the same goal, but using a different sequence of operations.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
+					Each approach has a different impact on the IT team and the users. You need to select the approach that best suits your deployment. These scenarios can be modified to meet the needs of your enterprise. Provided you understand the implications and reasoning behind each step, there is no requirement to follow the steps in the given order. It is important to understand that until the Kerberos keys are generated in IPA, users will not be able to authenticate with Kerberos credentials using <code class="systemitem">PAM_KRB5</code> or <code class="command">kinit</code>.
+				</div><div class="para">
+					You should also consider an alternative migration scenario, where passwords are not migrated. In this scenario, users are not migrated into IPA but rather added as new users with new passwords. Users would then change their password the first time they authenticate. The initial password would be defined by IT and sent to users by email or communicated in some other way.
+				</div><div class="para">
+					Migrating users from an existing system provides a smoother transition but also requires parallel management of DS and IPA during the migration. If you do not preserve passwords, the migration can be performed more quickly and you can avoid the period of double management of IPA and DS.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</h3></div></div></div><div class="para">
+				The following sequence of operations occurs when users are migrated using SSSD:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A user tries to log in to the machine.
+					</div></li><li class="listitem"><div class="para">
+						SSSD passes authentication to the IPA identity provider back end.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end attempts Kerberos authentication.
+					</div></li><li class="listitem"><div class="para">
+						Even though the user exists in the system, the authentication will fail with the error "key type is not supported", because the Kerberos keys do not yet exist.
+					</div></li><li class="listitem"><div class="para">
+						If SSSD is configured to migrate users, it will continue to the next step. Otherwise, it will fail authentication.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end then attempts to perform an LDAP bind. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Because it is going to perform a simple bind and send the password in the clear, this LDAP bind operation must use startTLS.
+								</div></li><li class="listitem"><div class="para">
+									Perform a simple bind.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The server-side plug-in will intercept this bind request and if the user has a Kerberos principal but no Kerberos keys, then the plug-in will generate the keys and store them in the user entry.
+					</div></li><li class="listitem"><div class="para">
+						If the bind operation fails for any reason, the IPA identity provider back end will fail authentication, otherwise it will continue.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end will unbind and try Kerberos authentication again. This time it is expected to succeed because the keys already exist in the entry.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Each phase of the migration should be performed as a single step.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				The first phase of the migration consists of setting up IPA and migrating data from the existing DS to that used by IPA. This involves the use of the <code class="command">ipa migrate-ds</code> command, which dumps the user data from the original DS, converts it into a format suitable for use by IPA, and then loads the converted data into IPA.
+			</div><div class="para">
+				The <code class="command">ipa migrate-ds</code> command connects to the DS and binds as the <code class="systemitem">Directory Manager</code>, and then extracts all objectClass=person objects from ou=People. This can be changed using the <code class="option">--user-container</code> option. It also extracts all objects from ou=Groups. This can be changed using the <code class="option">--group-container</code> option. It adds all object classes and attributes required by IPA (if they are missing) and coverts DNs in attributes to match the IPA Directory Information Tree (DIT). The command returns an error if migration is not enabled.
+			</div><div class="para">
+				Refer to the <code class="command">ipa migrate-ds</code> help page for more details about this command (<code class="command">ipa help migrate-ds</code>).
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure C.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
+						Install IPA, including any custom DS schema, on a different machine from the existing DS. Refer to 
+					</div></li><li class="step"><div class="para">
+						Use the following command to enable IPA migration mode:
+					</div><div class="para">
+						<code class="command"># ipa config-mod --enable-migration=TRUE</code>
+					</div></li><li class="step"><div class="para">
+						To migrate users and groups from an existing Directory Server using a default configuration, reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						To migrate users and groups from an existing IPAv1 installation using a default configuration, whose DS is reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds --user-container=cn=users,cn=accounts \</code> <code class="command">--group-container=cn=groups,cn=accounts <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						In this example, <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code> is the LDAP-URI and port number of the existing directory server from which you want to migrate your data. Update this URI to suit your own environment.
+					</div><div class="para">
+						Enter the <code class="systemitem">Directory Manager</code> password for the DS when prompted.
+					</div></li><li class="step"><div class="para">
+						Check the log file for errors and instructions on how to address them. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								The migration log file is currently not implemented. Instead, any error messages are printed to standard output.
+							</div></div></div>
+
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure C.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
+						Update the client configuration to use PAM_LDAP and NSS_LDAP to connect to IPA instead of connecting to DS, NIS, or using local files. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									If the intention is to automatically generate the Kerberos keys when a user authenticates, the configuration should use startTLS and simple bind authentication. For this to occur, the IT department needs to ensure the IPA server certificate is copied to the client.
+								</div></li><li class="listitem"><div class="para">
+									If the intention is to install SSSD on a client at a later date, the startTLS and certificate requirements do not apply.
+								</div></li></ul></div>
+
+					</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+					You should not update your client configuration to use PAM_KRB5 and NSS_LDAP (that is, the equivalent of IPA v1) at this stage unless absolutely necessary. This is because the Kerberos keys will not yet exist in the IPA user entries, and consequently users will not be able to log in. If such a configuration is required, users can be directed to a specific web page on the IPA server after the data has been loaded into the IPA server. This page will prompt the user for their password and perform an LDAP bind. The DS password plug-in will capture these passwords and generate the Kerberos keys.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Install SSSD on the machines that can support it:
+							</div><div class="para">
+								<code class="command"># yum install sssd</code>
+							</div></li><li class="listitem"><div class="para">
+								Configure SSSD to use IPA as a back end (Kerberos and LDAP). Installing SSSD and enrolling the client with IPA will ensure delivery of the machine Kerberos key and server certificate to the client. Refer to 
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section C.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
+							</div></li><li class="listitem"><div class="para">
+								As the migration of the user population progresses (that is, as the Kerberos keys are generated on the IPA server), you can begin to configure other, non-SSSD clients to suit your requirements.
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of all clients and users is complete, decommission the DS.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Install SSSD first on the machines that can support it:
+					</div><div class="para">
+						<code class="command"># yum install sssd</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure SSSD with the LDAP back end and point it to the existing DS deployment.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				Install IPA and migrate the existing DS data as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section C.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Start moving clients that have SSSD installed from the LDAP back end to the IPA back end, and enroll them with IPA. This will download the required keys and certificates.
+					</div></li><li class="listitem"><div class="para">
+						Instruct users to use (that is, to log in at least once) the machines with SSSD and IPA back end, or go to the web page and authenticate.
+					</div></li><li class="listitem"><div class="para">
+						Monitor the user migration process using the following LDAP query. This query detects the state of the migration by determining which users do not have a Kerberos principal key but do have a password.
+					</div><div class="para">
+						This query will prompt for the Directory Manager password. 
+<pre class="screen"><code class="command">$ ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'cn=users,cn=accounts,dc=example,dc=com' \</code>
+<code class="command">'(&amp;(!(krbprincipalkey=*))(userpassword=*))' uid</code></pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							It is important to include the quotes around the filter so that it is not interpreted by the shell.
+						</div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						As the user population is migrated (the Kerberos keys are generated), you can start reconfiguring other (non‐SSSD) clients as required. The clients can be set up in any state shown on the diagram above.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of the clients is complete, decommission the DS.
+					</div></li></ul></div></div></div></div><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
+	In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
+</div></dd><dt>account inactivation</dt><dd><div class="para">
+	Disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
+</div></dd><dt>ACI</dt><dd><div class="para">
+	An instruction that grants or denies permissions to entries in the directory.
+</div><p>See Also <a class="glossseealso" href="#access-control-instruction">access control instruction</a>.</p></dd><dt>ACL</dt><dd><div class="para">
+	The mechanism for controlling access to your directory.
+</div><p>See Also <a class="glossseealso" href="#access-control-list">access control list</a>.</p></dd><dt>All IDs Threshold</dt><dd><div class="para">
+	<span class="emphasis"><em>Replaced with the ID list scan limit in Directory Server version 7.1.</em></span> A size limit which is globally applied to every index key managed by the server. When the size of an individual ID list reaches this limit, the server replaces that ID list with an All IDs token.
+</div><p>See Also <a class="glossseealso" href="#IDList-scan-limit">ID list scan limit</a>.</p></dd><dt>All IDs token</dt><dd><div class="para">
+	A mechanism which causes the server to assume that all directory entries match the index key. In effect, the All IDs token causes the server to behave as if no index was available for the search request.
+</div></dd><dt>anonymous access</dt><dd><div class="para">
+	When granted, allows anyone to access directory information without providing credentials, and regardless of the conditions of the bind.
+</div></dd><dt>approximate index</dt><dd><div class="para">
+	Allows for efficient approximate or "sounds-like" searches.
+</div></dd><dt>attribute</dt><dd><div class="para">
+	Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.
+</div></dd><dt>attribute list</dt><dd><div class="para">
+	A list of required and optional attributes for a given entry type or object class.
+</div></dd><dt>authenticating directory server</dt><dd><div class="para">
+	In pass-through authentication (PTA), the authenticating Directory Server is the Directory Server that contains the authentication credentials of the requesting client. The PTA-enabled host sends PTA requests it receives from clients to the host.
+</div></dd><dt>authentication</dt><dd><div class="para">
+	(1) Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.
+</div><div class="para">
+	(2) Allows a <a class="xref" href="#client">client</a> to make sure they are connected to a secure server, preventing another computer from impersonating the server or attempting to appear secure when it is not.
+</div></dd><dt>authentication certificate</dt><dd><div class="para">
+	Digital file that is not transferable and not forgeable and is issued by a third party. Authentication certificates are sent from server to client or client to server in order to verify and authenticate the other party.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">B</h3><dl><dt>base distinguished name</dt><dd><p>See <a class="glosssee" href="#base-DN">base DN</a>.</p></dd><dt>base DN</dt><dd><div class="para">
+	Base distinguished name. A search operation is performed on the base DN, the DN of the entry and all entries below it in the directory tree.
+</div></dd><dt>bind distinguished name</dt><dd><p>See <a class="glosssee" href="#bind-DN">bind DN</a>.</p></dd><dt>bind DN</dt><dd><div class="para">
+	Distinguished name used to authenticate to Directory Server when performing an operation.
+</div></dd><dt>bind rule</dt><dd><div class="para">
+	In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information.
+</div></dd><dt>branch entry</dt><dd><div class="para">
+	An entry that represents the top of a subtree in the directory.
+</div></dd><dt>browser</dt><dd><div class="para">
+	Software, such as Mozilla Firefox, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server.
+</div></dd><dt>browsing index</dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="#virtual-list-view-index">virtual list view index </a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">C</h3><dl><dt>CA</dt><dd><p>See <a class="glosssee" href="#Certificate-Authority">Certificate Authority</a>.</p></dd><dt>cascading replication</dt><dd><div class="para">
+	In a cascading replication scenario, one server, often called the hub supplier, acts both as a consumer and a supplier for a particular replica. It holds a read-only replica and maintains a changelog. It receives updates from the supplier server that holds the master copy of the data and in turn supplies those updates to the consumer.
+</div></dd><dt>certificate</dt><dd><div class="para">
+	A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes.
+</div></dd><dt>Certificate Authority</dt><dd><div class="para">
+	Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Authority that you trust. Also known as a <a class="xref" href="#CA">CA</a>.
+</div></dd><dt>CGI</dt><dd><div class="para">
+	Common Gateway Interface. An interface for external programs to communicate with the HTTP server. Programs written to use CGI are called CGI programs or CGI scripts and can be written in many of the common programming languages. CGI programs handle forms or perform output parsing that is not done by the server itself.
+</div></dd><dt>chaining</dt><dd><div class="para">
+	A method for relaying requests to another server. Results for the request are collected, compiled, and then returned to the client.
+</div></dd><dt>changelog</dt><dd><div class="para">
+	A changelog is a record that describes the modifications that have occurred on a replica. The supplier server then replays these modifications on the replicas stored on replica servers or on other masters, in the case of multi-master replication.
+</div></dd><dt>character type</dt><dd><div class="para">
+	Distinguishes alphabetic characters from numeric or other characters and the mapping of upper-case to lower-case letters.
+</div></dd><dt>ciphertext</dt><dd><div class="para">
+	Encrypted information that cannot be read by anyone without the proper key to decrypt the information.
+</div></dd><dt>class definition</dt><dd><div class="para">
+	Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory.
+</div></dd><dt>class of service</dt><dd><p>See <a class="glosssee" href="#CoS">CoS</a>.</p></dd><dt>classic CoS</dt><dd><div class="para">
+	A classic CoS identifies the template entry by both its DN and the value of one of the target entry's attributes.
+</div></dd><dt>client</dt><dd><p>See <a class="glosssee" href="#LDAP-client">LDAP client</a>.</p></dd><dt>code page</dt><dd><div class="para">
+	An internal table used by a locale in the context of the internationalization plug-in that the operating system uses to relate keyboard keys to character font screen displays.
+</div></dd><dt>collation order</dt><dd><div class="para">
+	Provides language and cultural-specific information about how the characters of a given language are to be sorted. This information might include the sequence of letters in the alphabet or how to compare letters with accents to letters without accents.
+</div></dd><dt>consumer</dt><dd><div class="para">
+	Server containing replicated directory trees or subtrees from a supplier server.
+</div></dd><dt>consumer server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server is called a consumer for that replica.
+</div></dd><dt>CoS</dt><dd><div class="para">
+	A method for sharing attributes between entries in a way that is invisible to applications.
+</div></dd><dt>CoS definition entry</dt><dd><div class="para">
+	Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects.
+</div></dd><dt>CoS template entry</dt><dd><div class="para">
+	Contains a list of the shared attribute values.
+</div><p>See Also <a class="glossseealso" href="#template-entry">template entry</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">D</h3><dl><dt>daemon</dt><dd><div class="para">
+	A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning.
+</div></dd><dt>DAP</dt><dd><div class="para">
+	Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory.
+</div></dd><dt>data master</dt><dd><div class="para">
+	The server that is the master source of a particular piece of data.
+</div></dd><dt>database link</dt><dd><div class="para">
+	An implementation of chaining. The database link behaves like a database but has no persistent storage. Instead, it points to data stored remotely.
+</div></dd><dt>default index</dt><dd><div class="para">
+	One of a set of default indexes created per database instance. Default indexes can be modified, although care should be taken before removing them, as certain plug-ins may depend on them.
+</div></dd><dt>definition entry</dt><dd><p>See <a class="glosssee" href="#CoS-definition-entry">CoS definition entry</a>.</p></dd><dt>Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="#DAP">DAP</a>.</p></dd><dt>Directory Manager</dt><dd><div class="para">
+	The privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager.
+</div></dd><dt>directory service</dt><dd><div class="para">
+	A database application designed to manage descriptive, attribute-based information about people and resources within an organization.
+</div></dd><dt>directory tree</dt><dd><div class="para">
+	The logical representation of the information stored in the directory. It mirrors the tree model used by most filesystems, with the tree's root point appearing at the top of the hierarchy. Also known as <a class="xref" href="#DIT">DIT</a>.
+</div></dd><dt>distinguished name</dt><dd><div class="para">
+	String representation of an entry's name and location in an LDAP directory.
+</div></dd><dt>DIT</dt><dd><p>See <a class="glosssee" href="#directory-tree">directory tree</a>.</p></dd><dt>DM</dt><dd><p>See <a class="glosssee" href="#Directory-Manager">Directory Manager</a>.</p></dd><dt>DN</dt><dd><p>See <a class="glosssee" href="#distinguished-name">distinguished name</a>.</p></dd><dt>DNS</dt><dd><div class="para">
+	Domain Name System. The system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as <code class="command">www.example.com</code>). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems.
+</div></dd><dt>DNS alias</dt><dd><div class="para">
+	A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as <code class="command">www.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain </em></span>might point to a real machine called <code class="command">realthing.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain</em></span> where the server currently exists.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">E</h3><dl><dt>entry</dt><dd><div class="para">
+	A group of lines in the LDIF file that contains information about an object.
+</div></dd><dt>entry distribution</dt><dd><div class="para">
+	Method of distributing directory entries across more than one server in order to scale to support large numbers of entries.
+</div></dd><dt>entry ID list</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists. The entry ID list is used by the directory to build a list of candidate entries that may match the client application's search request.
+</div></dd><dt>equality index</dt><dd><div class="para">
+	Allows you to search efficiently for entries containing a specific attribute value.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">F</h3><dl><dt>file extension</dt><dd><div class="para">
+	The section of a filename after the period or dot (.) that typically defines the type of file (for example, .GIF and .HTML). In the filename <code class="command">index.html</code> the file extension is <code class="command">html</code>.
+</div></dd><dt>file type</dt><dd><div class="para">
+	The format of a given file. For example, graphics files are often saved in GIF format, while a text file is usually saved as ASCII text format. File types are usually identified by the file extension (for example, .GIF or .HTML).
+</div></dd><dt>filter</dt><dd><div class="para">
+	A constraint applied to a directory query that restricts the information returned.
+</div></dd><dt>filtered role</dt><dd><div class="para">
+	Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter. Entries that match the filter are said to possess the role.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">G</h3><dl><dt>general access</dt><dd><div class="para">
+	When granted, indicates that all authenticated users can access directory information.
+</div></dd><dt>GSS-API</dt><dd><div class="para">
+	Generic Security Services. The generic access protocol that is the native way for UNIX-based systems to access and authenticate Kerberos services; also supports session encryption.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">H</h3><dl><dt>hostname</dt><dd><div class="para">
+	A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, <code class="command">www.example.com </code>is the machine <code class="command">www</code> in the subdomain <code class="command">example</code> and <code class="command">com</code> domain.
+</div></dd><dt>HTML</dt><dd><div class="para">
+	Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Mozilla Firefox how to display text, position graphics, and form items and to display links to other pages.
+</div></dd><dt>HTTP</dt><dd><div class="para">
+	Hypertext Transfer Protocol. The method for exchanging information between HTTP servers and clients.
+</div></dd><dt>HTTPD</dt><dd><div class="para">
+	An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol. The daemon or service is often called an httpd.
+</div></dd><dt>HTTPS</dt><dd><div class="para">
+	A secure version of HTTP, implemented using the Secure Sockets Layer, SSL.
+</div></dd><dt>hub</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server, and, in turn, replicates it to a third server.
+</div><p>See Also <a class="glossseealso" href="#cascading-replication">cascading replication</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">I</h3><dl><dt>ID list scan limit</dt><dd><div class="para">
+	A size limit which is globally applied to any indexed search operation. When the size of an individual ID list reaches this limit, the server replaces that ID list with an all IDs token.
+</div></dd><dt>index key</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
+</div></dd><dt>indirect CoS</dt><dd><div class="para">
+	An indirect CoS identifies the template entry using the value of one of the target entry's attributes.
+</div></dd><dt>international index</dt><dd><div class="para">
+	Speeds up searches for information in international directories.
+</div></dd><dt>International Standards Organization</dt><dd><p>See <a class="glosssee" href="#ISO">ISO</a>.</p></dd><dt>IP address</dt><dd><div class="para">
+	<span class="emphasis"><em>Also Internet Protocol address.</em></span> A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10). Directory Server supports both IPv4 and IPv6 IP addresses.
+</div></dd><dt>ISO</dt><dd><div class="para">
+	International Standards Organization.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">K</h3><dl><dt>knowledge reference</dt><dd><div class="para">
+	Pointers to directory information stored in different databases.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">L</h3><dl><dt>LDAP</dt><dd><div class="para">
+	Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms.
+</div></dd><dt>LDAP client</dt><dd><div class="para">
+	Software used to request and view LDAP entries from an LDAP Directory Server.
+</div><p>See Also <a class="glossseealso" href="#browser">browser</a>.</p></dd><dt>LDAP Data Interchange Format</dt><dd><p>See <a class="glosssee" href="#LDAP-Data-Interchange-Format">LDAP Data Interchange Format</a>.</p></dd><dt>LDAP URL</dt><dd><div class="para">
+	Provides the means of locating Directory Servers using DNS and then completing the query via LDAP. A sample LDAP URL is <code class="command">ldap://ldap.example.com</code>.
+</div></dd><dt>LDAPv3</dt><dd><div class="para">
+	Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.
+</div></dd><dt>LDBM database</dt><dd><div class="para">
+	A high-performance, disk-based database consisting of a set of large files that contain all of the data assigned to it. The primary data store in Directory Server.
+</div></dd><dt>LDIF</dt><dd><div class="para">
+	LDAP Data Interchange Format. Format used to represent Directory Server entries in text form.
+</div></dd><dt>leaf entry</dt><dd><div class="para">
+	An entry under which there are no other entries. A leaf entry cannot be a branch point in a directory tree.
+</div></dd><dt>Lightweight Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="#LDAP">LDAP</a>.</p></dd><dt>locale</dt><dd><div class="para">
+	Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom. This includes information on how data of a given language is interpreted, stored, or collated. The locale also indicates which code page should be used to represent a given language.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">M</h3><dl><dt>managed object</dt><dd><div class="para">
+	A standard value which the SNMP agent can access and send to the NMS. Each managed object is identified with an official name and a numeric identifier expressed in dot-notation.
+</div></dd><dt>managed role</dt><dd><div class="para">
+	Allows creation of an explicit enumerated list of members.
+</div></dd><dt>management information base</dt><dd><p>See <a class="glosssee" href="#MIB">MIB</a>.</p></dd><dt>mapping tree</dt><dd><div class="para">
+	A data structure that associates the names of suffixes (subtrees) with databases.
+</div></dd><dt>master</dt><dd><p>See <a class="glosssee" href="#supplier">supplier</a>.</p></dd><dt>master agent</dt><dd><p>See <a class="glosssee" href="#SNMP-master-agent">SNMP master agent</a>.</p></dd><dt>matching rule</dt><dd><div class="para">
+	Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use.
+</div></dd><dt>MD5</dt><dd><div class="para">
+	A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest.
+</div></dd><dt>MD5 signature</dt><dd><div class="para">
+	A message digest produced by the MD5 algorithm.
+</div></dd><dt>MIB</dt><dd><div class="para">
+	Management Information Base. All data, or any portion thereof, associated with the SNMP network. We can think of the MIB as a database which contains the definitions of all SNMP managed objects. The MIB has a tree-like hierarchy, where the top level contains the most general information about the network and lower levels deal with specific, separate network areas.
+</div></dd><dt>MIB namespace</dt><dd><div class="para">
+	Management Information Base namespace. The means for directory data to be named and referenced. Also called the <a class="xref" href="#directory-tree">directory tree</a>.
+</div></dd><dt>monetary format</dt><dd><div class="para">
+	Specifies the monetary symbol used by specific region, whether the symbol goes before or after its value, and how monetary units are represented.
+</div></dd><dt>multi-master replication</dt><dd><div class="para">
+	An advanced replication scenario in which two servers each hold a copy of the same read-write replica. Each server maintains a changelog for the replica. Modifications made on one server are automatically replicated to the other server. In case of conflict, a time stamp is used to determine which server holds the most recent version.
+</div></dd><dt>multiplexor</dt><dd><div class="para">
+	The server containing the database link that communicates with the remote server.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">N</h3><dl><dt>n + 1 directory problem</dt><dd><div class="para">
+	The problem of managing multiple instances of the same information in different directories, resulting in increased hardware and personnel costs.
+</div></dd><dt>name collisions</dt><dd><div class="para">
+	Multiple entries with the same distinguished name.
+</div></dd><dt>nested role</dt><dd><div class="para">
+	Allows the creation of roles that contain other roles.
+</div></dd><dt>network management application</dt><dd><div class="para">
+	Network Management Station component that graphically displays information about SNMP managed devices, such as which device is up or down and which and how many error messages were received.
+</div></dd><dt>network management station</dt><dd><p>See <a class="glosssee" href="#NMS">NMS</a>.</p></dd><dt>NIS</dt><dd><div class="para">
+	Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, filesystems, and network parameters throughout a network of computers.
+</div></dd><dt>NMS</dt><dd><div class="para">
+	Powerful workstation with one or more network management applications installed. Also <a class="xref" href="#network-management-station">network management station</a>.
+</div></dd><dt>ns-slapd</dt><dd><div class="para">
+	Red Hat's LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server.
+</div><p>See Also <a class="glossseealso" href="#slapd">slapd</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">O</h3><dl><dt>object class</dt><dd><div class="para">
+	Defines an entry type in the directory by defining which attributes are contained in the entry.
+</div></dd><dt>object identifier</dt><dd><div class="para">
+	A string, usually of decimal numbers, that uniquely identifies a schema element, such as an object class or an attribute, in an object-oriented system. Object identifiers are assigned by ANSI, IETF or similar organizations.
+</div><p>See Also <a class="glossseealso" href="#OID">OID</a>.</p></dd><dt>OID</dt><dd><p>See <a class="glosssee" href="#object-identifier">object identifier</a>.</p></dd><dt>operational attribute</dt><dd><div class="para">
+	Contains information used internally by the directory to keep track of modifications and subtree properties. Operational attributes are not returned in response to a search unless explicitly requested.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">P</h3><dl><dt>parent access</dt><dd><div class="para">
+	When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry.
+</div></dd><dt>pass-through authentication</dt><dd><p>See <a class="glosssee" href="#PTA">PTA</a>.</p></dd><dt>pass-through subtree</dt><dd><div class="para">
+	In pass-through authentication, the <a class="xref" href="#PTA-directory-server">PTA directory server</a> will pass through bind requests to the <a class="xref" href="#authenticating-directory-server">authenticating directory server</a> from all clients whose DN is contained in this subtree.
+</div></dd><dt>password file</dt><dd><div class="para">
+	A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as <code class="command">/etc/passwd</code> because of where it is kept.
+</div></dd><dt>password policy</dt><dd><div class="para">
+	A set of rules that governs how passwords are used in a given directory.
+</div></dd><dt>PDU</dt><dd><div class="para">
+	Encoded messages which form the basis of data exchanges between SNMP devices. Also <a class="xref" href="#protocol-data-unit">protocol data unit</a>.
+</div></dd><dt>permission</dt><dd><div class="para">
+	In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied.
+</div><p>See Also <a class="glossseealso" href="#access-rights">access rights</a>.</p></dd><dt>pointer CoS</dt><dd><div class="para">
+	A pointer CoS identifies the template entry using the template DN only.
+</div></dd><dt>presence index</dt><dd><div class="para">
+	Allows searches for entries that contain a specific indexed attribute.
+</div></dd><dt>protocol</dt><dd><div class="para">
+	A set of rules that describes how devices on a network exchange information.
+</div></dd><dt>protocol data unit</dt><dd><p>See <a class="glosssee" href="#PDU">PDU</a>.</p></dd><dt>proxy authentication</dt><dd><div class="para">
+	A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN.
+</div></dd><dt>proxy DN</dt><dd><div class="para">
+	Used with proxied authorization. The proxy DN is the DN of an entry that has access permissions to the target on which the client-application is attempting to perform an operation.
+</div></dd><dt>PTA</dt><dd><div class="para">
+	Mechanism by which one Directory Server consults another to check bind credentials. Also <a class="xref" href="#pass-through-authentication">pass-through authentication</a>.
+</div></dd><dt>PTA directory server</dt><dd><div class="para">
+	In pass-through authentication (<a class="xref" href="#PTA">PTA</a>), the PTA Directory Server is the server that sends (passes through) bind requests it receives to the <a class="xref" href="#authenticating-directory-server">authenticating directory server</a>.
+</div></dd><dt>PTA LDAP URL</dt><dd><div class="para">
+	In pass-through authentication, the URL that defines the <a class="xref" href="#authenticating-directory-server">authenticating directory server</a>, pass-through subtree(s), and optional parameters.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">R</h3><dl><dt>RAM</dt><dd><div class="para">
+	Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down.
+</div></dd><dt>rc.local</dt><dd><div class="para">
+	A file on Unix machines that describes programs that are run when the machine starts. It is also called <code class="filename">/etc/rc.local</code> because of its location.
+</div></dd><dt>RDN</dt><dd><div class="para">
+	The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name. Also <a class="xref" href="#relative-distinguished-name">relative distinguished name</a>.
+</div></dd><dt>read-only replica</dt><dd><div class="para">
+	A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas.
+</div></dd><dt>read-write replica </dt><dd><div class="para">
+	A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas.
+</div></dd><dt>referential integrity</dt><dd><div class="para">
+	Mechanism that ensures that relationships between related entries are maintained within the directory.
+</div></dd><dt>referral</dt><dd><div class="para">
+	(1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
+</div><div class="para">
+	(2) In the context of replication, when a read-only replica receives an update request, it forwards it to the server that holds the corresponding read-write replica. This forwarding process is called a referral.
+</div></dd><dt>relative distinguished name</dt><dd><p>See <a class="glosssee" href="#RDN">RDN</a>.</p></dd><dt>replica</dt><dd><div class="para">
+	A database that participates in replication.
+</div></dd><dt>replica-initiated replication</dt><dd><div class="para">
+	Replication configuration where replica servers, either hub or consumer servers, pull directory data from supplier servers. This method is available only for legacy replication.
+</div></dd><dt>replication</dt><dd><div class="para">
+	Act of copying directory trees or subtrees from supplier servers to replica servers.
+</div></dd><dt>replication agreement</dt><dd><div class="para">
+	Set of configuration parameters that are stored on the supplier server and identify the databases to replicate, the replica servers to which the data is pushed, the times during which replication can occur, the DN and credentials used by the supplier to bind to the consumer, and how the connection is secured.
+</div></dd><dt>RFC</dt><dd><div class="para">
+	Request for Comments. Procedures or standards documents submitted to the Internet community. People can send comments on the technologies before they become accepted standards.
+</div></dd><dt>role</dt><dd><div class="para">
+	An entry grouping mechanism. Each role has <span class="emphasis"><em>members</em></span>, which are the entries that possess the role.
+</div></dd><dt>role-based attributes</dt><dd><div class="para">
+	Attributes that appear on an entry because it possesses a particular role within an associated CoS template.
+</div></dd><dt>root</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.
+</div></dd><dt>root suffix</dt><dd><div class="para">
+	The parent of one or more sub suffixes. A directory tree can contain more than one root suffix.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">S</h3><dl><dt>SASL</dt><dd><div class="para">
+	An authentication framework for clients as they attempt to bind to a directory. Also <a class="xref" href="#Simple-Authentication-and-Security-Layer">Simple Authentication and Security Layer </a>.
+</div></dd><dt>schema</dt><dd><div class="para">
+	Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
+</div></dd><dt>schema checking</dt><dd><div class="para">
+	Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default, and users will receive an error if they try to save an entry that does not conform to the schema.
+</div></dd><dt>Secure Sockets Layer</dt><dd><p>See <a class="glosssee" href="#SSL">SSL</a>.</p></dd><dt>self access</dt><dd><div class="para">
+	When granted, indicates that users have access to their own entries if the bind DN matches the targeted entry.
+</div></dd><dt>Server Console</dt><dd><div class="para">
+	Java-based application that allows you to perform administrative management of your Directory Server from a GUI.
+</div></dd><dt>server daemon</dt><dd><div class="para">
+	The server daemon is a process that, once running, listens for and accepts requests from clients.
+</div></dd><dt>Server Selector</dt><dd><div class="para">
+	Interface that allows you select and configure servers using a browser.
+</div></dd><dt>server service</dt><dd><div class="para">
+	A process on Windows that, once running, listens for and accepts requests from clients. It is the SMB server on Windows NT.
+</div></dd><dt>service</dt><dd><div class="para">
+	A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning.
+</div></dd><dt>SIE</dt><dd><div class="para">
+	Server Instance Entry. The ID assigned to an instance of Directory Server during installation.
+</div></dd><dt>Simple Authentication and Security Layer </dt><dd><p>See <a class="glosssee" href="#glSASL">SASL</a>.</p></dd><dt>Simple Network Management Protocol</dt><dd><p>See <a class="glosssee" href="#SNMP">SNMP</a>.</p></dd><dt>single-master replication</dt><dd><div class="para">
+	The most basic replication scenario in which multiple servers, up to four, each hold a copy of the same read-write replicas to replica servers. In a single-master replication scenario, the supplier server maintains a changelog.
+</div></dd><dt>SIR</dt><dd><p>See <a class="glosssee" href="#supplier-initiated-replication">supplier-initiated replication</a>.</p></dd><dt>slapd</dt><dd><div class="para">
+	LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
+</div><p>See Also <a class="glossseealso" href="#ns-slapd">ns-slapd</a>.</p></dd><dt>SNMP</dt><dd><div class="para">
+	Used to monitor and manage application processes running on the servers by exchanging data about network activity. Also <a class="xref" href="#Simple-Network-Management-Protocol">Simple Network Management Protocol</a>.
+</div></dd><dt>SNMP master agent</dt><dd><div class="para">
+	Software that exchanges information between the various subagents and the NMS.
+</div></dd><dt>SNMP subagent</dt><dd><div class="para">
+	Software that gathers information about the managed device and passes the information to the master agent. Also called a <a class="xref" href="#subagent">subagent</a>.
+</div></dd><dt>SSL</dt><dd><div class="para">
+	A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP. Also called <a class="xref" href="#Secure-Sockets-Layer">Secure Sockets Layer</a>.
+</div></dd><dt>standard index</dt><dd><div class="para">
+	index maintained by default.
+</div></dd><dt>sub suffix</dt><dd><div class="para">
+	A branch underneath a root suffix.
+</div></dd><dt>subagent</dt><dd><p>See <a class="glosssee" href="#SNMP-subagent">SNMP subagent</a>.</p></dd><dt>substring index</dt><dd><div class="para">
+	Allows for efficient searching against substrings within entries. Substring indexes are limited to a minimum of two characters for each entry.
+</div></dd><dt>suffix</dt><dd><div class="para">
+	The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix.
+</div></dd><dt>superuser</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called <a class="xref" href="#root">root</a>.
+</div></dd><dt>supplier</dt><dd><div class="para">
+	Server containing the master copy of directory trees or subtrees that are replicated to replica servers.
+</div></dd><dt>supplier server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica.
+</div></dd><dt>supplier-initiated replication</dt><dd><div class="para">
+	Replication configuration where <a class="xref" href="#supplier">supplier</a> servers replicate directory data to any replica servers.
+</div></dd><dt>symmetric encryption</dt><dd><div class="para">
+	Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm.
+</div></dd><dt>system index</dt><dd><div class="para">
+	Cannot be deleted or modified as it is essential to Directory Server operations.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">T</h3><dl><dt>target</dt><dd><div class="para">
+	In the context of access control, the target identifies the directory information to which a particular ACI applies.
+</div></dd><dt>target entry</dt><dd><div class="para">
+	The entries within the scope of a CoS.
+</div></dd><dt>TCP/IP</dt><dd><div class="para">
+	Transmission Control Protocol/Internet Protocol. The main network protocol for the Internet and for enterprise (company) networks.
+</div></dd><dt>template entry</dt><dd><p>See <a class="glosssee" href="#CoS-template-entry">CoS template entry</a>.</p></dd><dt>time/date format</dt><dd><div class="para">
+	Indicates the customary formatting for times and dates in a specific region.
+</div></dd><dt>TLS</dt><dd><div class="para">
+	The new standard for secure socket layers; a public key based protocol. Also <a class="xref" href="#Transport-Layer-Security">Transport Layer Security</a>.
+</div></dd><dt>topology</dt><dd><div class="para">
+	The way a directory tree is divided among physical servers and how these servers link with one another.
+</div></dd><dt>Transport Layer Security</dt><dd><p>See <a class="glosssee" href="#TLS">TLS</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">U</h3><dl><dt>uid</dt><dd><div class="para">
+	A unique number associated with each user on a Unix system.
+</div></dd><dt>URL</dt><dd><div class="para">
+	Uniform Resource Locater. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is <span class="emphasis"><em>protocol</em></span>://<span class="emphasis"><em>machine</em></span>:<span class="emphasis"><em>port</em></span>/<span class="emphasis"><em>document</em></span>. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">V</h3><dl><dt>virtual list view index </dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="#browsing-index">browsing index</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">X</h3><dl><dt>X.500 standard</dt><dd><div class="para">
+	The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementation.
+</div></dd></dl></div></div><div class="index" id="id2848820"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div class="index"></div></div></div></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/common.css b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..e0090e2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/common.css
@@ -0,0 +1,1504 @@
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+	line-height: 1.29em;
+}
+
+body {
+	background-color: white;
+	margin:0 auto;
+	font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size:12px;
+	max-width:55em;
+	color:black;
+}
+
+body.toc_embeded {
+	/*for web hosting system only*/
+	margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+	/*for web hosting system only*/
+	border-style:none;
+	position:fixed;
+	width:290px;
+	height:99.99%;
+	top:0;
+	left:0;
+	z-index: 100;
+	border-style:none;
+	border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+	margin-left: 3em;
+}
+
+iframe.notoc {
+	border-style:none;
+	border: none;
+	padding: 0em;
+	position:fixed;
+	width: 21px;
+	height: 29px;
+	top: 0px;
+	left:0;
+	overflow: hidden;
+	margin: 0em;
+	margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+	margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+	display:block;
+	width:24em;
+	height:99%;
+	position:fixed;
+	overflow:auto;
+	top:0px;
+	left:0px;
+	padding-left:1em;
+	background-color:#EEEEEE;
+}
+
+.toc {
+	line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+	margin-top:1em;
+}
+
+.toc .part {
+	margin-top:1em;
+	display:block;
+}
+
+span.glossary,
+span.appendix {
+	display:block;
+	margin-top:0.5em;
+}
+
+div {
+	padding-top:0px;
+}
+
+div.section {
+	padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+	padding-top:0px;
+	margin-top:0.3em;
+	padding-bottom:0px;
+	margin-bottom:1em;
+}
+
+/*Links*/
+a {
+	outline: none;
+}
+
+a:link {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#3366cc;
+}
+
+a:visited {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#003366;
+}
+
+div.longdesc-link {
+	float:right;
+	color:#999;
+}
+
+.toc a, .qandaset a {
+	font-weight:normal;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+	color: #336699;
+	margin-top: 0em;
+	margin-bottom: 0em;
+	background-color: transparent;
+}
+
+h1 {
+	font-size:2.0em;
+}
+
+.titlepage h1.title {
+	font-size: 3.0em;
+	padding-top: 1em;
+	text-align:left;
+}
+
+.book > .titlepage h1.title {
+	text-align:center;
+}
+
+.article > .titlepage h1.title {
+	text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+	text-align:center;
+}
+
+.producttitle {
+	margin-top: 0em;
+	margin-bottom: 0em;
+	font-size: 3.0em;
+	font-weight: bold;
+	background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+	color: white;
+	text-align: center;
+	padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+	margin-top: 1em;
+	text-align: center;
+}
+
+.section h1.title {
+	font-size: 1.6em;
+	padding: 0em;
+	color: #336699;
+	text-align: left;
+	background: white;
+}
+
+h2 {
+	font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+.appendix h2 {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+
+
+h3 {
+	font-size:1.3em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+h4 {
+	font-size:1.1em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+
+h5 {
+	font-size:1em;
+}
+
+h6 {
+	font-size:1em;
+}
+
+h5.formalpara {
+	font-size:1em;
+	margin-top:2em;
+	margin-bottom:.8em;
+}
+
+.abstract h6 {
+	margin-top:1em;
+	margin-bottom:.5em;
+	font-size:2em;
+}
+
+/*element rules*/
+hr {
+	border-collapse: collapse;
+	border-style:none;
+	border-top: 1px dotted #ccc;
+	width:100%;
+	margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+	display:inline;
+	padding:0em;
+}
+
+.languages li a {
+	padding:0em .5em;
+	text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+	display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+	color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+	color:black;
+}
+
+ul.languages {
+	display:block;
+	background-color:#eee;
+	padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+	position:relative;
+}
+
+.versions li {
+	width:100%;
+	clear:both;
+	display:block;
+}
+
+a.version {
+	font-size:2em;
+	text-decoration:none;
+	width:100%;
+	display:block;
+	padding:1em 0em .2em 0em;
+	clear:both;
+}
+
+a.version:before {
+	content:"Version";
+	font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+	color:#666;
+}
+
+a.version:focus, a.version:hover {
+	color:black;
+}
+
+.books {
+	display:block;
+	position:relative;
+	clear:both;
+	width:100%;
+}
+
+.books li {
+	display:block;
+	width:200px;
+	float:left;
+	position:relative;
+	clear: none ;
+}
+
+.books .html {
+	width:170px;
+	display:block;
+}
+
+.books .pdf {
+	position:absolute;
+	left:170px;
+	top:0px;
+	font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+	color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+	color:#000;
+}
+
+.books li a {
+	text-decoration:none;
+}
+
+.books li a:hover {
+	color:black;
+}
+
+/*products*/
+.products li {
+	display: block;
+	width:300px;
+	float:left;
+}
+
+.products li a {
+	width:300px;
+	padding:.5em 0em;
+}
+
+.products ul {
+	clear:both;
+}
+
+/*revision history*/
+.revhistory {
+	display:block;
+}
+
+.revhistory table {
+	background-color:transparent;
+	border-color:#fff; 
+	padding:0em;
+	margin: 0;
+	border-collapse:collapse;
+	border-style:none; 
+}
+
+.revhistory td {
+	text-align :left;
+	padding:0em;
+	border: none; 
+	border-top: 1px solid #fff;
+	font-weight: bold;
+}
+
+.revhistory .itemizedlist {
+	font-weight: normal;
+}
+
+.revhistory ul {
+	margin-top: 0;
+	margin-left: 1em;
+}
+
+.revhistory .simplelist td {
+	font-weight: normal;
+}
+
+.revhistory .simplelist {
+	margin-bottom: 0em;
+	margin-left: 1em;
+}
+
+.revhistory table th {
+	display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+	clear:both;
+	text-align: center;
+}
+
+h3.author {
+	margin: 0em;
+	padding: 0em;
+	padding-top: 1em;
+}
+
+.authorgroup h4 {
+	padding: 0em;
+	margin: 0em;
+	padding-top: 1em;
+	margin-top: 1em;
+}
+
+.author, 
+.editor, 
+.translator, 
+.othercredit,
+.contrib {
+	display: block;
+}
+
+.revhistory .author {
+	display: inline;
+}
+
+.othercredit h3 {
+	padding-top: 1em;
+}
+
+
+.othercredit {
+	margin:0em;
+	padding:0em;
+}
+
+.releaseinfo {
+	clear: both;
+}
+
+.copyright {
+	margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+	margin-bottom:1em;
+	border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+	border-bottom:1px dotted #ccc;
+}
+
+.question {
+	font-weight:bold;
+}
+
+.answer .data, .question .data {
+	padding-left: 2.6em;
+}
+
+.answer label, .question label {
+	float:left;
+	font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+	color: #0000ff;
+}
+
+.perl_BaseN {
+	color: #007f00;
+}
+
+.perl_BString {
+	color: #5C3566;
+}
+
+.perl_Char {
+	color: #ff00ff;
+}
+
+.perl_Comment {
+	color: #FF00FF;
+}
+
+
+.perl_DataType {
+	color: #0000ff;
+}
+
+
+.perl_DecVal {
+	color: #00007f;
+}
+
+
+.perl_Error {
+	color: #ff0000;
+}
+
+
+.perl_Float {
+	color: #00007f;
+}
+
+
+.perl_Function {
+	color: #007f00;
+}
+
+
+.perl_IString {
+	color: #5C3566;
+}
+
+
+.perl_Keyword {
+	color: #002F5D;
+}
+
+
+.perl_Operator {
+	color: #ffa500;
+}
+
+
+.perl_Others {
+	color: #b03060;
+}
+
+
+.perl_RegionMarker {
+	color: #96b9ff;
+}
+
+
+.perl_Reserved {
+	color: #9b30ff;
+}
+
+
+.perl_String {
+	color: #5C3566;
+}
+
+
+.perl_Variable {
+	color: #0000ff;
+}
+
+
+.perl_Warning {
+	color: #0000ff;
+}
+
+/*Lists*/
+ul {
+	padding-left:1.6em;
+	list-style-image:url(../images/dot.png);
+	list-style-type: circle;
+}
+
+ul ul {
+	list-style-image:url(../images/dot2.png);
+	list-style-type: circle;
+}
+
+ol {
+	list-style-image:none;
+	list-style-type: decimal;
+}
+
+ol ol {
+	list-style-type: lower-alpha;
+}
+
+ol.arabic {
+	list-style-type: decimal;
+}
+
+ol.loweralpha {
+	list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+	list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+	list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+	list-style-type: upper-roman;
+}
+
+dt {
+	font-weight:bold;
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+dd {
+	margin:0em;
+	margin-left:2em;
+	padding-top:0em;
+	padding-bottom: 1em;
+}
+
+li {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.4em;
+}
+
+li p, li div.para {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+	display:block;
+	margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+	display:inline;
+	margin:0em;
+}
+
+.figure img {
+	display:block;
+	margin:0;
+}
+
+.figure .title {
+	margin:0em;
+	margin-bottom:2em;
+	padding:0px;
+}
+
+/*document modes*/
+.confidential {
+	background-color:#900;
+	color:White;
+	padding:.5em .5em;
+	text-transform:uppercase;
+	text-align:center;
+}
+
+.longdesc-link {
+	display:none;
+}
+
+.longdesc {
+	display:none;
+}
+
+.prompt {
+	padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+	font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight: bold;
+	white-space: nowrap;
+}
+
+.example {
+	background-color: #ffffff;
+	border-left: 3px solid #aaaaaa;
+	padding-top: 1em;
+	padding-bottom: 0.1em;
+}
+
+.example h6 {
+	padding-left: 10px;
+}
+
+.example-contents {
+	padding-left: 10px;
+	background-color: #ffffff;
+}
+
+.example-contents .para {
+/*	 padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput, 
+.option {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+.replaceable {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+	font-weight: inherit;
+}
+
+pre {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	display:block;
+	background-color: #f5f5f5;
+	color: #000000;
+	border: 1px solid #aaaaaa;
+	margin-bottom: 0.3em;
+	padding:.5em 1em;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+	font-size: 0.9em;
+}
+
+pre .replaceable, 
+pre .keycap {
+}
+
+code {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	white-space: nowrap;
+	font-weight:bold;
+}
+
+.parameter code {
+	display: inline;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+	content:url(../images/warning.png);
+	padding-left: 5px;
+}
+
+div.note:before {
+	content:url(../images/note.png);
+	padding-left: 5px;
+}
+
+div.important:before {
+	content:url(../images/important.png);
+	padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+	color: black;
+	margin: 0em;
+	padding: 0em;
+	background: none;
+	background-color: white;
+	margin-bottom: 1em;
+	border-bottom: 1px solid #aaaaaa;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+	margin: 0em;
+	padding: 0em;
+	color: #eeeeec;
+	padding-top: 0px;
+	padding-bottom: 0px;
+	height: 1.4em;
+	line-height: 1.4em;
+	font-size: 1.4em;
+	display:inline;
+}
+
+div.admonition_header {
+	clear: both;
+	margin: 0em;
+	padding: 0em;
+	margin-top: -3.3em;
+	padding-left: 58px;
+	line-height: 1.0em;
+	font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+	background: url(../images/red.png) top left repeat-x;
+	background-color: #590000;
+}
+
+div.note div.admonition_header {
+	background: url(../images/green.png) top right repeat-x;
+	background-color: #597800;
+}
+
+div.important div.admonition_header {
+	background: url(../images/yellow.png) top right repeat-x;
+	background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+	padding: 0em;
+	margin: 0em;
+}
+
+div.admonition {
+	border: none;
+	border-left: 1px solid #aaaaaa;
+	border-right: 1px solid #aaaaaa;
+	padding:0em;
+	margin:0em;
+	padding-top: 1.5em;
+	padding-bottom: 1em;
+	padding-left: 2em;
+	padding-right: 1em;
+	background-color: #eeeeec;
+	-moz-border-radius: 0px;
+	-webkit-border-radius: 0px;
+	border-radius: 0px;
+}
+
+/*Page Title*/
+#title  {
+	display:block;
+	height:45px;
+	padding-bottom:1em;
+	margin:0em;
+}
+
+#title a.left{
+	display:inline;
+	border:none;
+}
+
+#title a.left img{
+	border:none;
+	float:left;
+	margin:0em;
+	margin-top:.7em;
+}
+
+#title a.right {
+	padding-bottom:1em;
+}
+
+#title a.right img {
+	border:none;
+	float:right;
+	margin:0em;
+	margin-top:.7em;
+}
+
+/*Table*/
+table {
+	border:1px solid #6c614b;
+	width:100%;
+	border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+	border-style: none;
+}
+
+table th {
+	text-align:left;
+	background-color:#6699cc;
+	padding:.3em .5em;
+	color:white;
+}
+
+table td {
+	padding:.15em .5em;
+}
+
+table tr.even td {
+	background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table  li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table  li div.para:first-child {
+	margin-top:0em;
+	padding-top:0em;
+	display:inline;
+}
+
+th, td {
+	border-style:none;
+	vertical-align: top;
+	border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+	border: none;
+}
+
+table table td {
+	border-bottom:1px dotted #aaa;
+	background-color:white;
+	padding:.6em 0em;
+}
+
+table table {
+	border:1px solid white;
+}
+
+td.remarkval {
+	color:#444;
+}
+
+td.fieldval {
+	font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+	color:white;
+	font-weight:bold;
+	background-color:#999;
+	width:120px;
+}
+
+td.remarkval {
+	width:230px;
+}
+
+td.tname {
+	font-weight:bold;
+}
+
+th.dbfield {
+	width:120px;
+}
+
+th.dbtype {
+	width:70px;
+}
+
+th.dbdefault {
+	width:70px;
+}
+
+th.dbnul {
+	width:70px;
+}
+
+th.dbkey {
+	width:70px;
+}
+
+span.book {
+	margin-top:4em;
+	display:block;
+}
+
+span.chapter {
+	display:block;
+	margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+	border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+	content:" ";
+}
+
+#breadcrumbs {
+	color:#900;
+	padding:3px;
+	margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+	margin-left:0;
+	padding-left:0;
+	display:inline;
+	border:none;
+}
+
+#breadcrumbs ul li {
+	margin-left:0;
+	padding-left:2px;
+	border:none;
+	list-style:none;
+	display:inline;
+}
+
+#breadcrumbs ul li:before {
+	content:"\0020 \0020 \0020 \00BB \0020";
+	color:#333;
+}
+
+/*index*/
+.glossary h3, 
+.index h3 {
+	font-size: 2em;
+	color:#aaa;
+	margin:0em;
+}
+
+.indexdiv {
+	margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+	color:#444;
+	padding-top:.5em;
+}
+
+.glossary dl dl dt, 
+.index dl dl dt {
+	color:#777;
+	font-weight:normal;
+	padding-top:0em;
+}
+
+.index dl dl dt:before {
+	content:"- ";
+	color:#ccc;
+}
+
+/*changes*/
+.footnote {
+	font-size: .7em;
+	margin:0em;
+	color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+	color:#999;
+	margin:0em;
+	padding:0em;
+	line-height: .4em;
+	font-size: 1em;
+	padding-left:0em;
+}
+
+.footnote {
+	position:relative;
+}
+
+.footnote sup  {
+	color:#e3dcc0;
+	position:absolute;
+	left: .4em;
+}
+
+.footnote sup a:link, 
+.footnote sup a:visited {
+	color:#92917d;
+	text-decoration:none;
+}
+
+.footnote:hover sup a {
+	text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+	padding-left:2em;
+}
+
+.footnote a:link, 
+.footnote a:visited {
+	color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+	margin-top:3em;
+}
+
+div.section {
+	margin-top:1em;
+}
+
+div.note .replaceable, 
+div.important .replaceable, 
+div.warning .replaceable, 
+div.note .keycap, 
+div.important .keycap, 
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+	border:none;
+	text-decoration:none;
+	font-weight:normal;
+}
+
+.docnav {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	position:relative;
+	width:100%;
+	padding-bottom:2em;
+	padding-top:1em;
+	border-top:1px dotted #ccc;
+}
+
+.docnav li {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	display:inline;
+	font-size:.8em;
+}
+
+.docnav li:before {
+	content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+	position:absolute;
+	top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+	margin:0em 1.5em;
+}
+
+.docnav li.previous {
+	left:0px;
+	text-align:left;
+}
+
+.docnav li.next {
+	right:0px;
+	text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+	height:22px;
+	display:block;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+.docnav li.next a strong {
+	background:  url(../images/stock-go-forward.png) top right no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-right:28px;
+	font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+	background: url(../images/stock-go-back.png) top left no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-left:28px;
+	padding-right:0.5em;
+	font-size:1.2em;
+}
+
+.docnav li.home a strong {
+	background: url(../images/stock-home.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav li.up a strong {
+	background: url(../images/stock-go-up.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+	color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+	color:black;
+}
+
+.docnav a {
+	max-width: 10em;
+	overflow:hidden;
+}
+
+.docnav a:link strong {
+	text-decoration:none;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+ul.docnav {
+	margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.reports li{
+	margin:0em;
+	padding:0em;
+}
+
+.reports li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.reports dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.reports div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+	max-width:57em ;
+	padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+	display:block;
+	float:left;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	height:1em;
+}
+
+div.progress span {
+	height:1em;
+	float:left;
+}
+
+div.progress span.translated {
+	background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+	background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.results li{
+	margin:0em;
+	padding:0em;
+}
+
+.results li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.results dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.results dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.results dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.results h2, .results h3 {
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.results div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+	-moz-border-radius:11px;
+	-webkit-border-radius:11px;
+	border-radius: 11px;
+}
+
+.example {
+	-moz-border-radius:0px;
+	-webkit-border-radius:0px;
+	border-radius: 0px;
+}
+
+.package, .citetitle {
+	font-style: italic;
+}
+
+.titlepage .edition {
+	color: #336699;
+	background-color: transparent;
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	font-weight: bold;
+	text-align: center;
+}
+
+span.remark {
+	background-color: #ff00ff;
+}
+
+.draft {
+	background-image: url(../images/watermark-draft.png);
+	background-repeat: repeat-y;
+        background-position: center;
+}
+
+.foreignphrase {
+	font-style: inherit;
+}
+
+dt {
+	clear:both;
+}
+
+dt img {
+	border-style: none;
+	max-width: 112px;
+}
+
+dt object {
+	max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+	display: inline;
+	float: left;
+	margin-bottom: 1em;
+	padding-right: 1em;
+	width: 112px;
+}
+
+dl:after {
+	display: block;
+	clear: both;
+	content: "";
+}
+
+.toc dd {
+	padding-bottom: 0em;
+	margin-bottom: 1em;
+	padding-left: 1.3em;
+	margin-left: 0em;
+}
+
+div.toc > dl > dt {
+	padding-bottom: 0em;
+	margin-bottom: 0em;
+	margin-top: 1em;
+}
+
+
+.strikethrough {
+	text-decoration: line-through;
+}
+
+.underline {
+	text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+	padding: 0em;
+	margin: 0em;
+	width: 12pt;
+	display: inline;
+	vertical-align: middle;
+}
+
+.stepalternatives {
+	list-style-image: none;
+	list-style-type: none;
+}
+
+
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/default.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/default.css
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/lang.css b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/overrides.css b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/overrides.css
new file mode 100644
index 0000000..bd5f3c7
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/overrides.css
@@ -0,0 +1,47 @@
+a:link {
+	color:#0066cc;
+}
+
+a:visited {
+	color:#6699cc;
+}
+
+h1 {
+	color:#a70000;
+}
+
+.producttitle {
+	background: #a70000 url(../images/h1-bg.png) top left repeat;
+}
+
+.section h1.title {
+	color:#a70000;
+}
+
+h2,h3,h4,h5,h6 {
+	color:#a70000;
+}
+
+table {
+	border:1px solid #aaa;
+}
+
+table th {
+	background-color:#900;
+}
+
+table tr.even td {
+	background-color:#f5f5f5;
+}
+
+.revhistory table th {
+	color:#a70000;
+}
+
+.titlepage .edition {
+	color: #a70000;
+}
+
+span.remark{
+	background-color: #ffff00;
+}
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/print.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/css/print.css
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/1.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/1.png
new file mode 100644
index 0000000..270707b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/1.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/1.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/1.svg
new file mode 100644
index 0000000..0a7036e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/1.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 17.853468,22.008438 -2.564941,0 0,-7.022461 c -5e-6,-0.143873 -5e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224122,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08854,0.08302 -0.17432,0.157723 -0.257324,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/10.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/10.png
new file mode 100644
index 0000000..ec548f3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/10.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/10.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/10.svg
new file mode 100644
index 0000000..d1c32c7
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/10.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/11.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/11.png
new file mode 100644
index 0000000..f59d84b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/11.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/11.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/11.svg
new file mode 100644
index 0000000..872d14a
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/11.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/12.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/12.png
new file mode 100644
index 0000000..c8a3906
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/12.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/12.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/12.svg
new file mode 100644
index 0000000..6bc95d2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/12.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/13.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/13.png
new file mode 100644
index 0000000..2db6743
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/13.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/13.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/13.svg
new file mode 100644
index 0000000..cf105bc
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/13.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/14.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/14.png
new file mode 100644
index 0000000..1a12fb3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/14.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/14.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/14.svg
new file mode 100644
index 0000000..1009bce
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/14.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/15.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/15.png
new file mode 100644
index 0000000..2532d13
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/15.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/15.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/15.svg
new file mode 100644
index 0000000..52daf8d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/15.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2839"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2841"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/16.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/16.png
new file mode 100644
index 0000000..3b3f17f
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/16.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/16.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/16.svg
new file mode 100644
index 0000000..95dedc2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/16.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/17.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/17.png
new file mode 100644
index 0000000..d0f12f7
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/17.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/17.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/17.svg
new file mode 100644
index 0000000..7b3e327
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/17.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/18.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/18.png
new file mode 100644
index 0000000..ed2f1fe
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/18.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/18.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/18.svg
new file mode 100644
index 0000000..fc744d5
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/18.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/19.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/19.png
new file mode 100644
index 0000000..a145b4a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/19.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/19.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/19.svg
new file mode 100644
index 0000000..69c6f5f
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/19.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 13.215925,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141118,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168787,0.157724 -0.257325,0.240723 -0.08854,0.08302 -0.1743194,0.157723 -0.2573238,0.224121 L 8.442976,14.529434 7.1978588,12.985489 11.107527,9.8726959 l 2.108398,0 0,12.1357421"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/2.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/2.png
new file mode 100644
index 0000000..126f8fd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/2.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/2.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/2.svg
new file mode 100644
index 0000000..15424b2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/2.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 19.89546,22.008438 -8.143066,0 0,-1.784668 2.855468,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979493,-1.0708 0.293289,-0.326492 0.545079,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.373529,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.17431,-0.666821 0.174316,-1.037598 -6e-6,-0.409496 -0.124517,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827313,0.522958 -1.270019,0.921386 l -1.394531,-1.651855 c 0.249022,-0.226877 0.509113,-0.442698 0.780273,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079102,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319824,-0.1494141 0.58105,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187012,0.6889648 0.326489,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.893727 0.265625,1.41
 9433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/20.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/20.png
new file mode 100644
index 0000000..b23618f
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/20.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/20.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/20.svg
new file mode 100644
index 0000000..7abd11e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/20.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/21.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/21.png
new file mode 100644
index 0000000..91b602b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/21.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/21.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/21.svg
new file mode 100644
index 0000000..8d33472
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/21.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/22.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/22.png
new file mode 100644
index 0000000..33e0374
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/22.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/22.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/22.svg
new file mode 100644
index 0000000..0224965
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/22.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/23.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/23.png
new file mode 100644
index 0000000..cc961c1
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/23.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/23.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/23.svg
new file mode 100644
index 0000000..72609f4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/23.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/24.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..17b1531
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/24.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/24.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..5b34c33
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/25.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..193686c
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/25.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/25.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..4f57373
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/26.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..e8bf82a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/26.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/26.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..aff5a90
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/27.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..06dfc67
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/27.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/27.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..0769006
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/28.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..065ce1a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/28.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/28.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..60cf157
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/29.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..8f28d5b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/29.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/29.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..6dc6635
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/3.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/3.png
new file mode 100644
index 0000000..9e3ae40
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/3.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/3.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/3.svg
new file mode 100644
index 0000000..2e88abd
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/3.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 19.422316,12.587051 c -9e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.23243,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315437,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.392911,0.332031 -0.890957,0.592122 -1.494141,0.780273 -0.597661,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267255,-0.05534 -1.842773,-0.166016 -0.575523,-0.105143 -1.112306,-0.268392 -1.610352,-0.489746 l 0,-2.183105 c 0.249023,0.132815 0.511881,0.249025 0.788574,0.348632 0.276692,0.09961 0.553384,0.185387 0.830079,0.257325 0.27669,0.06641 0.547848,0.116212 0.813476,0.149414 0.271156,0.0332 0.525713,0.04981 0.763672,0.0498 0.475907,2e-6 0.871577,-0.04427 1.187012,-0.132812 0.315424,-
 0.08854 0.567214,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320957,-0.351397 0.398437,-0.572754 0.083,-0.226885 0.124506,-0.473141 0.124512,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.265631,-0.376297 -0.498047,-0.514648 -0.226893,-0.143876 -0.525721,-0.254553 -0.896484,-0.332032 -0.370773,-0.07747 -0.827315,-0.116205 -1.369629,-0.116211 l -0.863281,0 0,-1.801269 0.846679,0 c 0.509111,7e-6 0.932451,-0.04426 1.27002,-0.132813 0.33756,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.43164,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.68897,-0.365224 -1.27002,-0.365234 -0.265629,10e-6 -0.514652,0.02768 -0.74707,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193688,0.07748 -0.373538,0.166026 -0.539551,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439941,0.282227 l -1.294922,-1.70
 9961 c 0.232421,-0.171538 0.484211,-0.329253 0.755371,-0.473145 0.276691,-0.143868 0.575519,-0.26838 0.896484,-0.373535 0.320961,-0.1106647 0.666827,-0.1964393 1.037598,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492506,0.1272911 0.913079,0.3154421 1.261718,0.5644531 0.348626,0.243501 0.617017,0.545096 0.805176,0.904786 0.193677,0.354177 0.290519,0.760914 0.290528,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/30.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..d583185
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/30.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/30.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..717ae1c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/31.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..9146925
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/31.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/31.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..25c7b52
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/32.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..cbc972e
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/32.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/32.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..79866e8
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/33.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..7c1ab6a
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/33.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/33.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..01c3222
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/34.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..2585ddc
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/34.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/34.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..cf9cf7c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/35.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..86ff09c
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/35.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/35.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..948ed84
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/36.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..c4a7f79
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/36.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/36.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..cff32b5
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/37.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..91cf6ae
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/37.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/37.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..6694ee4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/38.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..882f8cd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/38.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/38.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..26ded93
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/39.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..cc0726d
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/39.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/39.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..082c1b1
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/4.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/4.png
new file mode 100644
index 0000000..266e714
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/4.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/4.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/4.svg
new file mode 100644
index 0000000..25888e4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/4.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 20.078077,19.493301 -1.460937,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460937,0 0,1.992187 m -3.959472,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09962,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.12175,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.025391,3.071289 2.75586,0"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/40.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..b92fd2f
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/40.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/40.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..33ef96a
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/5.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/5.png
new file mode 100644
index 0000000..94153bd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/5.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/5.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/5.svg
new file mode 100644
index 0000000..7d1dabd
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/5.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 16.035597,14.255508 c 0.520177,8e-6 1.004388,0.08025 1.452637,0.240723 0.448235,0.160489 0.838371,0.395678 1.17041,0.705566 0.332023,0.309903 0.592114,0.697272 0.780273,1.16211 0.188143,0.459315 0.282218,0.987797 0.282227,1.585449 -9e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.204761,0.520184 -0.506356,0.962892 -0.904785,1.328125 -0.398445,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261724,0.290528 -2.025391,0.290528 -0.304365,0 -0.60596,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863281,-0.124512 -0.271161,-0.04981 -0.531252,-0.116211 -0.780274,-0.199219 -0.24349,-0.08301 -0.464844,-0.17985 -0.664062,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672363,0.31543 0.254556,0.09408 0.517414,0.177086 0.788574,0.249024 0.276691,0.06641 0.553383,0.121746 0.830078,0.166015 0.27669,0.03874 0.539548,0.05811 0.788575,0.05811 0.741532,2e-6 1.305984,-0.152179 1.693359,-0.456543 0.387364,-0.309893 0.5810
 49,-0.799639 0.581055,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751465,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320966,0.03874 -0.481445,0.06641 -0.154951,0.02768 -0.304365,0.05811 -0.448242,0.09131 -0.143883,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456542,-6.1840821 6.408204,0 0,2.1748051 -4.183594,0 -0.199219,2.382324 c 0.17708,-0.03873 0.381832,-0.07747 0.614258,-0.116211 0.237951,-0.03873 0.542313,-0.0581 0.913086,-0.05811"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/6.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/6.png
new file mode 100644
index 0000000..792940e
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/6.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/6.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/6.svg
new file mode 100644
index 0000000..3ab7c39
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/6.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 11.702589,16.853653 c -10e-7,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.0664,-0.575514 0.179849,-1.126132 0.340332,-1.651856 0.166014,-0.531241 0.387368,-1.023753 0.664062,-1.477539 0.282225,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431638,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603186,-0.1936727 1.305984,-0.2905151 2.108399,-0.2905274 0.116204,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.138339,0.00555 0.276685,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251782,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210295,-0.04979 -0.434416,-0.08853 -0.672364,-0.116211 -0.232429,-0.03319 -0.467617,-0.04979 -0.705566,-0.0498 -0.747076,1e-5 -1.361334,0.09408 -1.842774,0.282226 -0.481449,0.182627 -0.863285,0.439951 -1.145507,0.771973 -0.28223,0.33204 -0.484216,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.215821,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243486,-0.384596 0.39843
 7,-0.556153 0.160478,-0.177076 0.345862,-0.32649 0.556153,-0.448242 0.210282,-0.127271 0.44547,-0.22688 0.705566,-0.298828 0.26562,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419433,0.257324 0.420566,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.15494,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282226,1.768066 -0.182626,0.520184 -0.445484,0.962892 -0.788575,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643554,0.282227 -0.597661,0 -1.15658,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.973961,-0.542317 -1.361328,-0.979492 -0.381838,-0.437173 -0.683433,-0.987791 -0.904785,-1.651856 -0.215822,-0.669593 -0.323732,-1.460933 -0.323731,-2.374023 m 4.216797,3.270508 c 0.226883,2e-6 0.431635,-0.0415 0.614258,-0.124512 0.188145,-0.08854 0.348627,-0.218585 0.481445,-0.390137 0.13834,-0.17708 0.243483,-0.3
 98434 0.31543,-0.664062 0.07747,-0.265622 0.116204,-0.581051 0.116211,-0.946289 -7e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243496,-0.343094 -0.617031,-0.514643 -1.120606,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.39014,0.229661 -0.53955,0.390137 -0.149418,0.160487 -0.265629,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.31543,0.755371 0.143876,0.221357 0.318193,0.401207 0.522949,0.539551 0.210282,0.138349 0.453772,0.207522 0.730469,0.20752"
+       id="path2846"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/7.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/7.png
new file mode 100644
index 0000000..59eaefd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/7.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/7.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/7.svg
new file mode 100644
index 0000000..ab9cb5d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/7.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 12.789991,22.008438 4.316407,-9.960937 -5.578125,0 0,-2.1582035 8.367187,0 0,1.6103515 -4.424316,10.508789 -2.681153,0"
+       id="path2832"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/8.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/8.png
new file mode 100644
index 0000000..6aad94b
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/8.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/8.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/8.svg
new file mode 100644
index 0000000..23b1e20
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/8.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.761671,9.7149811 c 0.503576,1.23e-5 0.979487,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337558,0.243501 0.60595,0.547862 0.805176,0.913086 0.199211,0.365244 0.29882,0.794118 0.298828,1.286621 -8e-6,0.365243 -0.05535,0.697274 -0.166015,0.996094 -0.110686,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193693,0.237963 -0.423348,0.451017 -0.688965,0.639161 -0.265632,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.633619,0.362473 0.937988,0.572754 0.309888,0.210292 0.583814,0.448247 0.821777,0.713867 0.237948,0.260096 0.428866,0.55339 0.572754,0.879883 0.143872,0.326501 0.215812,0.691735 0.21582,1.095703 -8e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478686,0.758139 -0.838379,1.045898 -0.359707,0.287761 -0.791348,0.509115 -1.294921,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651856,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.9379
 9,-0.362467 -1.286621,-0.639161 -0.348634,-0.276691 -0.614259,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265626,-0.857744 -0.265625,-1.361328 -10e-7,-0.415035 0.06087,-0.78857 0.182617,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498047,-0.896485 0.210285,-0.265619 0.456541,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271162,-0.171543 -0.525719,-0.356927 -0.763672,-0.556152 -0.237958,-0.204746 -0.445477,-0.428866 -0.622559,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -10e-7,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478677,-0.669585 0.821778,-0.913086 0.343096,-0.249012 0.738766,-0.434396 1.187011,-0.5561527 0.448239,-0.1217326 0.918616,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.107911,0.614258 0.07194,0.18262 0.17708,0.340334 0.315429,0.473145 0.143877,0.132814 0.32
 096,0.237957 0.53125,0.315429 0.210283,0.07194 0.453772,0.107912 0.730469,0.10791 0.581049,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.43164,-1.087402 -6e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218593,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.320969,-0.307125 -0.514648,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 15.662062,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664063,0.398438 -0.199222,0.138351 -0.370772,0.293299 -0.514648,0.464844 -0.13835,0.16602 -0.24626,0.348637 -0.323731,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.701661,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514649,0.08301 -0.154952,0.05535 -0.290531,0.13559 -0.406738,0.240723 -0.110681,0.105153 -0.199223,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.31543
 8 0.282226,0.448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160478,0.09962 0.32926,0.199226 0.506348,0.298828 0.171545,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154943,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.12174,-0.138338 0.218582,-0.293286 0.290528,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.157721,-0.284984 -0.273926,-0.390137 -0.116217,-0.105133 -0.254563,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/9.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/9.png
new file mode 100644
index 0000000..2478355
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/9.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/9.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/9.svg
new file mode 100644
index 0000000..80db11b
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/9.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#aa0000" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;text-anchor:start;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 19.829054,15.052383 c -9e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340333,1.651856 -0.160489,0.525719 -0.381843,1.018232 -0.664062,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426113,0.332032 -0.940761,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.30046,0.282227 -2.108399,0.282227 -0.116214,0 -0.243492,-0.0028 -0.381836,-0.0083 -0.138348,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273927,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237954,0.02767 0.478676,0.04151 0.722168,0.0415 0.747067,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.481441,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.282221,-0.337562 0.481439,-0.738766 0.597657,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.107911,0 c -0.110683,0.199225 -0.243495,0.384609 -0.398437,0.556153 -0.
 154954,0.171554 -0.337571,0.320968 -0.547852,0.448242 -0.210291,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.265629,0.07194 -0.56169,0.107914 -0.888183,0.10791 -0.52572,4e-6 -0.998864,-0.08577 -1.419434,-0.257324 -0.420575,-0.171545 -0.777508,-0.420568 -1.070801,-0.74707 -0.287761,-0.326492 -0.509115,-0.727696 -0.664062,-1.203614 -0.154949,-0.475904 -0.232423,-1.020988 -0.232422,-1.635253 -10e-7,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453774,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758135,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043127,-0.2905151 1.651855,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520176,0.210298 0.971184,0.534028 1.353027,0.971192 0.381829,0.437185 0.683423,0.990569 0.904786,1.660156 0.221345,0.669605 0.332022,1.458178 0.332031,2.365722 m -4.216797,-3.262207 c -0.226892,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188154,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132815,0.17155
 9 -0.237959,0.392913 -0.315429,0.664062 -0.07194,0.265634 -0.107914,0.581063 -0.107911,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373536,1.394532 0.249019,0.343105 0.625321,0.514654 1.128906,0.514648 0.254552,6e-6 0.486974,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.53955,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124506,-0.401197 0.124512,-0.605958 -6e-6,-0.282218 -0.03598,-0.561677 -0.10791,-0.838378 -0.06641,-0.282218 -0.171556,-0.534008 -0.31543,-0.755372 -0.138352,-0.226878 -0.312668,-0.409495 -0.522949,-0.547851 -0.204758,-0.138336 -0.44548,-0.207509 -0.722168,-0.20752"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/bkgrnd_greydots.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/bkgrnd_greydots.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/bullet_arrowblue.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/bullet_arrowblue.png
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/documentation.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/documentation.png
new file mode 100644
index 0000000..7ae45bd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/documentation.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/dot.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/dot.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/dot2.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/dot2.png
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/green.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/green.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/h1-bg.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/h1-bg.png
new file mode 100644
index 0000000..31397b5
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/h1-bg.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/image_left.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/image_left.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/image_left.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/image_right.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/image_right.png
new file mode 100644
index 0000000..7ae45bd
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/image_right.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/important.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/important.png
new file mode 100644
index 0000000..eb42966
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/important.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/important.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/important.svg
new file mode 100644
index 0000000..064c783
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/important.svg
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="48"
+   height="48"
+   id="svg2">
+  <defs
+     id="defs5" />
+  <path
+     d="M 255.25,-411.29002 L 261.86798,-400.85887 L 273.83367,-397.7882 L 265.95811,-388.27072 L 266.73534,-375.94179 L 255.25,-380.49082 L 243.76466,-375.94179 L 244.54189,-388.27072 L 236.66633,-397.7882 L 248.63202,-400.85887 L 255.25,-411.29002 z "
+     transform="matrix(1.1071323,0,0,1.1071323,-258.4137,459.98052)"
+     style="fill:#2e3436;fill-opacity:1;stroke:#2e3436;stroke-width:4.25880718;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path4450" />
+  <path
+     d="M 255.25,-411.29002 L 261.86798,-400.85887 L 273.83367,-397.7882 L 265.95811,-388.27072 L 266.73534,-375.94179 L 255.25,-380.49082 L 243.76466,-375.94179 L 244.54189,-388.27072 L 236.66633,-397.7882 L 248.63202,-400.85887 L 255.25,-411.29002 z "
+     transform="matrix(1.1071323,0,0,1.1071323,-258.4137,459.98052)"
+     style="fill:#fac521;fill-opacity:1;stroke-width:3.4070456;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path4452" />
+  <path
+     d="M 24.175987,4.476098 L 16.980534,16.087712 L 3.9317841,19.443104 L 16.980534,20.076901 L 24.175987,10.383543 L 31.408721,20.076901 L 44.457471,19.443104 L 31.468862,16.027571 L 24.175987,4.476098 z "
+     style="fill:#feeaab;fill-opacity:1;stroke-width:3.4070456;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path4531" />
+  <path
+     d="M 12.456856,24.055852 C 11.65845,24.299685 14.436112,29.177769 14.436112,32.041127 C 14.436112,37.343117 13.010825,39.831516 15.971742,37.364645 C 18.711008,35.08244 21.184735,34.873512 24.195894,34.873512 C 27.207053,34.873512 29.646656,35.08244 32.38592,37.364645 C 35.346837,39.831516 33.921551,37.343117 33.92155,32.041127 C 33.92155,28.223316 38.868232,20.827013 33.682674,25.591482 C 31.458295,27.635233 27.413886,29.481744 24.195894,29.481744 C 20.977903,29.481744 16.933493,27.635233 14.709113,25.591482 C 13.412724,24.400365 12.722992,23.974574 12.456856,24.055852 z "
+     style="fill:#fcd867;fill-opacity:1;stroke-width:3.4070456;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     id="path2185" />
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/note.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/note.png
new file mode 100644
index 0000000..2b421d2
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/note.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/note.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/note.svg
new file mode 100644
index 0000000..abe5a60
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/note.svg
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="48"
+   height="48"
+   id="svg2">
+  <defs
+     id="defs5" />
+  <path
+     d="M 30.27396,4.1232594 L 18.765811,4.1232594 C 11.476786,4.1232594 5.5574109,10.546411 5.5574109,19.960741 C 5.5574109,24.746615 7.0844878,29.075948 9.5403943,32.177328 C 9.4616811,32.681104 9.414455,33.200619 9.414455,33.720144 C 9.414455,39.308917 13.554865,43.591015 18.891751,44.267966 C 17.506371,42.693663 16.656245,40.914707 16.656245,38.616218 C 16.656245,38.01799 16.719219,37.419752 16.82942,36.837262 C 17.459135,36.963202 18.104599,37.026176 18.750063,37.026176 L 30.258211,37.026176 C 37.547237,37.026176 43.466612,29.39081 43.466612,19.960741 C 43.466612,10.530672 37.578724,4.1232594 30.27396,4.1232594 z "
+     style="fill:#2e3436;fill-opacity:1;stroke:#2e3436;stroke-width:4.7150631;stroke-miterlimit:4;stroke-dasharray:none"
+     id="path4317" />
+  <path
+     d="M 30.27396,4.1232594 L 18.765811,4.1232594 C 11.476786,4.1232594 5.5574109,10.546411 5.5574109,19.960741 C 5.5574109,24.746615 7.0844878,29.075948 9.5403943,32.177328 C 9.4616811,32.681104 9.414455,33.200619 9.414455,33.720144 C 9.414455,39.308917 13.554865,43.591015 18.891751,44.267966 C 17.506371,42.693663 16.656245,40.914707 16.656245,38.616218 C 16.656245,38.01799 16.719219,37.419752 16.82942,36.837262 C 17.459135,36.963202 18.104599,37.026176 18.750063,37.026176 L 30.258211,37.026176 C 37.547237,37.026176 43.466612,29.39081 43.466612,19.960741 C 43.466612,10.530672 37.578724,4.1232594 30.27396,4.1232594 z "
+     style="fill:#bfdce8;fill-opacity:1"
+     id="path142" />
+  <path
+     d="M 19.200879,5.5648899 C 12.490241,5.5648899 7.0622987,11.295775 7.0622987,19.690323 C 7.0622987,22.890926 7.8418023,25.879852 9.1910836,28.332288 C 8.6113289,26.599889 8.2852163,24.667826 8.2852163,22.673336 C 8.2852163,14.629768 13.495502,9.1620492 19.925575,9.1620492 L 30.071259,9.1620492 C 36.515213,9.1620492 41.711609,14.616311 41.711609,22.673336 C 41.864688,21.709218 41.983366,20.710908 41.983366,19.690323 C 41.983366,11.281743 36.524624,5.5648899 29.799492,5.5648899 L 19.200879,5.5648899 z "
+     style="fill:#ffffff"
+     id="path2358" />
+  <path
+     d="M 28.241965,33.725087 L 20.792252,33.725087 C 16.073756,33.725087 12.241894,32.944782 12.241894,26.850486 C 12.241894,25.10387 12.368512,23.572125 15.515722,23.567487 L 33.508301,23.540969 C 36.182481,23.537028 36.782127,24.950794 36.782127,26.850486 C 36.782127,32.95497 32.970649,33.725087 28.241965,33.725087 z "
+     style="fill:#d0ecf9;fill-opacity:1"
+     id="path2173" />
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/red.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/red.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/redhat-logo.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/redhat-logo.svg
new file mode 100644
index 0000000..1001776
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/redhat-logo.svg
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="140"
+   id="svg2812"
+   sodipodi:version="0.32"
+   inkscape:version="0.45+devel"
+   version="1.0"
+   sodipodi:docname="redhat-logo.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     inkscape:document-units="mm"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="174.26394"
+     inkscape:cy="40.358463"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="722"
+     inkscape:window-height="523"
+     inkscape:window-x="71"
+     inkscape:window-y="636"
+     width="300px"
+     height="140px" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-13.714282,-252.57246)">
+    <g
+       transform="matrix(2.1166666,0,0,2.1166666,-32.193429,187.76029)"
+       id="shadowman">
+      <path
+         d="M 55.68466,68.503937 C 55.68466,79.688581 46.617715,88.755526 35.433071,88.755526 C 24.248427,88.755526 15.181482,79.688581 15.181482,68.503937 C 15.181482,57.319293 24.248427,48.252348 35.433071,48.252348 C 46.617715,48.252348 55.68466,57.319293 55.68466,68.503937 z"
+         transform="matrix(1.10693,0,0,1.10693,5.005761,-12.00975)"
+         style="fill:#ffffff"
+         id="path4548" />
+      <path
+         d="M 147.81332,72.126073 C 147.81332,73.329962 147.86057,74.57586 148.03519,75.740362 L 146.64882,75.740362 L 146.42826,73.559712 L 146.35605,73.559712 C 145.61822,74.733404 143.92333,76.086957 141.50635,76.086957 C 138.4461,76.086957 137.02164,73.933874 137.02164,71.904202 C 137.02164,68.394942 140.11998,66.27862 146.30878,66.34295 L 146.30878,65.937278 C 146.30878,64.432747 146.01471,61.431561 142.41879,61.45388 C 141.08756,61.45388 139.70118,61.810976 138.5997,62.588186 L 138.1205,61.494579 C 139.51083,60.551948 141.20703,60.180411 142.58291,60.180411 C 146.97178,60.180411 147.81201,63.475677 147.81201,66.194597 L 147.81201,72.126073 L 147.81332,72.126073 z M 146.30878,67.609855 C 142.99645,67.514016 138.62333,68.015527 138.62333,71.667888 C 138.62333,73.853791 140.06616,74.835806 141.65077,74.835806 C 144.1859,74.835806 145.62742,73.266945 146.15124,71.786044 C 146.26152,71.460456 146.3101,71.134869 146.3101,70.874924 L 146.3101,67.609855 L 146.30878,67.609855 z
  M 153.80387,57.175286 L 153.80387,60.527004 L 158.13891,60.527004 L 158.13891,61.747959 L 153.80387,61.747959 L 153.80387,71.635066 C 153.80387,73.568902 154.40385,74.780665 156.03835,74.780665 C 156.82343,74.780665 157.37877,74.676951 157.76606,74.541727 L 157.94856,75.707542 C 157.45754,75.912347 156.76567,76.072514 155.84798,76.072514 C 154.73862,76.072514 153.81831,75.723296 153.22358,74.994662 C 152.53566,74.195133 152.29934,72.917726 152.29934,71.365932 L 152.29934,61.746646 L 149.7314,61.746646 L 149.7314,60.525692 L 152.29934,60.525692 L 152.29934,57.729312 L 153.80387,57.175286 z M 129.02767,60.179099 C 127.87105,60.179099 126.8339,60.512563 125.96348,61.052146 C 125.05891,61.581226 124.3224,62.399135 123.88522,63.247239 L 123.8222,63.247239 L 123.8222,55.719331 L 122.31767,55.309721 L 122.31767,75.740362 L 123.8222,75.740362 L 123.8222,66.437475 C 123.8222,65.819121 123.86947,65.39113 124.02832,64.938196 C 124.67818,63.046372 126.45974,61.493265 128.61545,61.49326
 5 C 131.72953,61.493265 132.80739,63.990315 132.80739,66.730242 L 132.80739,75.73905 L 134.31191,75.73905 L 134.31191,66.564822 C 134.31191,60.899855 130.4692,60.179099 129.02767,60.179099 z"
+         id="path620" />
+      <path
+         d="M 78.208384,65.270348 C 78.208384,63.205228 78.16506,61.686255 78.08235,60.311696 L 81.460325,60.311696 L 81.604739,63.240675 L 81.713705,63.240675 C 82.473849,61.069213 84.273772,59.961164 85.938472,59.961164 C 86.319199,59.961164 86.541071,59.976918 86.853532,60.045187 L 86.853532,63.719867 C 86.488557,63.648972 86.147215,63.609587 85.677213,63.609587 C 83.819525,63.609587 82.528988,64.792469 82.181081,66.560884 C 82.115438,66.904852 82.079992,67.318401 82.079992,67.738514 L 82.079992,75.73905 L 78.176875,75.73905 L 78.208384,65.270348 z M 91.56274,69.076313 C 91.666455,71.871381 93.83004,73.093647 96.328402,73.093647 C 98.123074,73.093647 99.405732,72.814009 100.58599,72.379455 L 101.16365,75.064243 C 99.842914,75.623519 98.010169,76.042319 95.771752,76.042319 C 90.763211,76.042319 87.82767,72.949234 87.82767,68.220332 C 87.82767,63.961432 90.411366,59.933594 95.372644,59.933594 C 100.38906,59.933594 102.02225,64.059896 102.02225,67.436558 C 102.02225,68.16256
 6 101.95792,68.744161 101.88309,69.103883 L 91.56274,69.076313 z M 98.348885,66.358704 C 98.365952,64.929006 97.743659,62.59869 95.129766,62.59869 C 92.728556,62.59869 91.730785,64.778027 91.554863,66.358704 L 98.348885,66.358704 z M 118.82942,54.363153 L 114.93024,53.307617 L 114.93024,61.97377 L 114.8659,61.97377 C 114.17665,60.834212 112.65375,59.962477 110.54268,59.962477 C 106.83386,59.962477 103.60162,63.033244 103.62656,68.201952 C 103.62656,72.945296 106.54372,76.086957 110.22759,76.086957 C 112.45288,76.086957 114.31582,75.024857 115.23745,73.297141 L 115.30703,73.297141 L 115.48164,75.73905 L 118.95675,75.73905 C 118.88586,74.690078 118.82809,72.991246 118.82809,71.411881 L 118.82809,54.363153 L 118.82942,54.363153 z M 114.92893,69.050056 C 114.92893,69.459667 114.90136,69.840395 114.81077,70.189614 C 114.41823,71.877945 113.0371,72.966301 111.44198,72.966301 C 108.98563,72.966301 107.57957,70.894617 107.57957,68.060164 C 107.57957,65.198141 108.97382,62.983355 111
 .48662,62.983355 C 113.2406,62.983355 114.49568,64.220064 114.84228,65.72197 C 114.90922,66.038368 114.92893,66.428286 114.92893,66.738119 L 114.92893,69.050056 L 114.92893,69.050056 z"
+         id="path616" />
+      <path
+         d="M 161.80517,73.528501 C 160.90479,73.528501 160.18937,74.243893 160.18939,75.144292 C 160.18939,76.044668 160.90478,76.760094 161.80517,76.760081 C 162.70554,76.760081 163.42095,76.041202 163.42097,75.144292 C 163.42097,74.24046 162.70554,73.528501 161.80517,73.528501 z M 161.80517,73.803529 C 162.54687,73.803529 163.14594,74.402585 163.14593,75.144292 C 163.14593,75.882533 162.54342,76.485053 161.80517,76.485053 C 161.06348,76.485053 160.46441,75.882523 160.46441,75.144292 C 160.46441,74.402596 161.06346,73.80354 161.80517,73.803529 z M 161.25512,74.319207 L 161.25512,75.969376 L 161.49577,75.969376 L 161.49577,75.247426 L 161.80517,75.247426 L 162.2521,75.969376 L 162.52712,75.969376 L 162.04582,75.247426 C 162.29078,75.216382 162.49274,75.06625 162.49274,74.766128 C 162.49273,74.438393 162.30159,74.319207 161.90832,74.319207 L 161.25512,74.319207 z M 161.49577,74.525479 L 161.83955,74.525479 C 162.0155,74.525467 162.21771,74.562596 162.21771,74.766128 C 162.21
 773,75.02142 162.01906,75.041156 161.80517,75.041156 L 161.49577,75.041156 L 161.49577,74.525479 z"
+         id="path650" />
+      <path
+         d="M 63.115808,76.090895 C 60.810796,75.504093 58.522203,75.797079 56.285026,76.486064 C 56.010655,76.526189 56.159301,76.830359 56.114355,76.953441 C 56.240389,77.319727 56.032958,77.717522 54.998429,77.944646 C 53.465014,78.282048 52.496128,79.864039 51.942103,80.389181 C 51.290927,81.007536 49.45293,81.388262 49.729943,81.01935 C 49.946565,80.730522 50.773662,79.83253 51.276485,78.861018 C 51.726795,77.99322 52.127215,77.746405 52.678614,76.919305 C 52.841408,76.676428 53.46764,75.824385 53.650127,75.149578 C 53.854932,74.490525 53.786663,73.663427 53.865435,73.323398 C 53.97834,72.83239 54.440465,71.767665 54.477226,71.166377 C 54.496918,70.825035 53.056716,71.650821 52.372719,71.650821 C 51.688722,71.650821 51.024417,71.242523 50.412627,71.21364 C 49.657736,71.17688 49.17198,71.795235 48.489295,71.68758 C 48.098065,71.625877 47.769852,71.281909 47.087167,71.255652 C 46.115654,71.220205 44.928834,71.795235 42.698294,71.724341 C 40.507139,71.653447 38.480092,68.9
 52905 38.204394,68.523601 C 37.880118,68.019465 37.484949,68.019465 37.054333,68.414634 C 36.622404,68.809804 36.090697,68.498657 35.939718,68.234773 C 35.652203,67.73195 34.882871,66.258927 33.692111,65.951719 C 32.044479,65.523729 31.210817,66.864153 31.31847,67.928878 C 31.427438,69.010669 32.127189,69.31394 32.451465,69.887656 C 32.77574,70.462687 32.94116,70.834225 33.54901,71.088919 C 33.980939,71.267467 34.142421,71.53529 34.013762,71.888448 C 33.900856,72.198281 33.451859,72.269175 33.156467,72.282304 C 31.933813,72.291845 31.468231,71.67907 30.76576,70.807968 C 30.388969,70.188301 29.79556,69.919166 29.103685,69.919166 C 28.774159,69.919166 28.465638,70.005814 28.191252,70.147603 C 27.106833,70.710817 25.817611,71.045595 24.429922,71.045595 L 22.863688,71.045595 C 22.102232,68.784859 21.688683,66.365268 21.688683,63.847213 C 21.688683,51.409229 31.770093,41.32782 44.208077,41.32782 C 56.646061,41.32782 66.72747,51.410542 66.72747,63.847213 C 66.730097,68.36212 65.40
 1488,72.565881 63.115808,76.090895 z M 49.170707,74.025807 C 49.286239,74.138712 49.485793,74.518127 49.241602,75.001258 C 49.105065,75.257265 48.956712,75.437126 48.694141,75.647183 C 48.37643,75.900564 47.758075,76.194643 46.908658,75.65506 C 46.451785,75.364919 46.424215,75.267768 45.794044,75.349165 C 45.343735,75.408243 45.163874,74.953995 45.326668,74.575893 C 45.488149,74.199104 46.152454,73.893208 46.980865,74.378965 C 47.353716,74.598211 47.932685,75.059024 48.44076,74.649413 C 48.65213,74.481367 48.778164,74.368462 49.069618,74.031058 C 49.082746,74.015304 49.101126,74.007427 49.122132,74.007427 C 49.140512,74.007427 49.157579,74.013991 49.170707,74.025807 z"
+         id="path632" />
+      <path
+         d="M 63.115853,76.089615 C 65.401534,72.564599 66.72883,68.36215 66.72883,63.849868 C 66.72883,51.411879 56.647417,41.330466 44.209428,41.330466 C 31.77144,41.330466 21.690027,51.413192 21.690027,63.849868 C 21.690027,66.367923 22.103576,68.787515 22.865032,71.046939 C 25.868844,79.95466 34.290809,86.367957 44.209428,86.367957 C 52.133821,86.367957 59.101143,82.275788 63.115853,76.089615 z"
+         style="fill:none"
+         id="path646" />
+      <path
+         d="M 56.917822,57.857972 C 56.694636,58.606299 56.378238,59.562056 54.970858,60.285439 C 54.766053,60.390468 54.687282,60.218483 54.781807,60.057003 C 55.313513,59.151133 55.409352,58.925322 55.562956,58.568226 C 55.779577,58.047022 55.892482,57.303946 55.463179,55.754779 C 54.615075,52.707643 52.849285,48.633855 51.564001,47.31181 C 50.32598,46.037029 48.079686,45.677306 46.050011,46.19851 C 45.302998,46.390186 43.839164,47.151642 41.126807,46.539852 C 36.433353,45.483004 35.738853,47.833013 35.468405,48.857041 C 35.197956,49.881066 34.552032,52.791666 34.552032,52.791666 C 34.33541,53.977174 34.05446,56.038354 41.342116,57.426043 C 44.737158,58.071966 44.910455,58.950266 45.060119,59.58175 C 45.329254,60.712117 45.761183,61.360667 46.245627,61.682316 C 46.731383,62.006591 46.245627,62.274414 45.707356,62.329554 C 44.260592,62.480532 38.917273,60.947118 35.754607,59.151133 C 33.168283,57.570457 33.124958,56.147322 33.717056,54.939495 C 29.808689,54.516756 26.877084
 ,55.304469 26.345378,57.155594 C 25.431631,60.330077 33.324513,65.752165 42.311003,68.473712 C 51.741236,71.329172 61.440606,69.336258 62.519772,63.40872 C 63.012093,60.71343 60.74348,58.721829 56.917822,57.857972 z M 42.458041,52.053841 C 39.857276,52.241579 39.586829,52.52253 39.099759,53.041108 C 38.411824,53.772368 37.507268,52.090601 37.507268,52.090601 C 36.965059,51.976382 36.306006,51.100708 36.661789,50.2828 C 37.012321,49.474082 37.658246,49.71696 37.860425,49.969029 C 38.107242,50.274923 38.633697,50.777747 39.315068,50.759366 C 39.997753,50.7423 40.785465,50.597886 41.884324,50.597886 C 42.998938,50.597886 43.745953,51.014061 43.789276,51.371156 C 43.823411,51.675739 43.698689,51.964567 42.458041,52.053841 z M 45.191406,47.754243 C 45.187466,47.754243 45.183528,47.755556 45.179589,47.755556 C 45.138891,47.755556 45.107383,47.72536 45.107383,47.687287 C 45.107383,47.659717 45.123137,47.636085 45.14808,47.625583 C 45.652218,47.359073 46.404482,47.147704 47.265715,4
 7.059743 C 47.524347,47.032172 47.776416,47.019045 48.019294,47.016418 C 48.062617,47.016418 48.103316,47.016418 48.147954,47.017731 C 49.592094,47.04924 50.746092,47.622957 50.729025,48.299078 C 50.711958,48.973884 49.527763,49.495088 48.084936,49.46358 C 47.617561,49.453076 47.179067,49.384807 46.800965,49.275842 C 46.756328,49.264025 46.723506,49.225952 46.723506,49.181315 C 46.723506,49.135365 46.756328,49.097292 46.802278,49.08679 C 47.702895,48.878046 48.310747,48.538016 48.268737,48.215055 C 48.212283,47.788376 47.03334,47.557315 45.637776,47.696476 C 45.484171,47.713544 45.334507,47.733237 45.191406,47.754243 z"
+         style="fill:#cc0000"
+         id="path648" />
+      <use
+         transform="translate(-94.61853,1.913321)"
+         id="use4312"
+         x="0"
+         y="0"
+         width="744.09448"
+         height="1052.3622"
+         xlink:href="#path650" />
+    </g>
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/rhlogo.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/rhlogo.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/rhlogo.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/shade.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/shade.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/shine.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png
copy to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/shine.png
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-back.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-back.png
new file mode 100644
index 0000000..8160290
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-back.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-forward.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-forward.png
new file mode 100644
index 0000000..be86474
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-forward.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-up.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-up.png
new file mode 100644
index 0000000..52a31ed
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-go-up.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-home.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-home.png
new file mode 100644
index 0000000..b9ce2b8
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/stock-home.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.svg
new file mode 100644
index 0000000..1001776
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/title_logo.svg
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="140"
+   id="svg2812"
+   sodipodi:version="0.32"
+   inkscape:version="0.45+devel"
+   version="1.0"
+   sodipodi:docname="redhat-logo.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     inkscape:document-units="mm"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="174.26394"
+     inkscape:cy="40.358463"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="722"
+     inkscape:window-height="523"
+     inkscape:window-x="71"
+     inkscape:window-y="636"
+     width="300px"
+     height="140px" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-13.714282,-252.57246)">
+    <g
+       transform="matrix(2.1166666,0,0,2.1166666,-32.193429,187.76029)"
+       id="shadowman">
+      <path
+         d="M 55.68466,68.503937 C 55.68466,79.688581 46.617715,88.755526 35.433071,88.755526 C 24.248427,88.755526 15.181482,79.688581 15.181482,68.503937 C 15.181482,57.319293 24.248427,48.252348 35.433071,48.252348 C 46.617715,48.252348 55.68466,57.319293 55.68466,68.503937 z"
+         transform="matrix(1.10693,0,0,1.10693,5.005761,-12.00975)"
+         style="fill:#ffffff"
+         id="path4548" />
+      <path
+         d="M 147.81332,72.126073 C 147.81332,73.329962 147.86057,74.57586 148.03519,75.740362 L 146.64882,75.740362 L 146.42826,73.559712 L 146.35605,73.559712 C 145.61822,74.733404 143.92333,76.086957 141.50635,76.086957 C 138.4461,76.086957 137.02164,73.933874 137.02164,71.904202 C 137.02164,68.394942 140.11998,66.27862 146.30878,66.34295 L 146.30878,65.937278 C 146.30878,64.432747 146.01471,61.431561 142.41879,61.45388 C 141.08756,61.45388 139.70118,61.810976 138.5997,62.588186 L 138.1205,61.494579 C 139.51083,60.551948 141.20703,60.180411 142.58291,60.180411 C 146.97178,60.180411 147.81201,63.475677 147.81201,66.194597 L 147.81201,72.126073 L 147.81332,72.126073 z M 146.30878,67.609855 C 142.99645,67.514016 138.62333,68.015527 138.62333,71.667888 C 138.62333,73.853791 140.06616,74.835806 141.65077,74.835806 C 144.1859,74.835806 145.62742,73.266945 146.15124,71.786044 C 146.26152,71.460456 146.3101,71.134869 146.3101,70.874924 L 146.3101,67.609855 L 146.30878,67.609855 z
  M 153.80387,57.175286 L 153.80387,60.527004 L 158.13891,60.527004 L 158.13891,61.747959 L 153.80387,61.747959 L 153.80387,71.635066 C 153.80387,73.568902 154.40385,74.780665 156.03835,74.780665 C 156.82343,74.780665 157.37877,74.676951 157.76606,74.541727 L 157.94856,75.707542 C 157.45754,75.912347 156.76567,76.072514 155.84798,76.072514 C 154.73862,76.072514 153.81831,75.723296 153.22358,74.994662 C 152.53566,74.195133 152.29934,72.917726 152.29934,71.365932 L 152.29934,61.746646 L 149.7314,61.746646 L 149.7314,60.525692 L 152.29934,60.525692 L 152.29934,57.729312 L 153.80387,57.175286 z M 129.02767,60.179099 C 127.87105,60.179099 126.8339,60.512563 125.96348,61.052146 C 125.05891,61.581226 124.3224,62.399135 123.88522,63.247239 L 123.8222,63.247239 L 123.8222,55.719331 L 122.31767,55.309721 L 122.31767,75.740362 L 123.8222,75.740362 L 123.8222,66.437475 C 123.8222,65.819121 123.86947,65.39113 124.02832,64.938196 C 124.67818,63.046372 126.45974,61.493265 128.61545,61.49326
 5 C 131.72953,61.493265 132.80739,63.990315 132.80739,66.730242 L 132.80739,75.73905 L 134.31191,75.73905 L 134.31191,66.564822 C 134.31191,60.899855 130.4692,60.179099 129.02767,60.179099 z"
+         id="path620" />
+      <path
+         d="M 78.208384,65.270348 C 78.208384,63.205228 78.16506,61.686255 78.08235,60.311696 L 81.460325,60.311696 L 81.604739,63.240675 L 81.713705,63.240675 C 82.473849,61.069213 84.273772,59.961164 85.938472,59.961164 C 86.319199,59.961164 86.541071,59.976918 86.853532,60.045187 L 86.853532,63.719867 C 86.488557,63.648972 86.147215,63.609587 85.677213,63.609587 C 83.819525,63.609587 82.528988,64.792469 82.181081,66.560884 C 82.115438,66.904852 82.079992,67.318401 82.079992,67.738514 L 82.079992,75.73905 L 78.176875,75.73905 L 78.208384,65.270348 z M 91.56274,69.076313 C 91.666455,71.871381 93.83004,73.093647 96.328402,73.093647 C 98.123074,73.093647 99.405732,72.814009 100.58599,72.379455 L 101.16365,75.064243 C 99.842914,75.623519 98.010169,76.042319 95.771752,76.042319 C 90.763211,76.042319 87.82767,72.949234 87.82767,68.220332 C 87.82767,63.961432 90.411366,59.933594 95.372644,59.933594 C 100.38906,59.933594 102.02225,64.059896 102.02225,67.436558 C 102.02225,68.16256
 6 101.95792,68.744161 101.88309,69.103883 L 91.56274,69.076313 z M 98.348885,66.358704 C 98.365952,64.929006 97.743659,62.59869 95.129766,62.59869 C 92.728556,62.59869 91.730785,64.778027 91.554863,66.358704 L 98.348885,66.358704 z M 118.82942,54.363153 L 114.93024,53.307617 L 114.93024,61.97377 L 114.8659,61.97377 C 114.17665,60.834212 112.65375,59.962477 110.54268,59.962477 C 106.83386,59.962477 103.60162,63.033244 103.62656,68.201952 C 103.62656,72.945296 106.54372,76.086957 110.22759,76.086957 C 112.45288,76.086957 114.31582,75.024857 115.23745,73.297141 L 115.30703,73.297141 L 115.48164,75.73905 L 118.95675,75.73905 C 118.88586,74.690078 118.82809,72.991246 118.82809,71.411881 L 118.82809,54.363153 L 118.82942,54.363153 z M 114.92893,69.050056 C 114.92893,69.459667 114.90136,69.840395 114.81077,70.189614 C 114.41823,71.877945 113.0371,72.966301 111.44198,72.966301 C 108.98563,72.966301 107.57957,70.894617 107.57957,68.060164 C 107.57957,65.198141 108.97382,62.983355 111
 .48662,62.983355 C 113.2406,62.983355 114.49568,64.220064 114.84228,65.72197 C 114.90922,66.038368 114.92893,66.428286 114.92893,66.738119 L 114.92893,69.050056 L 114.92893,69.050056 z"
+         id="path616" />
+      <path
+         d="M 161.80517,73.528501 C 160.90479,73.528501 160.18937,74.243893 160.18939,75.144292 C 160.18939,76.044668 160.90478,76.760094 161.80517,76.760081 C 162.70554,76.760081 163.42095,76.041202 163.42097,75.144292 C 163.42097,74.24046 162.70554,73.528501 161.80517,73.528501 z M 161.80517,73.803529 C 162.54687,73.803529 163.14594,74.402585 163.14593,75.144292 C 163.14593,75.882533 162.54342,76.485053 161.80517,76.485053 C 161.06348,76.485053 160.46441,75.882523 160.46441,75.144292 C 160.46441,74.402596 161.06346,73.80354 161.80517,73.803529 z M 161.25512,74.319207 L 161.25512,75.969376 L 161.49577,75.969376 L 161.49577,75.247426 L 161.80517,75.247426 L 162.2521,75.969376 L 162.52712,75.969376 L 162.04582,75.247426 C 162.29078,75.216382 162.49274,75.06625 162.49274,74.766128 C 162.49273,74.438393 162.30159,74.319207 161.90832,74.319207 L 161.25512,74.319207 z M 161.49577,74.525479 L 161.83955,74.525479 C 162.0155,74.525467 162.21771,74.562596 162.21771,74.766128 C 162.21
 773,75.02142 162.01906,75.041156 161.80517,75.041156 L 161.49577,75.041156 L 161.49577,74.525479 z"
+         id="path650" />
+      <path
+         d="M 63.115808,76.090895 C 60.810796,75.504093 58.522203,75.797079 56.285026,76.486064 C 56.010655,76.526189 56.159301,76.830359 56.114355,76.953441 C 56.240389,77.319727 56.032958,77.717522 54.998429,77.944646 C 53.465014,78.282048 52.496128,79.864039 51.942103,80.389181 C 51.290927,81.007536 49.45293,81.388262 49.729943,81.01935 C 49.946565,80.730522 50.773662,79.83253 51.276485,78.861018 C 51.726795,77.99322 52.127215,77.746405 52.678614,76.919305 C 52.841408,76.676428 53.46764,75.824385 53.650127,75.149578 C 53.854932,74.490525 53.786663,73.663427 53.865435,73.323398 C 53.97834,72.83239 54.440465,71.767665 54.477226,71.166377 C 54.496918,70.825035 53.056716,71.650821 52.372719,71.650821 C 51.688722,71.650821 51.024417,71.242523 50.412627,71.21364 C 49.657736,71.17688 49.17198,71.795235 48.489295,71.68758 C 48.098065,71.625877 47.769852,71.281909 47.087167,71.255652 C 46.115654,71.220205 44.928834,71.795235 42.698294,71.724341 C 40.507139,71.653447 38.480092,68.9
 52905 38.204394,68.523601 C 37.880118,68.019465 37.484949,68.019465 37.054333,68.414634 C 36.622404,68.809804 36.090697,68.498657 35.939718,68.234773 C 35.652203,67.73195 34.882871,66.258927 33.692111,65.951719 C 32.044479,65.523729 31.210817,66.864153 31.31847,67.928878 C 31.427438,69.010669 32.127189,69.31394 32.451465,69.887656 C 32.77574,70.462687 32.94116,70.834225 33.54901,71.088919 C 33.980939,71.267467 34.142421,71.53529 34.013762,71.888448 C 33.900856,72.198281 33.451859,72.269175 33.156467,72.282304 C 31.933813,72.291845 31.468231,71.67907 30.76576,70.807968 C 30.388969,70.188301 29.79556,69.919166 29.103685,69.919166 C 28.774159,69.919166 28.465638,70.005814 28.191252,70.147603 C 27.106833,70.710817 25.817611,71.045595 24.429922,71.045595 L 22.863688,71.045595 C 22.102232,68.784859 21.688683,66.365268 21.688683,63.847213 C 21.688683,51.409229 31.770093,41.32782 44.208077,41.32782 C 56.646061,41.32782 66.72747,51.410542 66.72747,63.847213 C 66.730097,68.36212 65.40
 1488,72.565881 63.115808,76.090895 z M 49.170707,74.025807 C 49.286239,74.138712 49.485793,74.518127 49.241602,75.001258 C 49.105065,75.257265 48.956712,75.437126 48.694141,75.647183 C 48.37643,75.900564 47.758075,76.194643 46.908658,75.65506 C 46.451785,75.364919 46.424215,75.267768 45.794044,75.349165 C 45.343735,75.408243 45.163874,74.953995 45.326668,74.575893 C 45.488149,74.199104 46.152454,73.893208 46.980865,74.378965 C 47.353716,74.598211 47.932685,75.059024 48.44076,74.649413 C 48.65213,74.481367 48.778164,74.368462 49.069618,74.031058 C 49.082746,74.015304 49.101126,74.007427 49.122132,74.007427 C 49.140512,74.007427 49.157579,74.013991 49.170707,74.025807 z"
+         id="path632" />
+      <path
+         d="M 63.115853,76.089615 C 65.401534,72.564599 66.72883,68.36215 66.72883,63.849868 C 66.72883,51.411879 56.647417,41.330466 44.209428,41.330466 C 31.77144,41.330466 21.690027,51.413192 21.690027,63.849868 C 21.690027,66.367923 22.103576,68.787515 22.865032,71.046939 C 25.868844,79.95466 34.290809,86.367957 44.209428,86.367957 C 52.133821,86.367957 59.101143,82.275788 63.115853,76.089615 z"
+         style="fill:none"
+         id="path646" />
+      <path
+         d="M 56.917822,57.857972 C 56.694636,58.606299 56.378238,59.562056 54.970858,60.285439 C 54.766053,60.390468 54.687282,60.218483 54.781807,60.057003 C 55.313513,59.151133 55.409352,58.925322 55.562956,58.568226 C 55.779577,58.047022 55.892482,57.303946 55.463179,55.754779 C 54.615075,52.707643 52.849285,48.633855 51.564001,47.31181 C 50.32598,46.037029 48.079686,45.677306 46.050011,46.19851 C 45.302998,46.390186 43.839164,47.151642 41.126807,46.539852 C 36.433353,45.483004 35.738853,47.833013 35.468405,48.857041 C 35.197956,49.881066 34.552032,52.791666 34.552032,52.791666 C 34.33541,53.977174 34.05446,56.038354 41.342116,57.426043 C 44.737158,58.071966 44.910455,58.950266 45.060119,59.58175 C 45.329254,60.712117 45.761183,61.360667 46.245627,61.682316 C 46.731383,62.006591 46.245627,62.274414 45.707356,62.329554 C 44.260592,62.480532 38.917273,60.947118 35.754607,59.151133 C 33.168283,57.570457 33.124958,56.147322 33.717056,54.939495 C 29.808689,54.516756 26.877084
 ,55.304469 26.345378,57.155594 C 25.431631,60.330077 33.324513,65.752165 42.311003,68.473712 C 51.741236,71.329172 61.440606,69.336258 62.519772,63.40872 C 63.012093,60.71343 60.74348,58.721829 56.917822,57.857972 z M 42.458041,52.053841 C 39.857276,52.241579 39.586829,52.52253 39.099759,53.041108 C 38.411824,53.772368 37.507268,52.090601 37.507268,52.090601 C 36.965059,51.976382 36.306006,51.100708 36.661789,50.2828 C 37.012321,49.474082 37.658246,49.71696 37.860425,49.969029 C 38.107242,50.274923 38.633697,50.777747 39.315068,50.759366 C 39.997753,50.7423 40.785465,50.597886 41.884324,50.597886 C 42.998938,50.597886 43.745953,51.014061 43.789276,51.371156 C 43.823411,51.675739 43.698689,51.964567 42.458041,52.053841 z M 45.191406,47.754243 C 45.187466,47.754243 45.183528,47.755556 45.179589,47.755556 C 45.138891,47.755556 45.107383,47.72536 45.107383,47.687287 C 45.107383,47.659717 45.123137,47.636085 45.14808,47.625583 C 45.652218,47.359073 46.404482,47.147704 47.265715,4
 7.059743 C 47.524347,47.032172 47.776416,47.019045 48.019294,47.016418 C 48.062617,47.016418 48.103316,47.016418 48.147954,47.017731 C 49.592094,47.04924 50.746092,47.622957 50.729025,48.299078 C 50.711958,48.973884 49.527763,49.495088 48.084936,49.46358 C 47.617561,49.453076 47.179067,49.384807 46.800965,49.275842 C 46.756328,49.264025 46.723506,49.225952 46.723506,49.181315 C 46.723506,49.135365 46.756328,49.097292 46.802278,49.08679 C 47.702895,48.878046 48.310747,48.538016 48.268737,48.215055 C 48.212283,47.788376 47.03334,47.557315 45.637776,47.696476 C 45.484171,47.713544 45.334507,47.733237 45.191406,47.754243 z"
+         style="fill:#cc0000"
+         id="path648" />
+      <use
+         transform="translate(-94.61853,1.913321)"
+         id="use4312"
+         x="0"
+         y="0"
+         width="744.09448"
+         height="1052.3622"
+         xlink:href="#path650" />
+    </g>
+  </g>
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/warning.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/warning.png
new file mode 100644
index 0000000..3745cf6
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/warning.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/warning.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/warning.svg
new file mode 100644
index 0000000..484138d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/warning.svg
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="48"
+   height="48"
+   id="svg2">
+  <defs
+     id="defs5" />
+  <path
+     d="M 26.553837,7.3026447 C 25.283816,5.0882437 23.199663,5.0882437 21.945919,7.3026447 L 3.9376032,38.711367 C 2.6675727,40.925778 3.7259346,42.749404 6.2822626,42.749404 L 42.217493,42.749404 C 44.77383,42.749404 45.832183,40.925778 44.545876,38.711367 L 26.553837,7.3026447 z "
+     style="fill:#2e3436;fill-opacity:1;stroke:#2e3436;stroke-width:4.7150631;stroke-miterlimit:4;stroke-dasharray:none"
+     id="use2812" />
+  <path
+     d="M 26.553837,7.3026447 C 25.283816,5.0882437 23.199663,5.0882437 21.945919,7.3026447 L 3.9376032,38.711367 C 2.6675727,40.925778 3.7259346,42.749404 6.2822626,42.749404 L 42.217493,42.749404 C 44.77383,42.749404 45.832183,40.925778 44.545876,38.711367 L 26.553837,7.3026447 z "
+     style="fill:#fde8a6;fill-opacity:1;stroke-width:4;stroke-miterlimit:4;stroke-dasharray:none"
+     id="path4309" />
+  <path
+     d="M 26.220057,12.491166 C 25.133792,10.597163 23.351196,10.597163 22.278859,12.491166 L 6.8761436,39.355379 C 5.789878,41.249382 6.6951041,42.809153 8.8815542,42.809153 L 39.617353,42.809153 C 41.803812,42.809153 42.709038,41.249382 41.608844,39.355379 L 26.220057,12.491166 z "
+     style="fill:#fac521;fill-opacity:1"
+     id="path2991" />
+  <path
+     d="M 28.470282,37.445157 C 28.470282,38.878008 27.2491,39.952646 25.392902,39.952646 L 25.36034,39.952646 C 23.520438,39.952646 22.282969,38.878008 22.282969,37.445157 C 22.282969,35.947181 23.553,34.921391 25.392902,34.921391 C 27.216538,34.921391 28.437711,35.947181 28.470282,37.445157 z M 28.144632,33.146613 L 29.21927,19.990446 L 21.517696,19.990446 L 22.592334,33.146613 L 28.144632,33.146613 z "
+     style="fill:#fef2cb;fill-opacity:1;stroke:#fef2cb;stroke-width:0.9430126;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+     id="path4468" />
+  <path
+     d="M 27.089325,36.371084 C 27.089325,37.803935 25.868143,38.878574 24.011955,38.878574 L 23.979392,38.878574 C 22.139481,38.878574 20.902022,37.803935 20.902022,36.371084 C 20.902022,34.873109 22.172043,33.847319 24.011955,33.847319 C 25.835581,33.847319 27.056763,34.873109 27.089325,36.371084 z M 26.763675,32.072531 L 27.838313,18.916364 L 20.136748,18.916364 L 21.211386,32.072531 L 26.763675,32.072531 z "
+     style="fill:#2e3436"
+     id="path4470" />
+</svg>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/watermark-draft.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..e3a9852
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/yellow.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_AIX.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_AIX.html
new file mode 100644
index 0000000..e667fd5
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_AIX.html
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5. Configuring an AIX System as an IPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_HP_UX.html" title="3.4. Configuring an HP-UX System as an IPA" /><link rel="next" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html" title="3.6. Configuring a Macintosh OS X System as an IPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a 
 accesskey="p" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_AIX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_AIX">3.5. Configuring an AIX System as an IPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure AIX as an IPA client.
+		</div><div class="para">
+			Before starting the IPA installation, update your system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The IPA client installation process requires that an IPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Prerequisites"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Prerequisites">3.5.1. Prerequisites</h3></div></div></div><div class="para">
+				Before you begin the configuration, ensure that the following software is installed and up to date. This can be installed from your AIX media:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						v5.3 OS
+					</div></li><li class="listitem"><div class="para">
+						v5.3 Updates
+					</div></li><li class="listitem"><div class="para">
+						krb5 client packages
+					</div></li><li class="listitem"><div class="para">
+						openssh
+					</div></li><li class="listitem"><div class="para">
+						wget
+					</div></li><li class="listitem"><div class="para">
+						bash
+					</div></li><li class="listitem"><div class="para">
+						krb5 server
+					</div></li><li class="listitem"><div class="para">
+						ldap.client
+					</div></li><li class="listitem"><div class="para">
+						openssl
+					</div></li><li class="listitem"><div class="para">
+						modcrypt.base (for gssd)
+					</div></li></ul></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">3.5.2. Configuring Client Authentication</h3></div></div></div><div class="para">
+				Before you begin the following procedures, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the IPA master.
+			</div><div class="para">
+				The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Configure the krb5 client settings as follows:
+					</div><div class="para">
+						<code class="command"># mkkrb5clnt -r EXAMPLE.COM -d example.com -c ipaclient.example.com -s ipaserver.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Get a Kerberos ticket:
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure the LDAP client settings as follows:
+					</div><div class="para">
+						<code class="command"># mksecldap -c -h ipaserver.example.com -d cn=accounts,dc=example,dc=com -a uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com -p secret</code>
+					</div></li><li class="listitem"><div class="para">
+						In the <code class="filename">/etc/security/ldap</code> directory, create the following map files:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								IPAuser.map
+							</div><pre class="programlisting">#IPAuser.map file
+keyobjectclass  SEC_CHAR        posixaccount    s
+
+# The following attributes are required by AIX to be functional
+username        SEC_CHAR        uid     s
+id      SEC_INT uidnumber       s
+pgrp    SEC_CHAR        gidnumber       s
+home    SEC_CHAR        homedirectory   s
+shell   SEC_CHAR        loginshell      s
+gecos   SEC_CHAR        gecos   s
+spassword       SEC_CHAR        userpassword    s
+lastupdate      SEC_INT shadowlastchange        s
+</pre></li><li class="listitem"><div class="para">
+								IPAgroup.map
+							</div><pre class="programlisting">#IPAgroup.map file
+groupname       SEC_CHAR        cn      s
+id      SEC_INT gidNumber       s
+users   SEC_LIST        member  m
+</pre></li></ul></div></li><li class="listitem"><div class="para">
+						Modify the <code class="filename">/etc/security/ldap/ldap.cfg</code> file as follows. Remember to specify your own REALM and basedn values.
+					</div><pre class="programlisting">userbasedn:cn=users,cn=accounts,dc=example,dc=com
+groupbasedn:cn=groups,cn=accounts,dc=example,dc=com
+
+userattrmappath:/etc/security/ldap/IPAuser.map
+groupattrmappath:/etc/security/ldap/IPAgroup.map
+
+userclasses:posixaccount
+</pre></li><li class="listitem"><div class="para">
+						Start the LDAP client daemon:
+					</div><div class="para">
+						<code class="command"># start-secldapclntd</code>
+					</div></li><li class="listitem"><div class="para">
+						Test the LDAP client connection to the IPA server:
+					</div><div class="para">
+						<code class="command"># lsldap -a passwd </code>
+					</div></li><li class="listitem"><div class="para">
+						Add the following sections to the <code class="filename">/usr/lib/security/methods.cfg</code> file to configure the system login to use Kerberos and LDAP: 
+<pre class="programlisting">KRB5A:
+program = /usr/lib/security/KRB5A
+program_64 = /usr/lib/security/KRB5A_64
+options = authonly
+
+LDAP:
+program = /usr/lib/security/LDAP
+program_64 =/usr/lib/security/LDAP64
+
+KRB5ALDAP:
+options = auth=KRB5A,db=LDAP
+</pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Edit the <code class="filename">/etc/security/user</code> file, and modify the "default" section as follows: 
+<pre class="programlisting">SYSTEM = "KRB5ALDAP"
+registry = LDAP
+</pre>
+
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">3.5.3. Configuring Client SSH Access</h3></div></div></div><div class="para">
+				You can also configure the IPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. After configuring the IPA client, use the following procedure to configure the IPA client for SSH connections. Remember to replace the example host and domain names with your own host and domain name.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						SSH syslog configuration:
+					</div><pre class="programlisting">auth.info       /var/log/sshd.log
+auth.info       /var/log/sshd.log
+auth.crit       /var/log/sshd.log
+auth.warn       /var/log/sshd.log
+auth.notice     /var/log/sshd.log
+auth.err        /var/log/sshd.log
+</pre></li><li class="listitem"><div class="para">
+						SSH logging configuration:
+					</div><pre class="programlisting">SyslogFacility AUTH
+LogLevel INFO
+</pre></li><li class="listitem"><div class="para">
+						Configure sshd for GSSAPI (<code class="filename">/etc/ssh/sshd_config</code>)
+					</div><pre class="programlisting"># GSSAPI options
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+</pre></li><li class="listitem"><div class="para">
+						Restart sshd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s sshd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s sshd</code>
+					</div></li><li class="listitem"><div class="para">
+						Restart syslogd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s syslogd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s syslogd</code>
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ipa-admintools</span> package is not available for AIX. Consequently, you need to perform the following steps on the IPA server.
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/ipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the host keytab.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver -p host/ipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc </code>
+							</div></li><li class="listitem"><div class="para">
+								Copy the keytab from the server to the client.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at ipaclient.example.com:/tmp/krb5.keytab </code>
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						On the IPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab.
+					</div><pre class="screen"># ktutil
+ktutil: read_kt /tmp/krb5.keytab
+ktutil: write_kt /etc/krb5/krb5.keytab
+ktutil: q
+</pre></li><li class="listitem"><div class="para">
+						Add a user that is only used for authentication. (This can be substituted with krb5 auth if that works from the ldap client). Otherwise go to the IPA server and use <code class="command">ldapmodify</code>, bind as Directory Manager and create this user.
+					</div><pre class="programlisting">dn: uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com
+objectClass: account
+objectClass: simplesecurityobject
+objectClass: top
+uid: nss
+userPassword: Your own shared password here
+</pre></li><li class="listitem"><div class="para">
+						On the IPA server, get a ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin </code>
+					</div></li></ol></div><div class="para">
+				You should be able to log in as admin using SSH without providing a password.
+			</div><div class="para">
+				<code class="command"> # ssh admin at ipaclient.example.com </code>
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login">3.5.4. Testing System Login</h3></div></div></div><div class="para">
+				After you have completed the steps in <a class="xref" href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">Section 3.5.2, “Configuring Client Authentication”</a> and <a class="xref" href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">Section 3.5.3, “Configuring Client SSH Access”</a>, you should be able to log in as an IPA user on the AIX machine. Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="para">
+				On the system console, log in as an IPA user. After you have logged in, open a shell and run the following command:
+			</div><div class="para">
+				<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link <code class="command">sh</code> to <code class="command">/bin/bash</code> or modify admin to use <code class="command">/bin/sh</code> or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Prev</strong>3.4. Configuring an HP-UX System as an IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Next</strong>3.6. Configuring a Macintosh OS X System as an IP...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_HP_UX.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_HP_UX.html
new file mode 100644
index 0000000..9e3de39
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_HP_UX.html
@@ -0,0 +1,425 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4. Configuring an HP-UX System as an IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_Solaris.html" title="3.3. Configuring a Solaris System as an IPA Client" /><link rel="next" href="Configuring_an_IPA_Client_on_AIX.html" title="3.5. Configuring an AIX System as an IPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="
 p" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_HP_UX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_HP_UX">3.4. Configuring an HP-UX System as an IPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure HP-UX as an IPA client. It also includes some verification tests to ensure that the configuration is working correctly.
+		</div><div class="para">
+			Before starting the IPA installation, ensure that you update your system with all the latest packages.
+		</div><div class="para">
+			To install an HP-UX client you need administrator privileges in the form of the Directory Manager password. There is no other way to perform the installation.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The IPA client installation process requires that an IPA server already exist.
+			</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP"><h5 class="formalpara">Configuring NTP</h5>
+				Before proceeding with the following configuration steps, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the IPA server.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">3.4.1. Configuring LDAP Authentication</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the ldapux client on the HP-UX 11.23 machine.
+					</div><div class="para">
+						<code class="command"> # swinstall -s J4269AA_B.04.15.01_HP-UX_B.11.23_IA_PA.depot </code>
+					</div></li><li class="listitem"><div class="para">
+						Change to the configuration directory and run the setup script.
+					</div><div class="para">
+						<code class="command"># cd /opt/ldapux/config/</code>
+					</div><div class="para">
+						<code class="command"># ./setup</code>
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							You only need to perform this configuration on the first HP-UX client. All further configurations only need to know where the LDAP profile is stored. All clients will then use the same configuration.
+						</div><div class="para">
+							The HP-UX guide for this procedure is located at <a href="http://docs.hp.com/en/J4269-90075/ch02s07.html">http://docs.hp.com/en/J4269-90075/ch02s07.html</a>
+						</div></div></div><div class="para">
+						The following is a sample output from running the above script:
+					</div><pre class="programlisting">Would you like to continue with the setup? [Yes]
+Select which Directory Server you want to connect to ? [RedHat Directory]
+Directory server host ? [ipaserver.example.com]
+Directory Server port number [389]
+Would you like to extend the printer schema in this directory server? [No]
+Would you like to install PublicKey schema in this directory server? [No]
+Would you like to install the new automount schema ? [No]
+Profile Entry DN: [cn=ldapuxprofile,cn=etc,dc=example,dc=com]
+User DN [cn=Directory Manager]
+Password ? [Directory Manager's Password]
+Authentication method ? [ SIMPLE ]
+Enter the number of the hosts you want to specify [1]
+Default Base DN ? [dc=example,dc=com]
+Accept remaining defaults ? [n]
+Client binding [Anonymous]
+Bind time limit [5 seconds]
+Search time limit [no limit]
+Do you want client searches of the directory to follow referrals? [Yes]
+Profile TTL [0 = infinite]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [Yes]
+Specify the service you want to map? [ 3=Group]
+Specify the attribute you want to map [3 for memberuid ]
+Type the name of the attribute memberuid should be mapped to [member]
+Specify the service you want to map? [ 0 = exit ]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [ no this time ]
+Do you want to create custom search descriptors? [ No ]
+</pre></li><li class="listitem"><div class="para">
+						Ensure that the LDAP client daemon is running.
+					</div><div class="para">
+						<code class="command"># ps -ef | grep ldapclientd</code>
+					</div><div class="para">
+						If necessary, use the following command to start the daemon:
+					</div><div class="para">
+						<code class="command"># /opt/ldapux/bin/ldapclientd</code>
+					</div></li><li class="listitem"><div class="para">
+						Run the following commands to ensure that the LDAP client is working:
+					</div><div class="para">
+						<code class="command"># nsquery passwd admin</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group admins</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						Create a new group on the IPA server.
+					</div><div class="para">
+						<code class="command"> # ipa group-add testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Add a test user to the new group created above.
+					</div><div class="para">
+						<code class="command"> # ipa group-add-member -a testuser testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Run the <code class="command">nsquery</code> commands again to validate the new user and group:
+					</div><div class="para">
+						<code class="command"># nsquery passwd testuser</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group testgroup</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						To ensure that the LDAP client daemon starts when the system boots, add the following lines to the <code class="filename">/etc/opt/ldapux/ldapclientd.conf</code> file: 
+<pre class="programlisting">[StartOnBoot]
+enable=yes
+</pre>
+
+					</div></li></ol></div><div class="para">
+				This concludes the LDAP client configuration.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">3.4.2. Configuring Kerberos and PAM</h3></div></div></div><div class="para">
+				The Kerberos and PAM configuration process is completely manual. Sample configuration files are provided for reference, but you need to edit your own system files to reflect your deployment.
+			</div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos">3.4.2.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Edit the <code class="filename">/etc/krb5.conf</code> file to reflect the following example:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+default_tkt_enctypes = DES-CBC-CRC
+default_tgs_enctypes = DES-CBC-CRC
+ccache_type = 2
+
+[realms]
+EXAMPLE.COM = {
+      kpasswd_server = ipaserver.example.com
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      }
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[appdefaults]
+kinit = {
+      forwardable = true
+      }
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_PAM"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_PAM">3.4.2.2. Configuring PAM</h4></div></div></div><div class="para">
+					The PAM configuration differs slightly between different versions of HP-UX. These configurations are described below.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v2"><h5 class="formalpara">HP-UX 11i v2</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+
+#
+#
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with use_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+# #
+# The module pam_hpsec(5) is stacked as mandatory module above #
+# all the modules for making security checks before #
+# authentication. #
+
+################################################################
+#
+#
+
+# Authentication management
+#
+login auth required libpam_hpsec.so.1
+login auth sufficient libpam_krb5.so.1
+login auth required libpam_unix.so.1 try_first_pass
+su auth required libpam_hpsec.so.1
+su auth sufficient libpam_krb5.so.1
+su auth required libpam_unix.so.1 try_first_pass
+dtlogin auth required libpam_hpsec.so.1
+dtlogin auth sufficient libpam_krb5.so.1
+dtlogin auth required libpam_unix.so.1 try_first_pass
+dtaction auth required libpam_hpsec.so.1
+dtaction auth sufficient libpam_krb5.so.1
+dtaction auth required libpam_unix.so.1 try_first_pass
+ftp auth required libpam_hpsec.so.1
+ftp auth sufficient libpam_krb5.so.1
+ftp auth required libpam_unix.so.1 try_first_pass
+sshd auth required libpam_hpsec.so.1
+sshd auth sufficient libpam_krb5.so.1
+sshd auth required libpam_unix.so.1 try_first_pass
+OTHER auth required libpam_unix.so.1
+#
+
+# Account management
+#
+login account required libpam_hpsec.so.1
+login account sufficient libpam_krb5.so.1
+login account required libpam_unix.so.1
+su account required libpam_hpsec.so.1
+su account sufficient libpam_krb5.so.1
+su account required libpam_unix.so.1
+dtlogin account required libpam_hpsec.so.1
+dtlogin account sufficient libpam_krb5.so.1
+dtlogin account required libpam_unix.so.1
+dtaction account required libpam_hpsec.so.1
+dtaction account sufficient libpam_krb5.so.1
+dtaction account required libpam_unix.so.1
+ftp account required libpam_hpsec.so.1
+ftp account sufficient libpam_krb5.so.1
+ftp account required libpam_unix.so.1
+sshd account required libpam_hpsec.so.1
+sshd account sufficient libpam_krb5.so.1
+sshd account required libpam_unix.so.1
+OTHER account required libpam_unix.so.1
+#
+
+# Session management
+#
+login session required libpam_hpsec.so.1
+login session sufficient libpam_krb5.so.1
+login session required libpam_unix.so.1
+dtlogin session required libpam_hpsec.so.1
+dtlogin session sufficient libpam_krb5.so.1
+dtlogin session required libpam_unix.so.1
+dtaction session required libpam_hpsec.so.1
+dtaction session sufficient libpam_krb5.so.1
+dtaction session required libpam_unix.so.1
+sshd session required libpam_hpsec.so.1
+sshd session sufficient libpam_krb5.so.1
+sshd session required libpam_unix.so.1
+OTHER session required libpam_unix.so.1
+#
+
+# Password management
+#
+login password required libpam_hpsec.so.1
+login password sufficient libpam_krb5.so.1
+login password required libpam_unix.so.1
+passwd password required libpam_hpsec.so.1
+passwd password sufficient libpam_krb5.so.1
+passwd password required libpam_unix.so.1
+dtlogin password required libpam_hpsec.so.1
+dtlogin password sufficient libpam_krb5.so.1
+dtlogin password required libpam_unix.so.1
+dtaction password required libpam_hpsec.so.1
+dtaction password sufficient libpam_krb5.so.1
+dtaction password required libpam_unix.so.1
+OTHER password required libpam_unix.so.1
+</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v1"><h5 class="formalpara">HP-UX 11i v1</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+#
+
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with user_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+
+################################################################
+#
+
+# Authentication management
+#
+login auth sufficient /usr/lib/security/libpam_krb5.1
+login auth required /usr/lib/security/libpam_unix.1 try_first_pass
+su auth sufficient /usr/lib/security/libpam_krb5.1
+su auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtlogin auth sufficient /usr/lib/security/libpam_krb5.1
+dtlogin auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtaction auth sufficient /usr/lib/security/libpam_krb5.1
+dtaction auth required /usr/lib/security/libpam_unix.1 try_first_pass
+ftp auth sufficient /usr/lib/security/libpam_krb5.1
+ftp auth required /usr/lib/security/libpam_unix.1 try_first_pass
+OTHER auth required /usr/lib/security/libpam_unix.1
+#
+
+# Account management
+#
+login account sufficient /usr/lib/security/libpam_krb5.1
+login account required /usr/lib/security/libpam_unix.1
+su account sufficient /usr/lib/security/libpam_krb5.1
+su account required /usr/lib/security/libpam_unix.1
+dtlogin account sufficient /usr/lib/security/libpam_krb5.1
+dtlogin account required /usr/lib/security/libpam_unix.1
+dtaction account sufficient /usr/lib/security/libpam_krb5.1
+dtaction account required /usr/lib/security/libpam_unix.1
+ftp account sufficient /usr/lib/security/libpam_krb5.1
+ftp account required /usr/lib/security/libpam_unix.1
+OTHER account required /usr/lib/security/libpam_unix.1
+#
+
+# Session management
+#
+login session sufficient /usr/lib/security/libpam_krb5.1
+login session required /usr/lib/security/libpam_unix.1
+dtlogin session sufficient /usr/lib/security/libpam_krb5.1
+dtlogin session required /usr/lib/security/libpam_unix.1
+dtaction session sufficient /usr/lib/security/libpam_krb5.1
+dtaction session required /usr/lib/security/libpam_unix.1
+OTHER session required /usr/lib/security/libpam_unix.1
+#
+
+# Password management
+#
+login password sufficient /usr/lib/security/libpam_krb5.1
+login password required /usr/lib/security/libpam_unix.1
+passwd password sufficient /usr/lib/security/libpam_krb5.1
+passwd password required /usr/lib/security/libpam_unix.1
+dtlogin password sufficient /usr/lib/security/libpam_krb5.1
+dtlogin password required /usr/lib/security/libpam_unix.1
+dtaction password sufficient /usr/lib/security/libpam_krb5.1
+dtaction password required /usr/lib/security/libpam_unix.1
+OTHER password required /usr/lib/security/libpam_unix.1
+</pre></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control">3.4.2.3. Configuring Access Control</h4></div></div></div><div class="para">
+					On HP-UX systems a PAM module called pam_authz is available which can be used to control login access to the system based on a user's group membership.
+				</div><div class="para">
+					Refer to the HP-UX documentation on pam_authz for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">3.4.3. Configuring SSH</h3></div></div></div><div class="para">
+				Before you can use SSH to connect to the IPA server without using a password, you need to install a suitable version of <code class="command">ssh</code>, and set up the correct authentication attributes in the SSH configuration file.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Ensure that you have version A.05.10.007 or later of <code class="command">ssh</code> installed. Navigate to the following URL to download a suitable version: 
+<pre class="screen"><a href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA</a></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Make the following changes to the <code class="filename">/etc/opt/ssh/ssh_config</code> file: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Remove any "PreferredAuthentications" entries.
+								</div></li><li class="listitem"><div class="para">
+									Add the following three lines: 
+<pre class="programlisting">Host *
+      GSSAPIAuthentication yes
+      PreferredAuthentications "gssapi-with-mic,publickey,password"
+</pre>
+
+								</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+										Ensure that you include the tab character before the "GSSAPIAuthentication" and "PreferredAuthentications" entries, and the double quotes around the "PreferredAuthentications" argument.
+									</div></div></div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Remove the <code class="filename">/etc/krb5.keytab</code> file.
+					</div></li><li class="listitem"><div class="para">
+						On the IPA server:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the HP-UX client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/hpuxipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Create the host keytab file.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver.example.com -p host/hpuxipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc</code>
+							</div></li><li class="listitem"><div class="para">
+								Copy this keytab to the HP-UX machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at hpuxipaclient.example.com:/etc/krb5/krb5.keytab </code>
+							</div></li></ol></div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">3.4.4. Configuring Access Control</h3></div></div></div><div class="para">
+				HP-UX systems provide a PAM module called pam_authz which can be used to control login access to the system based on a user's group membership. Refer to the following HP-UX pam_authz documentation for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+			</div><div class="para">
+				The following is a sample <code class="filename">/etc/opt/ldapux/pam_authz.policy</code> file: 
+<pre class="programlisting">
+# pam_authz.policy.template:
+#
+# An example file that could be copied over to /etc/opt/ldapux/pam_authz.policy.
+# pam_authz.policy is a local policy file that PAM_AUTHZ would use to help
+# determine which users would be allowed to login to the local host.
+#
+# In this template file, by default, the only active access rule is
+#     "allow:unix_local_user"
+# All the local users are authorized to login.
+#
+# The policy file contains one or more access rule. The format of an access
+# rule is &lt;action&gt;:&lt;type&gt;:&lt;object&gt;
+#
+# where   &lt;action&gt; could be "deny", "allow", "status"
+#                           "PAM_SUCCESS", "PAM_PERM_DENIED", "PAM_MAXTRIES"
+#                           "PAM_AUTH_ERR", "PAM_NEW_AUTHTOK_REQD",
+#                           "PAM_AUTHTOKEN_REQD, "PAM_CRED_INSUFFICIENT",
+#                           "PAM_AUTHINFO_UNAVAIL", "PAM_USER_UNKNOWN"
+#                           "PAM_ACCT_EXPIRED", "PAM_AUTHOK_EXPIRED"
+#
+#                           Note: "status" must use along with "rhds" or
+#                           "ads" &lt;type&gt;.
+#         &lt;type&gt;   could be "unix_user", "unix_local_user", "unix_group",
+#                           "netgroup", ldap_filter", "ldap_group"
+#                           "rhds" or "ads"
+#
+#                           Note: When &lt;type&gt; is set to "rhds" or "ads",
+#                           the &lt;action&gt; filed must set to "status".
+#         &lt;object&gt; contains search information. For example,
+#
+
+deny:unix_group:admins
+allow:unix_local_user
+</pre>
+
+			</div><div class="para">
+				This configuration will prevent the admin user from logging in, but local UNIX users can still log in.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">3.4.5. Testing the Configuration</h3></div></div></div><div class="para">
+				Use the following tests to validate the PAM and Kerberos configuration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client machine, run <code class="command">kinit admin</code> and enter the password.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div><div class="para">
+						<code class="command"># klist</code> (to verify that you received a valid ticket)
+					</div></li><li class="listitem"><div class="para">
+						From another Linux client machine, attempt to log in using SSH.
+					</div><div class="para">
+						<code class="command"> # ssh admin at hpuxipaclient.example.com </code>
+					</div><div class="para">
+						The admin user should be able to log in using SSH without being asked for a password.
+					</div></li></ul></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client console, at the login prompt, enter the Administrator's login ID and password. The admin user should be able to log in from the console.
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link sh to /bin/bash or modify admin to use /bin/sh or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Prev</strong>3.3. Configuring a Solaris System as an IPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Next</strong>3.5. Configuring an AIX System as an IPA Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
new file mode 100644
index 0000000..5667b5e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6. Configuring a Macintosh OS X System as an IPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_AIX.html" title="3.5. Configuring an AIX System as an IPA Client" /><link rel="next" href="basic-usage.html" title="Chapter 4. Basic Usage" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_AIX.html"><str
 ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X">3.6. Configuring a Macintosh OS X System as an IPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure Macintosh OS X as an IPA client. These instructions are specific to Mac OS X 10.4 (Tiger). This version of the OS includes a partial install of the Kerberos tools you need by default, especially if you perform an upgrade from 10.1 or 10.2.
+		</div><div class="para">
+			Before starting the IPA installation, ensure that you update the system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The IPA client installation process requires that an IPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">3.6.1. Configuring Kerberos Authentication</h3></div></div></div><div class="para">
+				The current version of IPA does not provide for automatic configuration of Macintosh clients. Configuring authentication is a manual process, and is described in the following sections.
+			</div><div class="section" id="Configuring_Kerberos_Authentication-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Configuring_Kerberos">3.6.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configuring the Macintosh to use Kerberos for authentication with IPA is a two-step process: First, Kerberos needs to be correctly installed and configured, and second, the Kerberos authentication needs to be enabled.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Ensure that <code class="filename">/System/Library/CFMSupport/Kerberos</code> is version 4.2 or higher. If that directory does not exist or is the wrong version, install the Kerberos Extras support.
+						</div></li><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/System/Library/Coreservices/Kerberos</strong></span>
+						</div></li><li class="listitem"><div class="para">
+							From the <span class="guimenu"><strong>Edit</strong></span> menu, choose <span class="guimenuitem"><strong>Edit Realms</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Settings</strong></span> tab, enter the IPA server's Kerberos realm (for example, EXAMPLE.COM).
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Servers</strong></span> tab, leave two lines, whose hostnames you then need to replace with the IPA server's hostname (for example, ipaserver.example.com):
+						</div><pre class="programlisting">kdc  ipaserver.example.com 88
+admin ipaserver.example.com 749
+</pre></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Domains</strong></span> tab, replace the existing domains with the IPA server's actual domain (such as example.com):
+						</div><pre class="programlisting">.example.com
+example.com
+</pre></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>Make default</strong></span> to create the necessary configuration file, and then close the Kerberos tool.
+						</div><div class="para">
+							This step creates the <code class="filename">/Library/Preferences/edu.mit.kerberos</code> file, and it is recommended that you check this file manually to ensure that it is correct.
+						</div><div class="para">
+							This file should look similar to the following example. Remember to replace the example.com settings with your own IPA server name, Kerberos realm and domain details.
+						</div><pre class="programlisting">[domain_realm]
+example.com = EXAMPLE.COM
+.example.com = .EXAMPLE.COM
+
+[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = true
+dns_lookup_kdc = true
+ticket_lifetime = 24h
+forwardable = yes
+
+[realms]
+EXAMPLE.COM = {
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      kdc = ipaserver.example.com:88
+      }
+</pre></li></ol></div><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">3.6.1.2. Enabling Kerberos Authentication</h4></div></div></div><div class="para">
+					You now need to modify the <code class="filename">/private/etc/authorization</code> file to allow Kerberos authentication.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Log in as the admin user and launch the <span class="application"><strong>/Applications/Utilities/Terminal</strong></span> application.
+						</div></li><li class="listitem"><div class="para">
+							Change to the <code class="filename">/private/etc</code> directory and make a backup of the existing authorization file.
+						</div><div class="para">
+							<code class="command"># cd /private/etc</code>
+						</div><div class="para">
+							<code class="command"># cp -p authorization authorization_bak</code>
+						</div></li><li class="listitem"><div class="para">
+							Open the authorization file, and locate the string "system.login.console".
+						</div></li><li class="listitem"><div class="para">
+							Locate the <em class="parameter"><code>dict</code></em> entry below this string, and then locate the <em class="parameter"><code>mechanisms</code></em> entry.
+						</div></li><li class="listitem"><div class="para">
+							Change <em class="parameter"><code>authinternal</code></em> to <em class="parameter"><code>builtin:krb5authnoverify,privileged</code></em>
+						</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+								Several instances of <em class="parameter"><code>authinternal</code></em> may occur in this file. Ensure that you change the correct instance.
+							</div></div></div></li><li class="listitem"><div class="para">
+							Save and close the file.
+						</div></li><li class="listitem"><div class="para">
+							Restart the machine to enable Kerberos authentication.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">3.6.2. Configuring LDAP Authorization</h3></div></div></div><div class="para">
+				These instructions are specific to Mac OS X 10.4 (Tiger).
+			</div><div class="section" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">3.6.2.1. Creating the LDAP Configuration</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/Applications/Utilities/Directory Access</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Services</strong></span> tab, clear all check boxes except LDAPv3 and Bonjour.
+						</div></li><li class="listitem"><div class="para">
+							Select the <span class="guilabel"><strong>LDAPv3</strong></span> entry and click <span class="guibutton"><strong>Configure</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Ensure the <span class="guilabel"><strong>Add DHCP-supplied LDAP servers</strong></span> check box is not selected.
+						</div></li><li class="listitem"><div class="para">
+							Click the arrow next to the <span class="guilabel"><strong>Show Options</strong></span> label, and then click <span class="guibutton"><strong>New</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Server Name (for example, ipaserver.example.com).
+						</div></li><li class="listitem"><div class="para">
+							Clear the <span class="guilabel"><strong>Encrypt using SSL</strong></span> check box, and then click <span class="guibutton"><strong>Manual</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Configuration Name (for example, "IPA LDAP").
+						</div></li><li class="listitem"><div class="para">
+							Ensure that the <span class="guilabel"><strong>Enable</strong></span> check box is selected, and that the <span class="guilabel"><strong>SSL</strong></span> check box is cleared.
+						</div></li></ol></div></div><div class="section" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">3.6.2.2. Setting up the LDAP Service Configuration Options</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Select the newly-created LDAP configuration and then click <span class="guibutton"><strong>Edit</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Connection</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Open/close times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Query times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Re-bind attempted in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Connection idles out in: 1 minute
+								</div></li><li class="listitem"><div class="para">
+									Clear all check boxes
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Search &amp; Mappings</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Access this LDAP server using: CUSTOM
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, select <span class="guilabel"><strong>Default Attribute Types</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, select <span class="guilabel"><strong>RecordName</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added RecordName attribute, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "uid" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add a Users record, as follows:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Record Types</strong></span> option, select <span class="guilabel"><strong>Users</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added <span class="guilabel"><strong>Users</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "inetOrgPerson" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Search base</strong></span> field, type "dc=example,dc=com" (without the quotes), and select the <span class="guilabel"><strong>Search in all subtrees</strong></span> option.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add attributes to the Users record as appropriate for your deployment. The following is an example of the required procedure.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, and then use <span class="keycap"><strong>Command</strong></span>+<span class="mousebutton">Click</span> to select the attributes that you want to add. For example, a typical deployment might include the following attributes:
+								</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+											AuthenticationAuthority
+										</div></li><li class="listitem"><div class="para">
+											PrimaryGroupID
+										</div></li><li class="listitem"><div class="para">
+											RealName
+										</div></li><li class="listitem"><div class="para">
+											RecordName
+										</div></li><li class="listitem"><div class="para">
+											UniqueID
+										</div></li><li class="listitem"><div class="para">
+											UserShell
+										</div></li></ul></div></li><li class="listitem"><div class="para">
+									Click <span class="guibutton"><strong>OK</strong></span> to add the selected attributes to the <span class="guilabel"><strong>Users</strong></span> record.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Specify appropriate mappings for the attributes that you just added. For example:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Authentication Authority</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "#;Kerberosv5;;$uid$;EXAMPLE.COM" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map PrimaryGroupID to gidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map UniqueID to uidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Continue until all required entries have been mapped, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>OK</strong></span> to finish setting up the LDAP service configuration options.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">3.6.3. Configuring the LDAP Authorization Options</h3></div></div></div><div class="para">
+				You now need to add the LDAP service to the list of locations used to search for user authentication information.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the <span class="guilabel"><strong>Authentication</strong></span> tab, change the <span class="guilabel"><strong>Search</strong></span> value to <span class="guilabel"><strong>Custom path</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Select the configuration that you added in the Creating the LDAP Configuration step, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Click <span class="guibutton"><strong>Apply</strong></span> to update the LDAP configuration, and then exit the <span class="application"><strong>Directory Access</strong></span> application.
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">3.6.4. Configuring NTP</h3></div></div></div><div class="para">
+				Open the Date &amp; Time utility and point it to the IPA server URL to set the date and time automatically.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">3.6.5. Accessing the IPA Server Using SSH</h3></div></div></div><div class="para">
+				After configuring client authentication, you should be able to use SSH to connect to the IPA server without being prompted for a password.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						If you have a valid Kerberos ticket, SSH should proceed with GSSAPI authentication without asking for a password:
+					</div><pre class="programlisting"><span class="perl_Comment"># ssh admin at ipaserver.example.com</span></pre></li></ol></div></div><div class="section" id="Macintosh_OS_X-Configuring_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Macintosh_OS_X-Configuring_System_Login">3.6.6. Configuring System Login</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the Macintosh login window, log in as an IPA user.
+					</div></li><li class="listitem"><div class="para">
+						First, check the user ID to make sure that both the user and group IDs are correct for the current account.
+					</div><pre class="programlisting">$ <span class="perl_BString">id</span>
+
+<span class="perl_Others">uid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">gid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">groups=</span>3<span class="perl_Others">(</span>sys<span class="perl_Others">)</span>,100<span class="perl_Others">(</span>users<span class="perl_Others">)</span>,1070<span class="perl_Others">(</span>devel2<span class="perl_Others">)</span>,10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span></pre></li><li class="listitem"><div class="para">
+						Then, check that there is a valid Kerberos ticket. 
+<pre class="programlisting">$ klist
+
+Ticket cache: <span class="perl_BString">FILE</span>:/tmp/krb5cc_10678
+Default principal: jsmith at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+05/12/11 12:12:26  05/12/11 22:12:26  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+        renew <span class="perl_Keyword">until</span> 05/12/11 12:12:26
+
+
+Kerberos 4 ticket cache: /tmp/tkt10678
+klist: You have no tickets cached</pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					To open the Terminal application, navigate to <span class="application"><strong>Applications/Utilities/Terminal.app</strong></span> or use the keyboard shortcut <span class="keycap"><strong>Command-Shift-U</strong></span>. You can also drag the Terminal icon to the Dock to make it permanently available on your Desktop.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Prev</strong>3.5. Configuring an AIX System as an IPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong>Chapter 4. Basic Usage</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html
new file mode 100644
index 0000000..7954778
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Configuring a Solaris System as an IPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /><link rel="prev" href="Using_Microsoft_Windows.html" title="3.2. Configuring a Microsoft Windows System as an IPA Client" /><link rel="next" href="Configuring_an_IPA_Client_on_HP_UX.html" title="3.4. Configuring an HP-UX System as an IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
 f="Using_Microsoft_Windows.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_Solaris"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Solaris">3.3. Configuring a Solaris System as an IPA Client</h2></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">3.3.1. Configuring Solaris 10</h3></div></div></div><div class="para">
+				IPA provides an automated method of configuring Solaris 10 to function as an IPA client. On your Solaris client, run the following command (ensure that you replace the example domain name with your own): 
+<pre class="screen"><code class="command"># ldapclient init ipa.example.com</code></pre>
+
+			</div><div class="para">
+				When IPA is installed it creates a configuration profile that will automatically set up the necessary PAM and <code class="filename">/etc/ldap.conf</code> configuration for Solaris. 
+				<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can add the <code class="option">-v</code> option to this command to display more details about the command operation.
+					</div></div></div>
+
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">3.3.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/krb5/krb5.conf</code> file as follows:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+
+[realms]
+EXAMPLE.COM = {
+kdc = ipaserver.example.com:88
+admin_server = ipaserver.example.com:749
+}
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[logging]
+default = FILE:/var/krb5/kdc.log
+kdc = FILE:/var/krb5/kdc.log
+kdc_rotate = {
+period = 1d
+versions = 10
+}
+
+[appdefaults]
+kinit = {
+renewable = true
+forwardable= true
+}
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">3.3.1.2. Configuring Client SSH Access</h4></div></div></div><div class="para">
+					Use the following procedure to configure the Solaris IPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. Remember to replace the example host and domain names with your own host and domain name.
+				</div><div class="para">
+					The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the IPA server.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Add a host service principal for the Solaris client.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"> # ipa service-add host/solarisipaclient.example.com </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Create the host keytab file.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p host/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Copy this keytab to the Solaris machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/etc/krb5/krb5.keytab </code></pre>
+
+						</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						After you have performed all of the preceding configuration steps, reboot the Solaris machine to ensure that all of the changes take effect.
+					</div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">3.3.1.3. Configuring NFS v4</h4></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The NFS v4 configuration is only supported on Solaris 10.
+					</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Obtain a Kerberos ticket for the admin user. 
+<pre class="screen"><code class="command"># kinit admin </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the IPA server.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Add an NFS service principal for the client. 
+<pre class="screen"><code class="command"># ipa service-add nfs/solarisipaclient.example.com </code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Create the NFS keytab file. 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+								</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+										Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Red Hat Enterprise Linux 6.1, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+									</div><div class="para">
+										If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+									</div></div></div></li><li class="listitem"><div class="para">
+									Use the <code class="command">klist</code> command to verify that the ticket was created: 
+<pre class="screen"><code class="command"># klist -ket /tmp/krb5.keytab</code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Copy the keytab from the server to the client. 
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/tmp/krb5.keytab </code></pre>
+
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the IPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab. 
+<pre class="screen"><code class="command"># ktutil</code>
+<code class="command">ktutil: read_kt /tmp/krb5.keytab</code>
+<code class="command">ktutil: write_kt /etc/krb5/krb5.keytab</code>
+<code class="command">ktutil: q</code></pre>
+
+						</div></li></ol></div><div class="para">
+					The IPA client should now be fully configured to mount NFS shares using Kerberos credentials.
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">3.3.2. Configuring Solaris 9</h3></div></div></div><div class="para">
+				The procedures for configuring Solaris 9 as an IPA client are the same as those for Solaris 10, with the exception of the PAM configuration. This is described below.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">3.3.2.1. Configuring PAM on Solaris 9</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/pam.conf</code> file to use PAM Kerberos. The following example shows how to set up PAM Kerberos authentication on Solaris 9 for console login:
+				</div><pre class="programlisting">login auth requisite pam_authtok_get.so.1
+login auth sufficient pam_krb5.so.1 use_first_pass
+login auth sufficient pam_unix.so.1 use_first_pass
+login auth required pam_dhkeys.so.1
+login auth required pam_unix_auth.so.1
+login auth required pam_dial_auth.so.1
+</pre></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Using_Microsoft_Windows.html"><strong>Prev</strong>3.2. Configuring a Microsoft Windows System as an...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Next</strong>3.4. Configuring an HP-UX System as an IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Document_Conventions.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Document_Conventions.html
new file mode 100644
index 0000000..22a54e5
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Document_Conventions.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. Examples and Formatting</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="Preface.html" title="Preface" /><link rel="next" href="feedback.html" title="3. Giving Feedback" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Preface.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="feedback.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="sect
 ion" id="Document_Conventions" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Document_Conventions">2. Examples and Formatting</h2></div></div></div><div class="para">
+		Each of the examples used in this guide, such as file locations and commands, have certain defined conventions.
+	</div><div class="section" id="bracketsexamples"><div class="titlepage"><div><div><h3 class="title" id="bracketsexamples">2.1. Brackets</h3></div></div></div><div class="para">
+			Square brackets (<code class="command">[]</code>) are used to indicate an alternative element in a name. For example, if a tool is available in <code class="filename">/usr/lib</code> on 32-bit systems and in <code class="filename">/usr/lib64</code> on 64-bit systems, then the tool location may be represented as <code class="filename">/usr/lib[64]</code>.
+		</div></div><div class="section" id="tool-locations"><div class="titlepage"><div><div><h3 class="title" id="tool-locations">2.2. Client Tool Information</h3></div></div></div><div class="para">
+			The tools for IPA are located in the <code class="filename">/usr/bin</code> and the <code class="filename">/usr/sbin</code> directories.
+		</div><div class="para">
+			The LDAP tools used to edit the IPA directory services, such as <code class="command">ldapmodify</code> and <code class="command">ldapsearch</code>, are from OpenLDAP. OpenLDAP tools use SASL connections by default. To perform a simple bind using a username and password, use the <code class="option">-x</code> argument to disable SASL.
+		</div></div><div class="section" id="guide-formatting"><div class="titlepage"><div><div><h3 class="title" id="guide-formatting">2.3. Text Formatting and Styles</h3></div></div></div><div class="para">
+			Certain words are represented in different fonts, styles, and weights. Different character formatting is used to indicate the function or purpose of the phrase being highlighted.
+		</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr valign="top"><th valign="top">
+							Formatting Style
+						</th><th valign="top">
+							Purpose
+						</th></tr></thead><tbody><tr valign="top"><td valign="top">
+							
+<pre class="screen">Monospace with a background</pre>
+
+						</td><td valign="top">
+							This type of formatting is used for anything entered or returned in a command prompt.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="emphasis"><em>Italicized text</em></span>
+						</td><td valign="top">
+							Any text which is italicized is a variable, such as <span class="emphasis"><em>instance_name</em></span> or <span class="emphasis"><em>hostname</em></span>. Occasionally, this is also used to emphasize a new term or other phrase.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="bold bold"><strong>Bolded text</strong></span>
+						</td><td valign="top">
+							Most phrases which are in bold are application names, such as <span class="application"><strong>Cygwin</strong></span>, or are fields or options in a user interface, such as a <span class="guilabel"><strong>User Name Here:</strong></span> field or <span class="guibutton"><strong>Save</strong></span> button. This can also indicate a file, package, or directory name, such as <code class="filename">/usr/sbin</code>.
+						</td></tr></tbody></table></div><div class="para">
+			Other formatting styles draw attention to important text.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.
+			</div></div></div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+				Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot.
+			</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+				A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.
+			</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Preface.html"><strong>Prev</strong>Preface</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="feedback.html"><strong>Next</strong>3. Giving Feedback</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Glossary.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Glossary.html
new file mode 100644
index 0000000..1dae57c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Glossary.html
@@ -0,0 +1,344 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Glossary</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="C.3. Performing a Client-based Migration" /><link rel="next" href="ix01.html" title="Index" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterpri
 se_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="Glossary.html#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="Glossary.html#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
+	In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
+</div></dd><dt>account inactivation</dt><dd><div class="para">
+	Disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
+</div></dd><dt>ACI</dt><dd><div class="para">
+	An instruction that grants or denies permissions to entries in the directory.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#access-control-instruction">access control instruction</a>.</p></dd><dt>ACL</dt><dd><div class="para">
+	The mechanism for controlling access to your directory.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#access-control-list">access control list</a>.</p></dd><dt>All IDs Threshold</dt><dd><div class="para">
+	<span class="emphasis"><em>Replaced with the ID list scan limit in Directory Server version 7.1.</em></span> A size limit which is globally applied to every index key managed by the server. When the size of an individual ID list reaches this limit, the server replaces that ID list with an All IDs token.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#IDList-scan-limit">ID list scan limit</a>.</p></dd><dt>All IDs token</dt><dd><div class="para">
+	A mechanism which causes the server to assume that all directory entries match the index key. In effect, the All IDs token causes the server to behave as if no index was available for the search request.
+</div></dd><dt>anonymous access</dt><dd><div class="para">
+	When granted, allows anyone to access directory information without providing credentials, and regardless of the conditions of the bind.
+</div></dd><dt>approximate index</dt><dd><div class="para">
+	Allows for efficient approximate or "sounds-like" searches.
+</div></dd><dt>attribute</dt><dd><div class="para">
+	Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.
+</div></dd><dt>attribute list</dt><dd><div class="para">
+	A list of required and optional attributes for a given entry type or object class.
+</div></dd><dt>authenticating directory server</dt><dd><div class="para">
+	In pass-through authentication (PTA), the authenticating Directory Server is the Directory Server that contains the authentication credentials of the requesting client. The PTA-enabled host sends PTA requests it receives from clients to the host.
+</div></dd><dt>authentication</dt><dd><div class="para">
+	(1) Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.
+</div><div class="para">
+	(2) Allows a <a class="xref" href="Glossary.html#client">client</a> to make sure they are connected to a secure server, preventing another computer from impersonating the server or attempting to appear secure when it is not.
+</div></dd><dt>authentication certificate</dt><dd><div class="para">
+	Digital file that is not transferable and not forgeable and is issued by a third party. Authentication certificates are sent from server to client or client to server in order to verify and authenticate the other party.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">B</h3><dl><dt>base distinguished name</dt><dd><p>See <a class="glosssee" href="Glossary.html#base-DN">base DN</a>.</p></dd><dt>base DN</dt><dd><div class="para">
+	Base distinguished name. A search operation is performed on the base DN, the DN of the entry and all entries below it in the directory tree.
+</div></dd><dt>bind distinguished name</dt><dd><p>See <a class="glosssee" href="Glossary.html#bind-DN">bind DN</a>.</p></dd><dt>bind DN</dt><dd><div class="para">
+	Distinguished name used to authenticate to Directory Server when performing an operation.
+</div></dd><dt>bind rule</dt><dd><div class="para">
+	In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information.
+</div></dd><dt>branch entry</dt><dd><div class="para">
+	An entry that represents the top of a subtree in the directory.
+</div></dd><dt>browser</dt><dd><div class="para">
+	Software, such as Mozilla Firefox, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server.
+</div></dd><dt>browsing index</dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#virtual-list-view-index">virtual list view index </a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">C</h3><dl><dt>CA</dt><dd><p>See <a class="glosssee" href="Glossary.html#Certificate-Authority">Certificate Authority</a>.</p></dd><dt>cascading replication</dt><dd><div class="para">
+	In a cascading replication scenario, one server, often called the hub supplier, acts both as a consumer and a supplier for a particular replica. It holds a read-only replica and maintains a changelog. It receives updates from the supplier server that holds the master copy of the data and in turn supplies those updates to the consumer.
+</div></dd><dt>certificate</dt><dd><div class="para">
+	A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes.
+</div></dd><dt>Certificate Authority</dt><dd><div class="para">
+	Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Authority that you trust. Also known as a <a class="xref" href="Glossary.html#CA">CA</a>.
+</div></dd><dt>CGI</dt><dd><div class="para">
+	Common Gateway Interface. An interface for external programs to communicate with the HTTP server. Programs written to use CGI are called CGI programs or CGI scripts and can be written in many of the common programming languages. CGI programs handle forms or perform output parsing that is not done by the server itself.
+</div></dd><dt>chaining</dt><dd><div class="para">
+	A method for relaying requests to another server. Results for the request are collected, compiled, and then returned to the client.
+</div></dd><dt>changelog</dt><dd><div class="para">
+	A changelog is a record that describes the modifications that have occurred on a replica. The supplier server then replays these modifications on the replicas stored on replica servers or on other masters, in the case of multi-master replication.
+</div></dd><dt>character type</dt><dd><div class="para">
+	Distinguishes alphabetic characters from numeric or other characters and the mapping of upper-case to lower-case letters.
+</div></dd><dt>ciphertext</dt><dd><div class="para">
+	Encrypted information that cannot be read by anyone without the proper key to decrypt the information.
+</div></dd><dt>class definition</dt><dd><div class="para">
+	Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory.
+</div></dd><dt>class of service</dt><dd><p>See <a class="glosssee" href="Glossary.html#CoS">CoS</a>.</p></dd><dt>classic CoS</dt><dd><div class="para">
+	A classic CoS identifies the template entry by both its DN and the value of one of the target entry's attributes.
+</div></dd><dt>client</dt><dd><p>See <a class="glosssee" href="Glossary.html#LDAP-client">LDAP client</a>.</p></dd><dt>code page</dt><dd><div class="para">
+	An internal table used by a locale in the context of the internationalization plug-in that the operating system uses to relate keyboard keys to character font screen displays.
+</div></dd><dt>collation order</dt><dd><div class="para">
+	Provides language and cultural-specific information about how the characters of a given language are to be sorted. This information might include the sequence of letters in the alphabet or how to compare letters with accents to letters without accents.
+</div></dd><dt>consumer</dt><dd><div class="para">
+	Server containing replicated directory trees or subtrees from a supplier server.
+</div></dd><dt>consumer server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server is called a consumer for that replica.
+</div></dd><dt>CoS</dt><dd><div class="para">
+	A method for sharing attributes between entries in a way that is invisible to applications.
+</div></dd><dt>CoS definition entry</dt><dd><div class="para">
+	Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects.
+</div></dd><dt>CoS template entry</dt><dd><div class="para">
+	Contains a list of the shared attribute values.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#template-entry">template entry</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">D</h3><dl><dt>daemon</dt><dd><div class="para">
+	A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning.
+</div></dd><dt>DAP</dt><dd><div class="para">
+	Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory.
+</div></dd><dt>data master</dt><dd><div class="para">
+	The server that is the master source of a particular piece of data.
+</div></dd><dt>database link</dt><dd><div class="para">
+	An implementation of chaining. The database link behaves like a database but has no persistent storage. Instead, it points to data stored remotely.
+</div></dd><dt>default index</dt><dd><div class="para">
+	One of a set of default indexes created per database instance. Default indexes can be modified, although care should be taken before removing them, as certain plug-ins may depend on them.
+</div></dd><dt>definition entry</dt><dd><p>See <a class="glosssee" href="Glossary.html#CoS-definition-entry">CoS definition entry</a>.</p></dd><dt>Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="Glossary.html#DAP">DAP</a>.</p></dd><dt>Directory Manager</dt><dd><div class="para">
+	The privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager.
+</div></dd><dt>directory service</dt><dd><div class="para">
+	A database application designed to manage descriptive, attribute-based information about people and resources within an organization.
+</div></dd><dt>directory tree</dt><dd><div class="para">
+	The logical representation of the information stored in the directory. It mirrors the tree model used by most filesystems, with the tree's root point appearing at the top of the hierarchy. Also known as <a class="xref" href="Glossary.html#DIT">DIT</a>.
+</div></dd><dt>distinguished name</dt><dd><div class="para">
+	String representation of an entry's name and location in an LDAP directory.
+</div></dd><dt>DIT</dt><dd><p>See <a class="glosssee" href="Glossary.html#directory-tree">directory tree</a>.</p></dd><dt>DM</dt><dd><p>See <a class="glosssee" href="Glossary.html#Directory-Manager">Directory Manager</a>.</p></dd><dt>DN</dt><dd><p>See <a class="glosssee" href="Glossary.html#distinguished-name">distinguished name</a>.</p></dd><dt>DNS</dt><dd><div class="para">
+	Domain Name System. The system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as <code class="command">www.example.com</code>). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems.
+</div></dd><dt>DNS alias</dt><dd><div class="para">
+	A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as <code class="command">www.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain </em></span>might point to a real machine called <code class="command">realthing.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain</em></span> where the server currently exists.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">E</h3><dl><dt>entry</dt><dd><div class="para">
+	A group of lines in the LDIF file that contains information about an object.
+</div></dd><dt>entry distribution</dt><dd><div class="para">
+	Method of distributing directory entries across more than one server in order to scale to support large numbers of entries.
+</div></dd><dt>entry ID list</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists. The entry ID list is used by the directory to build a list of candidate entries that may match the client application's search request.
+</div></dd><dt>equality index</dt><dd><div class="para">
+	Allows you to search efficiently for entries containing a specific attribute value.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">F</h3><dl><dt>file extension</dt><dd><div class="para">
+	The section of a filename after the period or dot (.) that typically defines the type of file (for example, .GIF and .HTML). In the filename <code class="command">index.html</code> the file extension is <code class="command">html</code>.
+</div></dd><dt>file type</dt><dd><div class="para">
+	The format of a given file. For example, graphics files are often saved in GIF format, while a text file is usually saved as ASCII text format. File types are usually identified by the file extension (for example, .GIF or .HTML).
+</div></dd><dt>filter</dt><dd><div class="para">
+	A constraint applied to a directory query that restricts the information returned.
+</div></dd><dt>filtered role</dt><dd><div class="para">
+	Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter. Entries that match the filter are said to possess the role.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">G</h3><dl><dt>general access</dt><dd><div class="para">
+	When granted, indicates that all authenticated users can access directory information.
+</div></dd><dt>GSS-API</dt><dd><div class="para">
+	Generic Security Services. The generic access protocol that is the native way for UNIX-based systems to access and authenticate Kerberos services; also supports session encryption.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">H</h3><dl><dt>hostname</dt><dd><div class="para">
+	A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, <code class="command">www.example.com </code>is the machine <code class="command">www</code> in the subdomain <code class="command">example</code> and <code class="command">com</code> domain.
+</div></dd><dt>HTML</dt><dd><div class="para">
+	Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Mozilla Firefox how to display text, position graphics, and form items and to display links to other pages.
+</div></dd><dt>HTTP</dt><dd><div class="para">
+	Hypertext Transfer Protocol. The method for exchanging information between HTTP servers and clients.
+</div></dd><dt>HTTPD</dt><dd><div class="para">
+	An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol. The daemon or service is often called an httpd.
+</div></dd><dt>HTTPS</dt><dd><div class="para">
+	A secure version of HTTP, implemented using the Secure Sockets Layer, SSL.
+</div></dd><dt>hub</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server, and, in turn, replicates it to a third server.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#cascading-replication">cascading replication</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">I</h3><dl><dt>ID list scan limit</dt><dd><div class="para">
+	A size limit which is globally applied to any indexed search operation. When the size of an individual ID list reaches this limit, the server replaces that ID list with an all IDs token.
+</div></dd><dt>index key</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
+</div></dd><dt>indirect CoS</dt><dd><div class="para">
+	An indirect CoS identifies the template entry using the value of one of the target entry's attributes.
+</div></dd><dt>international index</dt><dd><div class="para">
+	Speeds up searches for information in international directories.
+</div></dd><dt>International Standards Organization</dt><dd><p>See <a class="glosssee" href="Glossary.html#ISO">ISO</a>.</p></dd><dt>IP address</dt><dd><div class="para">
+	<span class="emphasis"><em>Also Internet Protocol address.</em></span> A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10). Directory Server supports both IPv4 and IPv6 IP addresses.
+</div></dd><dt>ISO</dt><dd><div class="para">
+	International Standards Organization.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">K</h3><dl><dt>knowledge reference</dt><dd><div class="para">
+	Pointers to directory information stored in different databases.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">L</h3><dl><dt>LDAP</dt><dd><div class="para">
+	Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms.
+</div></dd><dt>LDAP client</dt><dd><div class="para">
+	Software used to request and view LDAP entries from an LDAP Directory Server.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#browser">browser</a>.</p></dd><dt>LDAP Data Interchange Format</dt><dd><p>See <a class="glosssee" href="Glossary.html#LDAP-Data-Interchange-Format">LDAP Data Interchange Format</a>.</p></dd><dt>LDAP URL</dt><dd><div class="para">
+	Provides the means of locating Directory Servers using DNS and then completing the query via LDAP. A sample LDAP URL is <code class="command">ldap://ldap.example.com</code>.
+</div></dd><dt>LDAPv3</dt><dd><div class="para">
+	Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.
+</div></dd><dt>LDBM database</dt><dd><div class="para">
+	A high-performance, disk-based database consisting of a set of large files that contain all of the data assigned to it. The primary data store in Directory Server.
+</div></dd><dt>LDIF</dt><dd><div class="para">
+	LDAP Data Interchange Format. Format used to represent Directory Server entries in text form.
+</div></dd><dt>leaf entry</dt><dd><div class="para">
+	An entry under which there are no other entries. A leaf entry cannot be a branch point in a directory tree.
+</div></dd><dt>Lightweight Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="Glossary.html#LDAP">LDAP</a>.</p></dd><dt>locale</dt><dd><div class="para">
+	Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom. This includes information on how data of a given language is interpreted, stored, or collated. The locale also indicates which code page should be used to represent a given language.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">M</h3><dl><dt>managed object</dt><dd><div class="para">
+	A standard value which the SNMP agent can access and send to the NMS. Each managed object is identified with an official name and a numeric identifier expressed in dot-notation.
+</div></dd><dt>managed role</dt><dd><div class="para">
+	Allows creation of an explicit enumerated list of members.
+</div></dd><dt>management information base</dt><dd><p>See <a class="glosssee" href="Glossary.html#MIB">MIB</a>.</p></dd><dt>mapping tree</dt><dd><div class="para">
+	A data structure that associates the names of suffixes (subtrees) with databases.
+</div></dd><dt>master</dt><dd><p>See <a class="glosssee" href="Glossary.html#supplier">supplier</a>.</p></dd><dt>master agent</dt><dd><p>See <a class="glosssee" href="Glossary.html#SNMP-master-agent">SNMP master agent</a>.</p></dd><dt>matching rule</dt><dd><div class="para">
+	Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use.
+</div></dd><dt>MD5</dt><dd><div class="para">
+	A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest.
+</div></dd><dt>MD5 signature</dt><dd><div class="para">
+	A message digest produced by the MD5 algorithm.
+</div></dd><dt>MIB</dt><dd><div class="para">
+	Management Information Base. All data, or any portion thereof, associated with the SNMP network. We can think of the MIB as a database which contains the definitions of all SNMP managed objects. The MIB has a tree-like hierarchy, where the top level contains the most general information about the network and lower levels deal with specific, separate network areas.
+</div></dd><dt>MIB namespace</dt><dd><div class="para">
+	Management Information Base namespace. The means for directory data to be named and referenced. Also called the <a class="xref" href="Glossary.html#directory-tree">directory tree</a>.
+</div></dd><dt>monetary format</dt><dd><div class="para">
+	Specifies the monetary symbol used by specific region, whether the symbol goes before or after its value, and how monetary units are represented.
+</div></dd><dt>multi-master replication</dt><dd><div class="para">
+	An advanced replication scenario in which two servers each hold a copy of the same read-write replica. Each server maintains a changelog for the replica. Modifications made on one server are automatically replicated to the other server. In case of conflict, a time stamp is used to determine which server holds the most recent version.
+</div></dd><dt>multiplexor</dt><dd><div class="para">
+	The server containing the database link that communicates with the remote server.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">N</h3><dl><dt>n + 1 directory problem</dt><dd><div class="para">
+	The problem of managing multiple instances of the same information in different directories, resulting in increased hardware and personnel costs.
+</div></dd><dt>name collisions</dt><dd><div class="para">
+	Multiple entries with the same distinguished name.
+</div></dd><dt>nested role</dt><dd><div class="para">
+	Allows the creation of roles that contain other roles.
+</div></dd><dt>network management application</dt><dd><div class="para">
+	Network Management Station component that graphically displays information about SNMP managed devices, such as which device is up or down and which and how many error messages were received.
+</div></dd><dt>network management station</dt><dd><p>See <a class="glosssee" href="Glossary.html#NMS">NMS</a>.</p></dd><dt>NIS</dt><dd><div class="para">
+	Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, filesystems, and network parameters throughout a network of computers.
+</div></dd><dt>NMS</dt><dd><div class="para">
+	Powerful workstation with one or more network management applications installed. Also <a class="xref" href="Glossary.html#network-management-station">network management station</a>.
+</div></dd><dt>ns-slapd</dt><dd><div class="para">
+	Red Hat's LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#slapd">slapd</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">O</h3><dl><dt>object class</dt><dd><div class="para">
+	Defines an entry type in the directory by defining which attributes are contained in the entry.
+</div></dd><dt>object identifier</dt><dd><div class="para">
+	A string, usually of decimal numbers, that uniquely identifies a schema element, such as an object class or an attribute, in an object-oriented system. Object identifiers are assigned by ANSI, IETF or similar organizations.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#OID">OID</a>.</p></dd><dt>OID</dt><dd><p>See <a class="glosssee" href="Glossary.html#object-identifier">object identifier</a>.</p></dd><dt>operational attribute</dt><dd><div class="para">
+	Contains information used internally by the directory to keep track of modifications and subtree properties. Operational attributes are not returned in response to a search unless explicitly requested.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">P</h3><dl><dt>parent access</dt><dd><div class="para">
+	When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry.
+</div></dd><dt>pass-through authentication</dt><dd><p>See <a class="glosssee" href="Glossary.html#PTA">PTA</a>.</p></dd><dt>pass-through subtree</dt><dd><div class="para">
+	In pass-through authentication, the <a class="xref" href="Glossary.html#PTA-directory-server">PTA directory server</a> will pass through bind requests to the <a class="xref" href="Glossary.html#authenticating-directory-server">authenticating directory server</a> from all clients whose DN is contained in this subtree.
+</div></dd><dt>password file</dt><dd><div class="para">
+	A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as <code class="command">/etc/passwd</code> because of where it is kept.
+</div></dd><dt>password policy</dt><dd><div class="para">
+	A set of rules that governs how passwords are used in a given directory.
+</div></dd><dt>PDU</dt><dd><div class="para">
+	Encoded messages which form the basis of data exchanges between SNMP devices. Also <a class="xref" href="Glossary.html#protocol-data-unit">protocol data unit</a>.
+</div></dd><dt>permission</dt><dd><div class="para">
+	In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#access-rights">access rights</a>.</p></dd><dt>pointer CoS</dt><dd><div class="para">
+	A pointer CoS identifies the template entry using the template DN only.
+</div></dd><dt>presence index</dt><dd><div class="para">
+	Allows searches for entries that contain a specific indexed attribute.
+</div></dd><dt>protocol</dt><dd><div class="para">
+	A set of rules that describes how devices on a network exchange information.
+</div></dd><dt>protocol data unit</dt><dd><p>See <a class="glosssee" href="Glossary.html#PDU">PDU</a>.</p></dd><dt>proxy authentication</dt><dd><div class="para">
+	A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN.
+</div></dd><dt>proxy DN</dt><dd><div class="para">
+	Used with proxied authorization. The proxy DN is the DN of an entry that has access permissions to the target on which the client-application is attempting to perform an operation.
+</div></dd><dt>PTA</dt><dd><div class="para">
+	Mechanism by which one Directory Server consults another to check bind credentials. Also <a class="xref" href="Glossary.html#pass-through-authentication">pass-through authentication</a>.
+</div></dd><dt>PTA directory server</dt><dd><div class="para">
+	In pass-through authentication (<a class="xref" href="Glossary.html#PTA">PTA</a>), the PTA Directory Server is the server that sends (passes through) bind requests it receives to the <a class="xref" href="Glossary.html#authenticating-directory-server">authenticating directory server</a>.
+</div></dd><dt>PTA LDAP URL</dt><dd><div class="para">
+	In pass-through authentication, the URL that defines the <a class="xref" href="Glossary.html#authenticating-directory-server">authenticating directory server</a>, pass-through subtree(s), and optional parameters.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">R</h3><dl><dt>RAM</dt><dd><div class="para">
+	Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down.
+</div></dd><dt>rc.local</dt><dd><div class="para">
+	A file on Unix machines that describes programs that are run when the machine starts. It is also called <code class="filename">/etc/rc.local</code> because of its location.
+</div></dd><dt>RDN</dt><dd><div class="para">
+	The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name. Also <a class="xref" href="Glossary.html#relative-distinguished-name">relative distinguished name</a>.
+</div></dd><dt>read-only replica</dt><dd><div class="para">
+	A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas.
+</div></dd><dt>read-write replica </dt><dd><div class="para">
+	A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas.
+</div></dd><dt>referential integrity</dt><dd><div class="para">
+	Mechanism that ensures that relationships between related entries are maintained within the directory.
+</div></dd><dt>referral</dt><dd><div class="para">
+	(1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
+</div><div class="para">
+	(2) In the context of replication, when a read-only replica receives an update request, it forwards it to the server that holds the corresponding read-write replica. This forwarding process is called a referral.
+</div></dd><dt>relative distinguished name</dt><dd><p>See <a class="glosssee" href="Glossary.html#RDN">RDN</a>.</p></dd><dt>replica</dt><dd><div class="para">
+	A database that participates in replication.
+</div></dd><dt>replica-initiated replication</dt><dd><div class="para">
+	Replication configuration where replica servers, either hub or consumer servers, pull directory data from supplier servers. This method is available only for legacy replication.
+</div></dd><dt>replication</dt><dd><div class="para">
+	Act of copying directory trees or subtrees from supplier servers to replica servers.
+</div></dd><dt>replication agreement</dt><dd><div class="para">
+	Set of configuration parameters that are stored on the supplier server and identify the databases to replicate, the replica servers to which the data is pushed, the times during which replication can occur, the DN and credentials used by the supplier to bind to the consumer, and how the connection is secured.
+</div></dd><dt>RFC</dt><dd><div class="para">
+	Request for Comments. Procedures or standards documents submitted to the Internet community. People can send comments on the technologies before they become accepted standards.
+</div></dd><dt>role</dt><dd><div class="para">
+	An entry grouping mechanism. Each role has <span class="emphasis"><em>members</em></span>, which are the entries that possess the role.
+</div></dd><dt>role-based attributes</dt><dd><div class="para">
+	Attributes that appear on an entry because it possesses a particular role within an associated CoS template.
+</div></dd><dt>root</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.
+</div></dd><dt>root suffix</dt><dd><div class="para">
+	The parent of one or more sub suffixes. A directory tree can contain more than one root suffix.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">S</h3><dl><dt>SASL</dt><dd><div class="para">
+	An authentication framework for clients as they attempt to bind to a directory. Also <a class="xref" href="Glossary.html#Simple-Authentication-and-Security-Layer">Simple Authentication and Security Layer </a>.
+</div></dd><dt>schema</dt><dd><div class="para">
+	Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
+</div></dd><dt>schema checking</dt><dd><div class="para">
+	Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default, and users will receive an error if they try to save an entry that does not conform to the schema.
+</div></dd><dt>Secure Sockets Layer</dt><dd><p>See <a class="glosssee" href="Glossary.html#SSL">SSL</a>.</p></dd><dt>self access</dt><dd><div class="para">
+	When granted, indicates that users have access to their own entries if the bind DN matches the targeted entry.
+</div></dd><dt>Server Console</dt><dd><div class="para">
+	Java-based application that allows you to perform administrative management of your Directory Server from a GUI.
+</div></dd><dt>server daemon</dt><dd><div class="para">
+	The server daemon is a process that, once running, listens for and accepts requests from clients.
+</div></dd><dt>Server Selector</dt><dd><div class="para">
+	Interface that allows you select and configure servers using a browser.
+</div></dd><dt>server service</dt><dd><div class="para">
+	A process on Windows that, once running, listens for and accepts requests from clients. It is the SMB server on Windows NT.
+</div></dd><dt>service</dt><dd><div class="para">
+	A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning.
+</div></dd><dt>SIE</dt><dd><div class="para">
+	Server Instance Entry. The ID assigned to an instance of Directory Server during installation.
+</div></dd><dt>Simple Authentication and Security Layer </dt><dd><p>See <a class="glosssee" href="Glossary.html#glSASL">SASL</a>.</p></dd><dt>Simple Network Management Protocol</dt><dd><p>See <a class="glosssee" href="Glossary.html#SNMP">SNMP</a>.</p></dd><dt>single-master replication</dt><dd><div class="para">
+	The most basic replication scenario in which multiple servers, up to four, each hold a copy of the same read-write replicas to replica servers. In a single-master replication scenario, the supplier server maintains a changelog.
+</div></dd><dt>SIR</dt><dd><p>See <a class="glosssee" href="Glossary.html#supplier-initiated-replication">supplier-initiated replication</a>.</p></dd><dt>slapd</dt><dd><div class="para">
+	LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#ns-slapd">ns-slapd</a>.</p></dd><dt>SNMP</dt><dd><div class="para">
+	Used to monitor and manage application processes running on the servers by exchanging data about network activity. Also <a class="xref" href="Glossary.html#Simple-Network-Management-Protocol">Simple Network Management Protocol</a>.
+</div></dd><dt>SNMP master agent</dt><dd><div class="para">
+	Software that exchanges information between the various subagents and the NMS.
+</div></dd><dt>SNMP subagent</dt><dd><div class="para">
+	Software that gathers information about the managed device and passes the information to the master agent. Also called a <a class="xref" href="Glossary.html#subagent">subagent</a>.
+</div></dd><dt>SSL</dt><dd><div class="para">
+	A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP. Also called <a class="xref" href="Glossary.html#Secure-Sockets-Layer">Secure Sockets Layer</a>.
+</div></dd><dt>standard index</dt><dd><div class="para">
+	index maintained by default.
+</div></dd><dt>sub suffix</dt><dd><div class="para">
+	A branch underneath a root suffix.
+</div></dd><dt>subagent</dt><dd><p>See <a class="glosssee" href="Glossary.html#SNMP-subagent">SNMP subagent</a>.</p></dd><dt>substring index</dt><dd><div class="para">
+	Allows for efficient searching against substrings within entries. Substring indexes are limited to a minimum of two characters for each entry.
+</div></dd><dt>suffix</dt><dd><div class="para">
+	The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix.
+</div></dd><dt>superuser</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called <a class="xref" href="Glossary.html#root">root</a>.
+</div></dd><dt>supplier</dt><dd><div class="para">
+	Server containing the master copy of directory trees or subtrees that are replicated to replica servers.
+</div></dd><dt>supplier server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica.
+</div></dd><dt>supplier-initiated replication</dt><dd><div class="para">
+	Replication configuration where <a class="xref" href="Glossary.html#supplier">supplier</a> servers replicate directory data to any replica servers.
+</div></dd><dt>symmetric encryption</dt><dd><div class="para">
+	Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm.
+</div></dd><dt>system index</dt><dd><div class="para">
+	Cannot be deleted or modified as it is essential to Directory Server operations.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">T</h3><dl><dt>target</dt><dd><div class="para">
+	In the context of access control, the target identifies the directory information to which a particular ACI applies.
+</div></dd><dt>target entry</dt><dd><div class="para">
+	The entries within the scope of a CoS.
+</div></dd><dt>TCP/IP</dt><dd><div class="para">
+	Transmission Control Protocol/Internet Protocol. The main network protocol for the Internet and for enterprise (company) networks.
+</div></dd><dt>template entry</dt><dd><p>See <a class="glosssee" href="Glossary.html#CoS-template-entry">CoS template entry</a>.</p></dd><dt>time/date format</dt><dd><div class="para">
+	Indicates the customary formatting for times and dates in a specific region.
+</div></dd><dt>TLS</dt><dd><div class="para">
+	The new standard for secure socket layers; a public key based protocol. Also <a class="xref" href="Glossary.html#Transport-Layer-Security">Transport Layer Security</a>.
+</div></dd><dt>topology</dt><dd><div class="para">
+	The way a directory tree is divided among physical servers and how these servers link with one another.
+</div></dd><dt>Transport Layer Security</dt><dd><p>See <a class="glosssee" href="Glossary.html#TLS">TLS</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">U</h3><dl><dt>uid</dt><dd><div class="para">
+	A unique number associated with each user on a Unix system.
+</div></dd><dt>URL</dt><dd><div class="para">
+	Uniform Resource Locater. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is <span class="emphasis"><em>protocol</em></span>://<span class="emphasis"><em>machine</em></span>:<span class="emphasis"><em>port</em></span>/<span class="emphasis"><em>document</em></span>. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">V</h3><dl><dt>virtual list view index </dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#browsing-index">browsing index</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">X</h3><dl><dt>X.500 standard</dt><dd><div class="para">
+	The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementation.
+</div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong>C.3. Performing a Client-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong>Index</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Installing_the_IPA_Server_Packages.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Installing_the_IPA_Server_Packages.html
new file mode 100644
index 0000000..ccd5685
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Installing_the_IPA_Server_Packages.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. Installing the IPA Server Packages</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="prev" href="Preparing_for_an_IPA_Installation.html" title="2.2. Preparing to Install the IPA Server" /><link rel="next" href="creating-server.html" title="2.4. Creating an IPA Server Instance" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Preparing_for_an_IPA_Installation.html"><stro
 ng>Prev</strong></a></li><li class="next"><a accesskey="n" href="creating-server.html"><strong>Next</strong></a></li></ul><div class="section" id="Installing_the_IPA_Server_Packages"><div class="titlepage"><div><div><h2 class="title" id="Installing_the_IPA_Server_Packages">2.3. Installing the IPA Server Packages</h2></div></div></div><div class="para">
+			Installing only the IPA server requires a single package, <code class="filename">ipa-server</code><code class="filename">ipa-server</code>. If the IPA server will also manage a DNS server, then it requires two additional packages to set up the DNS.
+		</div><div class="para">
+			All of these packages can be installed using the <code class="command">yum</code> command:
+		</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-server bind bind-dyndb-ldap</span></pre><div class="para">
+			If the IPA domain will contain replicas as well as servers, then also install the required replication packages:
+		</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-server bind bind-dyndb-ldap ds-replication</span></pre><div class="para">
+			Installing the <code class="filename">ipa-server</code><code class="filename">ipa-server</code> also installs a large number of dependencies, such as <span class="package">389-ds-base</span> for the LDAP service and <span class="package">krb5-server</span> for the Kerberos service, along with IPA tools.
+		</div><div class="para">
+			After the packages are installed, the server instance must be created using the <code class="command">ipa-server-install</code> command. The options for configuring the new server instance are described in <a class="xref" href="creating-server.html">Section 2.4, “Creating an IPA Server Instance”</a>.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Preparing_for_an_IPA_Installation.html"><strong>Prev</strong>2.2. Preparing to Install the IPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="creating-server.html"><strong>Next</strong>2.4. Creating an IPA Server Instance</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Migrating_from_a_Directory_Server_to_IPA.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Migrating_from_a_Directory_Server_to_IPA.html
new file mode 100644
index 0000000..e0f98c4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Migrating_from_a_Directory_Server_to_IPA.html
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix C. Migrating from a Directory Server to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html" title="B.4. Using certmonger with IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="C.2. Performing a Server-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png
 " alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</h2></div></div></div><div class="para">
+			This appendix addresses the situation where a customer has previously deployed an internal Directory Server (DS) and is planning to use IPA instead. The customer needs to transfer all user data from the DS to IPA so that IPA can function fully and correctly. The goal is to perform this migration without requiring that users change their passwords or perform some other specific action.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</h3></div></div></div><div class="para">
+				It is not practical to identify and address each of the scenarios in which a DS and IPA might be deployed, and where migration might be required. Consequently, the following assumptions are made:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						This is a one-to-one transition from one DS realm to one IPA realm. No consolidation is involved.
+					</div></li><li class="listitem"><div class="para">
+						User passwords are stored as a hash in the source DS in a form that the IPA DS can understand
+					</div></li><li class="listitem"><div class="para">
+						You are using LDAP as the central authentication service, and the client machines are configured to use <code class="systemitem">pam_ldap</code> and <code class="systemitem">nss_ldap</code>
+					</div></li><li class="listitem"><div class="para">
+						Some machines might be present that are managed by <code class="systemitem">NIS</code> or are not part of the DS deployment, but are planned to be part of the IPA domain
+					</div><div class="para">
+						Machines that cannot be moved from the <code class="systemitem">NIS</code> domain to LDAP or IPA because they are old and do not support <code class="systemitem">nss_ldap</code> are assumed to remain in and be served by the <code class="systemitem">NIS</code> domain. The migration of such machines to the IPA domain, while possible, is a challenging task and is out of the scope of the current use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</h3></div></div></div><div class="para">
+				A number of issues exist that need to be considered when planning the migration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A generic DS uses a different schema and <em class="firstterm">Directory Information Tree (DIT)</em> when compared to IPA. No known DS uses the same flat DIT structure that IPA uses. IPA is optimized for performance, and attempts to avoid any architectural design flaws that have occurred in the past.
+					</div></li><li class="listitem"><div class="para">
+						IPA uses Kerberos for authentication, and so each user requires that Kerberos keys be stored in the IPA DS, in addition to the standard LDAP hashes used by the DS
+					</div><div class="para">
+						In order to generate these keys, the password needs to be available in clear text to IPA's DS password plug-in. It is available when the user is created in IPA using IPA tools or LDAP, but this is not the case when the user is migrated from other external storage such as another DS. Consequently, the existing password hashes can be reloaded, but the Kerberos hashes cannot be generated. IPA provides a number of solutions to overcome this issue; these are described later in this appendix.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</h3></div></div></div><div class="para">
+				The following have been identified as typical migration scenarios:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA but do not use its Kerberos features for now
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features using only IPA v1 functionality. That is, do not use SSSD.
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features on some machines, while some machines will use SSSD and some will not; this is the primary use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</h3></div></div></div><div class="para">
+				The following sections describe the initial, pre‐migration state, and the final, post‐migration state of a DS deployment when migrating to a single IPA domain.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</h4></div></div></div><div class="para">
+					In the initial state, there is a single data source (the Directory Server) and a single client machine configuration. This client configuration uses <code class="systemitem">LDAP</code> to connect to the Directory Server and retrieve information about users and groups. This configuration uses <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> for authentication and identity lookups. These modules enable the client systems to use data retrieved from the DS just as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. The following diagram illustrates this type of implementation, where <code class="systemitem">LDAP</code> is used to connect to the DS for both authentication and authorization. The case where <code class="systemitem">Kerberos</code> is used for authentication and <code class="systemitem">LDAP</code> for identity, and where these two data stores are synchronized, is not
  described here. Consequently, the initial state may not be as simple or as straightforward as displayed here, however the approach and the final state will be similar.
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure C.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</h4></div></div></div><div class="para">
+					In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="Migrating_from_a_Directory_Server_to_IPA.html#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure C.2, “Final state of deployment after migrating to IPA”</a>
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure C.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">C.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
+							Clients connect to IPA via SSSD. SSSD is integrated into the PAM and NSS stacks by means of PAM_SSS and NSS_SSS, respectively. SSSD's LDAP back end is configured for both authentication and for identity lookups. In this use case, IPA functions like a normal DS.
+						</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Kerberos authentication can be configured instead of LDAP authentication. In this case, IPA acts as a normal DS for identity lookups and a normal KDC for Kerberos authentication.
+						</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_IPAs_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using IPA's Back End</h5>
+							This configuration is similar to that described above, except that SSSD has a special back end that is more IPA-aware. If this back end is configured, then SSSD can take advantage of specific IPA features, such as silent password migration and host-based access control.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-LDAP_connected_Machines"><h5 class="formalpara">LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_LDAP and NSS_LDAP. In this use case, too, IPA functions like a normal Directory Server.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-KRB5LDAP_connected_Machines"><h5 class="formalpara">KRB5/LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_KRB5 and NSS_LDAP. This is the same configuration as that provided for IPA v1.x
+						</div><div class="para">
+						In the initial state, clients use LDAP to communicate with the Directory Server to retrieve information about users and groups. <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> are modules that enable the client systems to use data retrieved from the Directory Server as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. In the final state, IPA provides all of the same functionality and many more features besides.
+					</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
+				The migration from DS to IPA requires:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Installing IPA on a suitable machine
+					</div></li><li class="listitem"><div class="para">
+						Migrating the user data. This step is performed by an IPA command which:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dumps the data from DS
+							</div></li><li class="listitem"><div class="para">
+								Converts the data into a format suitable for IPA
+							</div></li><li class="listitem"><div class="para">
+								Loads the converted data into IPA
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						Reconfiguring clients to connect to IPA. This is required because the IPA Directory Information Tree (DIT) is different from the DS DIT.
+					</div></li></ol></div><div class="para">
+				To achieve a successful migration, changes are required both on the client and on the server machines. Reconfiguration of the clients is not required immediately after changes are made to the server. This allows for a transition period, without which it would not be possible to deploy the solution.
+			</div><div class="para">
+				At present the only option is to run IPA and DS concurrently until all the clients are reconfigured to point to IPA. Two main migration strategies currently exist:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate the server first
+					</div></li><li class="listitem"><div class="para">
+						Deploy SSSD first
+					</div></li></ul></div><div class="para">
+				Each approach is valid and accomplishes the same goal, but using a different sequence of operations.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
+					Each approach has a different impact on the IT team and the users. You need to select the approach that best suits your deployment. These scenarios can be modified to meet the needs of your enterprise. Provided you understand the implications and reasoning behind each step, there is no requirement to follow the steps in the given order. It is important to understand that until the Kerberos keys are generated in IPA, users will not be able to authenticate with Kerberos credentials using <code class="systemitem">PAM_KRB5</code> or <code class="command">kinit</code>.
+				</div><div class="para">
+					You should also consider an alternative migration scenario, where passwords are not migrated. In this scenario, users are not migrated into IPA but rather added as new users with new passwords. Users would then change their password the first time they authenticate. The initial password would be defined by IT and sent to users by email or communicated in some other way.
+				</div><div class="para">
+					Migrating users from an existing system provides a smoother transition but also requires parallel management of DS and IPA during the migration. If you do not preserve passwords, the migration can be performed more quickly and you can avoid the period of double management of IPA and DS.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</h3></div></div></div><div class="para">
+				The following sequence of operations occurs when users are migrated using SSSD:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A user tries to log in to the machine.
+					</div></li><li class="listitem"><div class="para">
+						SSSD passes authentication to the IPA identity provider back end.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end attempts Kerberos authentication.
+					</div></li><li class="listitem"><div class="para">
+						Even though the user exists in the system, the authentication will fail with the error "key type is not supported", because the Kerberos keys do not yet exist.
+					</div></li><li class="listitem"><div class="para">
+						If SSSD is configured to migrate users, it will continue to the next step. Otherwise, it will fail authentication.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end then attempts to perform an LDAP bind. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Because it is going to perform a simple bind and send the password in the clear, this LDAP bind operation must use startTLS.
+								</div></li><li class="listitem"><div class="para">
+									Perform a simple bind.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The server-side plug-in will intercept this bind request and if the user has a Kerberos principal but no Kerberos keys, then the plug-in will generate the keys and store them in the user entry.
+					</div></li><li class="listitem"><div class="para">
+						If the bind operation fails for any reason, the IPA identity provider back end will fail authentication, otherwise it will continue.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end will unbind and try Kerberos authentication again. This time it is expected to succeed because the keys already exist in the entry.
+					</div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Prev</strong>B.4. Using certmonger with IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong>C.2. Performing a Server-based Migration</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Preface.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Preface.html
new file mode 100644
index 0000000..8ab3601
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Preface.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Preface</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="index.html" title="Enterprise Identity Management Guide" /><link rel="next" href="Document_Conventions.html" title="2. Examples and Formatting" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Document_Co
 nventions.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="preface" id="Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div class="para">
+		Enterprise IPA is a Red Hat Enterprise Linux-based way to create a security, identity, and authentication domain. The different security and authentication protocols available to Linux and Unix systems (like Kerberos, NIS, DNS, PAM, and sudo) are complex, unrelated, and difficult to manage coherently, especially when combined with different identity stores.
+	</div><div class="para">
+		Enterprise IPA provides a layer that unifies all of these disparate services and simplifies the administrative tasks for managing users, systems, and security. IPA breaks management down into two categories: <span class="emphasis"><em>identity</em></span> and <span class="emphasis"><em>policy</em></span>. It centralizes the functions of managing the users and entities within your IT environment (identity) and then provides a framework to define authentication and authorization for a global security framework and user-friendly tools like single sign-on (policy).
+	</div><div class="section" id="audience"><div class="titlepage"><div><div><h2 class="title" id="audience">1. Audience and Purpose</h2></div></div></div><div class="para">
+			With Enterprise IPA, a Red Hat Enterprise Linux system can easily become the center of an identity/authentication domain and even provide access to the domain for clients of other operating systems. IPA is an integrated system, that builds on existing and reliable technologies like LDAP and certificate protocols, with a robust yet straightforward set of tools (including a web-based UI). The key to identity/policy management with IPA is simplicity and flexibility:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Centralized identity stores for authentication and single sign-on using both integrated LDAP services (with 389 Directory Server) and, optionally, NIS services
+				</div></li><li class="listitem"><div class="para">
+					Clear and manageable administrative control over system services like PAM, NTP, and sudo
+				</div></li><li class="listitem"><div class="para">
+					Simplified DNS domains and maintenance
+				</div></li><li class="listitem"><div class="para">
+					Scalable Kerberos realms and cross-realms which clients can easily join
+				</div></li></ul></div><div class="para">
+			This guide is written for systems administrators and IT staff who will manage IPA domains, user systems, and servers. This assumes a moderate knowledge of Linux-based systems administration and familiarity with important concepts like access control, LDAP, and Kerberos.
+		</div><div class="para">
+			This guide covers every aspect of using IPA, including preparation and installation processes, administrative tasks, and the IPA tools. This guide also explains the major concepts behind both identity and policy management, generally, and IPA features specifically. Administrative tasks in this guide are categorized as either <span class="emphasis"><em>Identity</em></span> or <span class="emphasis"><em>Policy</em></span> in the chapter title to help characterize the administrative functions.
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Enterprise Identity Management Guide</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Document_Conventions.html"><strong>Next</strong>2. Examples and Formatting</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Preparing_for_an_IPA_Installation.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Preparing_for_an_IPA_Installation.html
new file mode 100644
index 0000000..6f5cceb
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Preparing_for_an_IPA_Installation.html
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Preparing to Install the IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="prev" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="next" href="Installing_the_IPA_Server_Packages.html" title="2.3. Installing the IPA Server Packages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="installing-ipa.html"><strong>Prev</strong></a>
 </li><li class="next"><a accesskey="n" href="Installing_the_IPA_Server_Packages.html"><strong>Next</strong></a></li></ul><div class="section" id="Preparing_for_an_IPA_Installation"><div class="titlepage"><div><div><h2 class="title" id="Preparing_for_an_IPA_Installation">2.2. Preparing to Install the IPA Server</h2></div></div></div><div class="para">
+			Before you install IPA, ensure that the installation environment is suitably configured. You also need to provide certain information during the installation and configuration procedures, including realm names and certain usernames and passwords. This section describes the information that you need to provide.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</h3></div></div></div><div class="para">
+				A basic user entry is about 1 KB in size, as is a simple host entry with a certificate. The structure of the directory tree and the number of indexes in the Directory Server instance can impact the hardware required for the best performance. <a class="xref" href="Preparing_for_an_IPA_Installation.html#tab.Minimum_hardware_requirements_for_IPA">Table 2.1, “Minimum Hardware Requirements”</a> lists the recommended minimums. For customized systems, additional indexes, or larger user entries, it is more effective to increase the RAM than to increase the disk space because the Directory Server stores much of its data in cache. Add info for disk layout/size recommendations, from https://www.redhat.com/archives/freeipa-users/2011-May/msg00012.html
+			</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+					The Directory Server instance used by the IPA server can be tuned to increase performance. For tuning information, see the Directory Server documentation at <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html</a>.
+				</div></div></div><div class="para">
+				The system requirements for both 32-bit and 64-bit platforms are the same.
+			</div><div class="table" id="tab.Minimum_hardware_requirements_for_IPA"><h6>Table 2.1. Minimum Hardware Requirements</h6><div class="table-contents"><table summary="Minimum Hardware Requirements" border="1"><colgroup><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /></colgroup><thead><tr><th align="center">
+								Minimum Hardware Requirements
+							</th><th align="center">
+								10,000 - 250,000 Entries
+							</th><th align="center">
+								250,000 - 1,000,000 Entries
+							</th><th align="center">
+								Over 1,000,000 Entries
+							</th></tr></thead><tbody><tr><td align="left">
+								CPU
+							</td><td colspan="3" align="center">
+								P3; 500MHz
+							</td></tr><tr><td align="left">
+								RAM
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td></tr><tr><td align="left">
+								Disk Space
+							</td><td align="center">
+								2 GB
+							</td><td align="center">
+								4 GB
+							</td><td align="center">
+								8 GB
+							</td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requirements</h3></div></div></div><div class="para">
+				Most of the packages that an IPA server depends on are installed as dependencies when the IPA packages are installed. There are some packages, however, which are required before installing the IPA packages:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Kerberos 1.9
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">named</span> and <span class="package">bind-dyndb-ldap</span> packages for DNS
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ds-replication</span> package, which requires a separate subscription to the Enterprise Identity Replication product
+					</div></li></ul></div></div><div class="section" id="prerequisites"><div class="titlepage"><div><div><h3 class="title" id="prerequisites">2.2.3. System Prerequisites</h3></div></div></div><div class="para">
+				The IPA server is set up using a configuration script, and this script makes certain assumption about the host system. If the system does not meet these prerequisites, then server configuration may fail.
+			</div><div class="section" id="prereq-ds"><div class="titlepage"><div><div><h4 class="title" id="prereq-ds">2.2.3.1. Directory Server</h4></div></div></div><div class="para">
+					There must not be any instances of 389 Directory Server installed on the host machine.
+				</div></div><div class="section" id="prereq-system"><div class="titlepage"><div><div><h4 class="title" id="prereq-system">2.2.3.2. System Files </h4></div></div></div><div class="para">
+					The server script overwrites system files to set up the IPA domain. The system should be clean, without custom configuration for services like DNS and Kerberos, before configuring the IPA server.
+				</div></div><div class="section" id="prereq-ports"><div class="titlepage"><div><div><h4 class="title" id="prereq-ports">2.2.3.3. System Ports</h4></div></div></div><div class="para">
+					IPA uses a number of ports to communicate with its services. These ports, listed in <a class="xref" href="Preparing_for_an_IPA_Installation.html#tab.ipa-ports">Table 2.2, “IPA Ports”</a>, must be open and available for IPA to work. They cannot be in use by another service or blocked by a firewall. To make sure that these ports are available, try <code class="command">iptables</code> to list the available ports or <code class="command">nc</code>, <code class="command">telnet</code>, or <code class="command">nmap</code> to connect to a port or run a port scan.
+				</div><div class="table" id="tab.ipa-ports"><h6>Table 2.2. IPA Ports</h6><div class="table-contents"><table summary="IPA Ports" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+									Service
+								</th><th>
+									Ports
+								</th></tr></thead><tbody><tr><td>
+									OCSP responder
+								</td><td>
+									9180
+								</td></tr><tr><td>
+									HTTP/HTTPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>80</td></tr><tr><td>443</td></tr></table>
+
+								</td></tr><tr><td>
+									LDAP/LDAPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>389</td></tr><tr><td>636</td></tr></table>
+
+								</td></tr><tr><td>
+									Kerberos<sup>[<a id="ft.udp-tcp" href="#ftn.ft.udp-tcp" class="footnote">a</a>]</sup>
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>88</td></tr><tr><td>464</td></tr></table>
+
+								</td></tr><tr><td>
+									DNS<sup>[<a href="Preparing_for_an_IPA_Installation.html#ftn.ft.udp-tcp" class="footnoteref">a</a>]</sup>
+								</td><td>
+									53
+								</td></tr><tr><td>
+									NTP<sup>[<a id="id2715524" href="#ftn.id2715524" class="footnote">b</a>]</sup>
+								</td><td>
+									123
+								</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
+										This service uses both TCP adn UDP ports.
+									</p></div><div class="footnote"><p><sup>[<a id="ftn.id2715524" href="#id2715524" class="para">b</a>] </sup>
+										This service uses UDP ports only.
+									</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</h4></div></div></div><div class="para">
+					IPA uses DNS for the IPA clients to find (<span class="emphasis"><em>discover</em></span>) the IPA servers. The DNS service can be managed by IPA itself, or IPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and IPA services like, LDAP, Kerberos, and SSL may fail to work.
+				</div><div class="section" id="dns-requirements"><div class="titlepage"><div><div><h5 class="title" id="dns-requirements">2.2.3.4.1. DNS Requirements</h5></div></div></div><div class="para">
+						Regardless of whether the DNS is within the IPA server or external, the server host must have DNS properly configured:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								The server's machine name must be set and resolve to its public IP address. The fully-qualified domain name cannot resolve to the loopback address. It must resolve to the machine's public IP address, not to <code class="systemitem">127.0.0.1</code>. The output of the <code class="command">hostname</code> command cannot be <code class="systemitem">localhost</code> or <code class="systemitem">localhost6</code>.
+							</div></li><li class="listitem"><div class="para">
+								The hostname must be fully qualified. For example, <code class="systemitem">ipa.example.com</code>.
+							</div></li><li class="listitem"><div class="para">
+								The reverse of the address that the hostname resolves to must match the hostname.
+							</div></li><li class="listitem"><div class="para">
+								The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the IPA server, but it does need to be fully functional.
+							</div><div class="para">
+								If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install IPA to automatically configure a suitable DNS.
+							</div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">2.2.3.4.2. IPA-Generated DNS File</h5></div></div></div><div class="para">
+						To help create and configure a suitable DNS setup, the IPA installation script creates a sample zone file. During the installation, IPA displays a message similar to the following:
+					</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
+</pre><div class="para">
+						You should use this file in your DNS zone file.
+					</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">2.2.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
+						<span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in an IPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+					</div><div class="para">
+						<code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific IPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+					</div><div class="para">
+						To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+					</div><pre class="programlisting">positive-time-to-live   group           3600
+negative-time-to-live   group           60
+positive-time-to-live   hosts           3600
+negative-time-to-live   hosts           20
+</pre></div><div class="section" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos">2.2.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
+						The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+					</div><div class="para">
+						If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example: 
+<pre class="programlisting">10.0.0.1    ipa.example.com  ipa</pre>
+						 The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. IPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
+					</div><div class="para">
+						A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The IPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+					</div><div class="para">
+						The IPA installation process includes checks to ensure that the IPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing an IPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the IPA server will use itself as a DNS from that point forward.
+					</div><div class="para">
+						The IPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								DNS forwarders must be specified as IP addresses, not as hostnames.
+							</div></div></div>
+
+					</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Networking</h4></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services">2.2.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
+						The default networking service used by Red Hat Enterprise Linux is NetworkManager, and due to the way this service works, it can cause problems with IPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in an IPA environment and disable the NetworkManager service.
+					</div><div class="orderedlist" id="proc-Enterprise_Identity_Management_Guide-Configuring_Networking_Services-To_configure_networking_services_for_IPA"><ol><li class="listitem"><div class="para">
+								Boot the machine into single-user mode and run the following commands:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManager off; service NetworkManager stop</span></pre></li><li class="listitem"><div class="para">
+								If <code class="systemitem">NetworkManagerDispatcher</code> is installed, ensure that it is stopped and disabled:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop</span></pre></li><li class="listitem"><div class="para">
+								Then, make sure that the <code class="systemitem">network</code> service is properly started. 
+<pre class="programlisting"><span class="perl_Comment"># chkconfig network on; service network start</span></pre>
+
+							</div></li><li class="listitem"><div class="para">
+								Ensure that static networking is correctly configured.
+							</div></li><li class="listitem"><div class="para">
+								Restart the system.
+							</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File">2.2.3.5.2. Configuring the /etc/hosts File</h5></div></div></div><div class="para">
+						You need to ensure that your <code class="filename">/etc/hosts</code> file is configured correctly. A misconfigured file can prevent the IPA command-line tools from functioning correctly and can prevent the IPA web interface from connecting to the IPA server.
+					</div><div class="para">
+						Configure the <code class="filename">/etc/hosts</code> file to list the FQDN for the IPA server <span class="emphasis"><em>before</em></span> any aliases. Also ensure that the hostname is not part of the <code class="literal">localhost</code> entry. The following is an example of a valid hosts file:
+					</div><pre class="programlisting">127.0.0.1	localhost.localdomain	localhost
+::1		localhost6.localdomain6	localhost6
+192.168.1.1	ipaserver.example.com	ipaserver
+</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							Do not omit the <code class="systemitem">IPv4</code> entry in the <code class="filename">/etc/hosts</code> file. This entry is required by the IPA web service.
+						</div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="installing-ipa.html"><strong>Prev</strong>Chapter 2. Installing an IPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Installing_the_IPA_Server_Packages.html"><strong>Next</strong>2.3. Installing the IPA Server Packages</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Uninstalling_IPA_Servers.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Uninstalling_IPA_Servers.html
new file mode 100644
index 0000000..270187b
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Uninstalling_IPA_Servers.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. Uninstalling IPA Servers and Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html" title="2.5. Setting up IPA Replicas" /><link rel="next" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterpri
 se_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="setting-up-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="Uninstalling_IPA_Servers"><div class="titlepage"><div><div><h2 class="title" id="Uninstalling_IPA_Servers">2.6. Uninstalling IPA Servers and Replicas</h2></div></div></div><div class="para">
+			To uninstall both an IPA server and an IPA replica, pass the <code class="option">--uninstall</code> option to the <code class="command">ipa-server-install</code> command: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Prev</strong>2.5. Setting up IPA Replicas</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="setting-up-clients.html"><strong>Next</strong>Chapter 3. Setting up Systems as IPA Clients</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Using_Microsoft_Windows.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Using_Microsoft_Windows.html
new file mode 100644
index 0000000..42db24a
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/Using_Microsoft_Windows.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Configuring a Microsoft Windows System as an IPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /><link rel="prev" href="setting-up-clients.html" title="Chapter 3. Setting up Systems as IPA Clients" /><link rel="next" href="Configuring_an_IPA_Client_on_Solaris.html" title="3.3. Configuring a Solaris System as an IPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="setting
 -up-clients.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Next</strong></a></li></ul><div class="section" id="Using_Microsoft_Windows"><div class="titlepage"><div><div><h2 class="title" id="Using_Microsoft_Windows">3.2. Configuring a Microsoft Windows System as an IPA Client</h2></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				IPA does <span class="emphasis"><em>not</em></span> support Microsoft Windows client authentication.
+			</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+					Download the MIT <span class="productname">Kerberos</span>
+					 3.x package for Windows to a known location, and then run the <code class="filename">kfw-3.x-exe</code> file that you downloaded to start the <span class="application"><strong>MIT Kerberos Installation Wizard</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Read the license agreement and then click <span class="guibutton"><strong>I Agree</strong></span> to accept the agreement.
+				</div></li><li class="listitem"><div class="para">
+					Ensure you choose to install KfW Client; the other components are optional.
+				</div></li><li class="listitem"><div class="para">
+					Accept the default destination path.
+				</div></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Download from web path</strong></span>, and enter the following URL:
+				</div><pre class="programlisting">http://&lt;your IPA server's fully-qualified domain name&gt;/ipa/config/
+</pre></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Autostart the Network Identity Manager each time you login to Windows</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Click <span class="guibutton"><strong>Install</strong></span> to begin the installation. When the installation is complete, click <span class="guibutton"><strong>Finish</strong></span> to exit the Wizard.
+				</div></li><li class="listitem"><div class="para">
+					Edit the hosts file and add the IPA server. For example:
+				</div><pre class="programlisting">&lt;numerical IP address&gt;     ipaserver.example.com   ipaserver
+</pre><div class="para">
+					Depending on the version of Windows, the HOSTS file could be located in different directories. For example:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Windows 2000 Pro: <code class="filename">C:\WINNT\system32\drivers\etc\</code>
+						</div></li><li class="listitem"><div class="para">
+							Windows XP Pro: <code class="filename">C:\WINDOWS\system32\drivers\etc\</code>
+						</div></li></ul></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="setting-up-clients.html"><strong>Prev</strong>Chapter 3. Setting up Systems as IPA Clients</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Next</strong>3.3. Configuring a Solaris System as an IPA Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/active-directory.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/active-directory.html
new file mode 100644
index 0000000..be064b8
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/active-directory.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Identity: Integrating with Microsoft Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="configuring-automount.html" title="9.2. Configuring Automount" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html" title="10.2. Setting up Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-auto
 mount.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">10.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">10.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">10.2. Setting up Active Directory</a></span></dt><dt><span
  class="section"><a href="configuring-active-directory.html">10.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">10.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">10.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">10.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></d
 d><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">10.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">10.7. Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
+		To synchronize user identity information between 389 Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the 389 Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between 389 Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the <em class="parameter"><code>ipaWinSyncUserAttr</code></em> parameter to specify which attributes and values to add to new users that are synchronized from Active Directory.
+	</div><div class="section" id="about-active-directory"><div class="titlepage"><div><div><h2 class="title" id="about-active-directory">10.1. About Active Directory, IPA, and Identity Management</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">10.1.1. Domain Name Considerations</h3></div></div></div><div class="para">
+				IPA clients find, or discover, IPA servers using a process known as <em class="firstterm">Service Discovery</em>. This can occur automatically, using DNS, or manually, by entering the IPA server details during the client configuration phase. If your Active Directory installation is in the same domain as the IPA server, it is possible that when you install IPA clients they will not discover the IPA server, but rather the Active Directory DNS. This means that IPA commands run on the client will fail because the client cannot contact the IPA server.
+			</div><div class="para">
+				To avoid this situation, use a separate domain for your IPA and Active Directory servers. If this is not possible, use the <em class="parameter"><code>--force</code></em> parameter when you run the <code class="command">ipa-client-install</code> script.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-automount.html"><strong>Prev</strong>9.2. Configuring Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong>10.2. Setting up Active Directory</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/adding-users.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/adding-users.html
new file mode 100644
index 0000000..a94069e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/adding-users.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Adding Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="next" href="editing-users.html" title="6.3. Editing Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n
 " href="editing-users.html"><strong>Next</strong></a></li></ul><div class="section" id="adding-users"><div class="titlepage"><div><div><h2 class="title" id="adding-users">6.2. Adding Users</h2></div></div></div><div class="para">
+			IPA supports a wide range of <span class="property">username</span> formats, but you need to be aware of any restrictions that may apply to your particular environment. For example, a <span class="property">username</span> that starts with a digit may cause problems for some UNIX systems.
+		</div><div class="para">
+			The range of <span class="property">username</span> formats supported by IPA can be described by the following regular expression:
+		</div><pre class="screen"><code class="command">[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]</code></pre><div class="para">
+			The trailing $ symbol is permitted for Samba 3.x machine support.
+		</div><div class="para">
+			Use the <code class="command">ipa user-add</code> command to add users to IPA. You can pass attributes directly on the command line, or run the command with no parameters to enter interactive mode. Interactive mode prompts you to enter the basic attributes required to add a new user. You can add further attributes using the <code class="command">ipa user-mod</code> command. Use the <code class="command">ipa user-mod --list</code> command to view a list of the attributes that you can modify using this command.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_the_Command_Line-To_create_the_user_jlamb_using_the_command_line"><h6>Procedure 6.1. To create the user <code class="systemitem">jlamb</code> using the command line:</h6><ul><li class="step"><div class="para">
+					Open a shell and run the following command:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command">$ ipa user-add jlamb --first=John --last=Lamb --password</code></pre>
+
+				</div><div class="para">
+					This will prompt for a password and then complete the new entry with default values.
+				</div></li></ul></div><div class="para">
+			The following example illustrates using the <code class="command">ipa user-add</code> command in interactive mode to create a user account:
+		</div><pre class="screen"># ipa user-add
+First name: Jinny
+Last name: Pattanajee
+User login [jpattanajee]: jpattan
+--------------------
+Added user "jpattan"
+--------------------
+User login: jpattan
+First name: Jinny
+Last name: Pattanajee
+Home directory: /home/jpattan
+GECOS field: jpattan
+Login shell: /bin/sh
+Kerberos principal: jpattan at MYDOMAIN.NET
+UID: 387115841
+</pre><div class="para">
+			Press <span class="keycap"><strong>Enter</strong></span> at each prompt to accept the default values (enclosed in square brackets), or type an alternative.
+		</div><div class="para">
+			Refer to the <code class="command">ipa user-add</code> help page for more information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="users.html"><strong>Prev</strong>Chapter 6. Identity: Managing Users and User Grou...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="editing-users.html"><strong>Next</strong>6.3. Editing Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/authz.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/authz.html
new file mode 100644
index 0000000..cbecc87
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/authz.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Policy: Configuring Authorization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="migrintg-from-nis.html" title="11.3. Migrating from NIS to IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html" title="12.2. HBAC Service Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="migrintg-f
 rom-nis.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="authz" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Policy: Configuring Authorization</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="authz.html#configuring-host-access">12.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">12.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">12.3. HBAC Services</a></span></dt></dl></div><div class="section" id="configuring-host-access"><div class="titlepage"><di
 v><div><h2 class="title" id="configuring-host-access">12.1. Configuring Host-Based Access Control</h2></div></div></div><div class="para">
+			Host-based access control (HBAC) uses <em class="firstterm">rules</em> to determine who can access what services on what hosts and from where. You can use HBAC to control which users or groups on a source host can access a service, or group of services, on a target host. Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
+		</div><div class="para">
+			You can also specify a category of users, target hosts, and source hosts. This is currently limited to "all", but might be expanded in the future.
+		</div><div class="para">
+			The available services and groups of services are controlled by the <code class="systemitem">hbacsvc</code> and <code class="systemitem">hbacsvcgroup</code> plug-ins, respectively.
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="migrintg-from-nis.html"><strong>Prev</strong>11.3. Migrating from NIS to IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong>12.2. HBAC Service Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/automount.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/automount.html
new file mode 100644
index 0000000..c184a65
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/automount.html
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. Identity: Using Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html" title="8.6. Kerberos Errors" /><link rel="next" href="configuring-automount.html" title="9.2. Configuring Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_M
 anagement_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="automount.html#about-automount">9.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">9.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">9.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html">9.2. Configuring Automount</a></span></dt><d
 d><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">9.2.1. Configuring autofs on Linux</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">9.2.1.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">9.2.2. Solaris automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">9.2.2.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Ma
 ps">9.2.3. Configuring Indirect Maps</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">9.2.3.1. Configuring Direct Maps</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">9.2.4. Links</a></span></dt></dl></dd></dl></div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">9.1. About Automount and IPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure <code class="command">automount</code> on <code class="systemitem">Linux</code> and <code class="systemitem">Solaris</code> for use with IPA. It details the procedures and configuration changes necessary to set up <code class="command">automount</code>, the <code class="filename">auto.master</code> file and other map files used by <code class="command">autofs</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">9.1.1. Known Issues with Automount</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Known_Issues_with_Automount-Additional_Schema_Required_for_Some_Systems"><h5 class="formalpara">Additional Schema Required for Some Systems</h5>
+					If you are supporting <code class="systemitem">Solaris</code> clients, you need to use the 2307bis-style <code class="command">automount</code> schema, although Sun's version is NOT identical to the one at <a href="http://people.redhat.com/nalin/schema/autofs.schema">http://people.redhat.com/nalin/schema/autofs.schema</a>.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">9.1.2. Assumptions</h3></div></div></div><div class="para">
+				In order to illustrate the <code class="command">automount</code> configuration procedures, this chapter assumes that: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							The IPA server is correctly installed and operational.
+						</div></li><li class="listitem"><div class="para">
+							The domain is <code class="systemitem">example.com</code>.
+						</div></li><li class="listitem"><div class="para">
+							The NFS server is also configured as an IPA client.
+						</div></li><li class="listitem"><div class="para">
+							You have root access to the server where you want <code class="command">autofs</code> to work. For the purposes of this exercise, this server is called <code class="systemitem">nfsserver.example.com</code>
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">nfsserver.example.com</code> server can communicate with the <code class="systemitem">LDAP</code> server for users and groups.
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">NFS</code> service is running on <code class="systemitem">nfsserver.example.com</code>
+						</div></li></ul></div>
+
+			</div><div class="para">
+				This chapter also assumes that the user has at least a basic understanding of <code class="systemitem">NFS</code> and automount.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Assumptions-NFS_Configuration"><h5 class="formalpara">NFS Configuration</h5>
+					Configuring <code class="systemitem">NFS</code> is beyond the scope of this document. Refer to the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html</a> for information on how to configure <code class="systemitem">NFS</code>.
+				</div><div class="para">
+				The following is an example of a suitable entry in the <code class="filename">/etc/exports</code> file:
+			</div><pre class="programlisting">/home 192.168.1.0/16 (rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
+</pre><div class="para">
+				You should test that you can mount the <code class="filename">/home</code> directory from the command line before proceeding with the <code class="command">automount</code> configuration. This makes troubleshooting easier if the configuration does not work.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Prev</strong>8.6. Kerberos Errors</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong>9.2. Configuring Automount</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/basic-usage.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/basic-usage.html
new file mode 100644
index 0000000..230f361
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/basic-usage.html
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. Basic Usage</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html" title="3.6. Configuring a Macintosh OS X System as an IPA Client" /><link rel="next" href="logging-in.html" title="4.2. Logging into the IPA UI" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Macintosh_OS
 _X.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="logging-in.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="basic-usage.html#using-the-ui">4.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">4.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">4.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="logging-in.html">4.2
 . Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="switching-users.html">4.3. Switching Users</a></span></dt><dt><span class="section"><a href="ipa-files.html">4.4. A Summary of IPA Server Configuration Files and Directories</a></span></dt></dl></div><div class="section" id="using-the-ui"><div class="titlepage"><div><div><h2 class="title" id="using-the-ui">4.1. Using the IPA UI</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">4.1.1. Using a Browser on Another System</h3></div></div></div><div class="para">
+				If you are unable, or prefer not, to update <code class="filename">/etc/krb5.conf</code> with the IPA realm information, you can create another copy and set an appropriate environment variable. You can then run <code class="command">kinit</code> as before and use your browser to connect to IPA. This is especially useful if you need to manage multiple realms, and if you have overlapping domains.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					This procedure is not necessary if you use <code class="command">ipa-client-install</code> to set up your client.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_a_Browser_on_Another_System-To_set_up_a_browser_on_another_system_that_already_has_Kerberos_set_up_for_a_different_realm"><h6>Procedure 4.1. To set up a browser on another system that already has Kerberos set up for a different realm:</h6><ol class="1"><li class="step"><div class="para">
+						Copy the <code class="filename">/etc/krb5.conf</code> file from the IPA server to the client system. Do not overwrite the existing <code class="filename">krb5.conf</code> file. Run the following command on the IPA server:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"> # scp /etc/krb5.conf root at ipaclient:/etc/krb5_ipa.conf </code></pre>
+
+					</div></li><li class="step"><div class="para">
+						On the IPA client, open a shell and run the following commands: 
+<pre class="screen"><code class="command">$ export KRB5_CONFIG=/etc/krb5_ipa.conf</code>
+<code class="command">$ kinit user at EXAMPLE.COM</code>
+<code class="command">$ /usr/bin/firefox</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure and test <span class="application"><strong>Firefox</strong></span>.
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">4.1.2. Enabling Username/Password Authentication in Your Browser</h3></div></div></div><div class="para">
+				If Kerberos authentication fails, the browser login will also fail, preventing access to the IPA web interface. You can configure IPA to display a username/password authentication dialog box if this situation occurs.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Enabling_UsernamePassword_Authentication_in_Your_Browser-To_enable_failover_to_usernamepassword_authentication"><h6>Procedure 4.2. To enable failover to username/password authentication:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file, and change the <em class="parameter"><code>KrbMethodK5Passwd</code></em> attribute from <code class="literal">off</code> to <code class="literal">on</code>.
+					</div></li><li class="step"><div class="para">
+						Restart the <code class="systemitem">httpd</code> service: 
+<pre class="screen"><code class="command"># service httpd restart</code></pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							You need to perform this procedure on all of the IPA servers in your deployment.
+						</div></li><li class="listitem"><div class="para">
+							This change may not be preserved between IPA updates.
+						</div></li></ul></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Prev</strong>3.6. Configuring a Macintosh OS X System as an IP...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging-in.html"><strong>Next</strong>4.2. Logging into the IPA UI</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/certs.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/certs.html
new file mode 100644
index 0000000..b061d5e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/certs.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.5. Configuring Certificate-Based Machine Authentication</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="prev" href="config-virt-machines.html" title="5.4. Reconfiguring Virtual Machines" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html" title="5.6. Client Problems" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
 ef="config-virt-machines.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Next</strong></a></li></ul><div class="section" id="certs"><div class="titlepage"><div><div><h2 class="title" id="certs">5.5. Configuring Certificate-Based Machine Authentication</h2></div></div></div><div class="para">
+			IPA v2 extends the scope of authentication to include machines on the network. Machine authentication is required for the IPA server to trust the machine and to accept IPA connections from the client software installed on that machine. After authenticating the client, the IPA server can respond to its requests.
+		</div><div class="para">
+			IPA supports two different approaches to machine authentication: Key Tables (or <em class="firstterm">keytabs</em>, a symmetric key resembling to some extent a user password); and Machine Certificates. IPA clients use XML-RPC calls to request keytabs and certificates. Keys and certificate requests are generated on machines applying for certificates. Certificates are generated by the CA, in response to certificate requests submitted to IPA and stored in IPA's DS, and at the same time delivered to the machine for use in PKI machine authentication.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">5.5.1. Authentication Usage Scenarios</h3></div></div></div><div class="para">
+				Usage scenarios are split into the following categories:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Deployment of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Authentication using machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Revocation of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Renewal of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Recovery from destruction of IPA server
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="config-virt-machines.html"><strong>Prev</strong>5.4. Reconfiguring Virtual Machines</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Next</strong>5.6. Client Problems</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
new file mode 100644
index 0000000..f19b64b
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix A. Frequently Asked Questions</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="logging.html" title="14.13. IPA Server Logging" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong><
 /a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2925106">
+					Is it possible to change the IP address of the master server?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2913204">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2983030">
+					What is the difference between a replica and a master server?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2955648">
+					Can I promote a replica to function as the master? How?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3019888">
+					Why does the ipa-client-install script fail to find the IPA server on a network that uses Active Directory DNS?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2743740">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</a></dt></dl><div class="qandaset"><div id="id2925106" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Is it possible to change the IP address of the master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. If you are only changing the IP address then it is sufficient to update the <code class="filename">/etc/hosts</code> file, the system configuration and the DNS entry.
+				</div></div></div></div><div id="id2913204" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					User and group name lengths are specified in the policy. The default maximum username length is 32 characters. The maximum configurable length for user or group names is 255 characters. This restriction was introduced because some non-Linux operating systems have limitations on the length of username that they can support.
+				</div><div class="para">
+					You can modify these settings either in the user interface or on the command line. For example, to specify the maximum username length, run the following command: <code class="command">ipa config-mod  --maxusername=INT</code>
+				</div></div></div></div><div id="id2983030" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					What is the difference between a replica and a master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					The only difference between a replica and the initial IPA install (the "master") is that the first server owns the self-signed CA.
+				</div></div></div></div><div id="id2955648" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can I promote a replica to function as the master? How?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. Refer to <a class="xref" href="promoting-replica.html">Section 14.12, “Promoting a Read-Only Replica to an IPA Server”</a>.
+				</div></div></div></div><div id="id3019888" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why does the <code class="command">ipa-client-install</code> script fail to find the IPA server on a network that uses Active Directory DNS?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					This is probably due to the fact that Active Directory has its own SRV records for Kerberos and LDAP, and so the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
+				</div></div></div></div><div id="id2743740" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes, assuming that Servers A and B contain non-cloned CAs whose portion of internal storage has been replicated to share revocation information only.
+				</div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong>14.13. IPA Server Logging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Next</strong>Appendix B. Services: Working with certmonger</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html
new file mode 100644
index 0000000..81b7230
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. Setting up IPA Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="prev" href="creating-server.html" title="2.4. Creating an IPA Server Instance" /><link rel="next" href="Uninstalling_IPA_Servers.html" title="2.6. Uninstalling IPA Servers and Replicas" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="creating-server.html"><strong>Prev</strong></a></li>
 <li class="next"><a accesskey="n" href="Uninstalling_IPA_Servers.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">2.5. Setting up IPA Replicas</h2></div></div></div><div class="para">
+			In the IPA domain, there are three types of machines:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Servers, which manage all of the services used by domain members
+				</div></li><li class="listitem"><div class="para">
+					Replicas, which are essentially read-only clones of servers
+				</div></li><li class="listitem"><div class="para">
+					Clients, which belong to the Kerberos domains, receive certificates and tickets issued by the servers, and use other centralized services for authentication and authorization
+				</div></li></ul></div><div class="para">
+			A replica is a clone of a specific IPA server. The server and replica share the same internal information about users, machines, certificates, and configured policies. These data are copied from the server to the replica in a process called <span class="emphasis"><em>replication</em></span>. The two Directory Server instances used by an IPA server — the Directory Server instance used by the IPA server as a data store and the Directory Server instance used by the Dogtag Certificate System to store certificate information — are replicated over to corresponding consumer Directory Server instances used by the IPA replica.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				Replication is possible by default with IPA in Red Hat Enterprise Linux. A separate package, <code class="filename">ds-replication</code>, needs to be installed to enable replication.
+			</div></div></div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+				If you are using the integrated Dogtag Certificate System instance as the CA for the IPA domain, then it is possible to make a replica of a replica. It is <span class="emphasis"><em>not</em></span> possible to make a replica of a replica if you use the <code class="option">--selfsign</code> option for the original IPA server.
+			</div></div></div><div class="section" id="installing-replica"><div class="titlepage"><div><div><h3 class="title" id="installing-replica">2.5.1. Prepping and Installing the Replica Server</h3></div></div></div><div class="para">
+				Replicas are functionally the same as IPA servers, so they have the same installation requirements and packages.
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Make sure that the machine meets all of the prerequisites listed in <a class="xref" href="Preparing_for_an_IPA_Installation.html">Section 2.2, “Preparing to Install the IPA Server”</a>.
+					</div></li><li class="listitem"><div class="para">
+						Install the server packages as in <a class="xref" href="Installing_the_IPA_Server_Packages.html">Section 2.3, “Installing the IPA Server Packages”</a>. However, do <span class="emphasis"><em>not</em></span> run the <code class="command">ipa-server-install</code> script.
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							The replica and the master server must be running the same version of IPA.
+						</div></div></div></li><li class="listitem"><div class="para">
+						If there is an existing Dogtag Certificate System or Red Hat Certificate System instance on the replica machine, make sure that port <code class="systemitem">7389</code> is free. This port is used by the master IPA server to communicate with the replica.
+					</div></li></ul></div></div><div class="section" id="creating-the-replica"><div class="titlepage"><div><div><h3 class="title" id="creating-the-replica">2.5.2. Creating the Replica</h3></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					Make sure that the replica machine exists in the server's DNS <span class="emphasis"><em>before</em></span> beginning to configure the replica. If the server cannot contact the replica machine during the configuration process, then the replica configuration fails.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						C\On the master server, create a <span class="emphasis"><em>replica information file</em></span>. This contains realm and configuration information taken from the master server which will be used to configure the replica server.
+					</div><div class="para">
+						Run the <code class="command">ipa-replica-repare</code> command <span class="emphasis"><em>on the master IPA server</em></span>. The command requires the fully-qualified domain name of the <span class="emphasis"><em>replica</em></span> machine.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-replica-prepare ipareplica.example.com</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+Determining current realm name
+Getting domain name from LDAP
+Preparing replica <span class="perl_Keyword">for</span> ipareplica.example.com from ipaserver.example.com
+Creating SSL certificate <span class="perl_Keyword">for</span> the Directory Server
+Creating SSL certificate <span class="perl_Keyword">for</span> the Web Server
+Copying additional files
+Finalizing configuration
+Packaging the replica into replica-info-ipareplica.example.com
+</pre><div class="para">
+						Each replica information file is created in the <code class="filename">/var/lib/ipa/</code> directory as a GPG-encrypted file. Each file is named specifically for the replica server for which it is intended, such as <code class="filename">replica-info-ipareplica.example.com.gpg</code>.
+					</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+							A replica information file cannot be used to create multiple replicas. It can only be used for the specific replica and machine for which it was created.
+						</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+							Replica information files contain sensitive information. Take appropriate steps to ensure that they are properly protected.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Copy the replica information file to the replica server:
+					</div><pre class="programlisting"><span class="perl_Comment"># scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root at ipareplica:/var/lib/ipa/</span></pre></li><li class="listitem"><div class="para">
+						On the replica server, run the replica installation script, referencing the replication information file:
+					</div><div class="para">
+						
+<pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre>
+
+					</div><div class="para">
+						The replica installation script runs a test to ensure that the replica file being installed matches the current hostname. If they do not match, the script returns a warning message and asks for confirmation. This could occur on a multi-homed machine, for example, where mismatched hostnames may not be an issue.
+					</div></li><li class="listitem"><div class="para">
+						Enter the Directory Manager password when prompted. The script then configures a Directory Server instance based on information in the replica information file and initiates a replication process to copy over data from the master server to the replica, a process called <span class="emphasis"><em>initialization</em></span>.
+					</div></li><li class="listitem"><div class="para">
+						Once the installation process completes, update the DNS entries so that IPA clients can discover the new server. For example, for an IPA replica with a hostname of <code class="systemitem">ipareplica.example.com</code>:
+					</div><pre class="programlisting">_ldap._tcp             IN SRV 0 100 389	ipareplica.example.com
+_kerberos._tcp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos._udp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._tcp  IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._udp  IN SRV 0 100 88 ipareplica.example.com
+_kpasswd._tcp          IN SRV 0 100 464 ipareplica.example.com
+_kpasswd._udp          IN SRV 0 100 464 ipareplica.example.com
+_ntp._udp              IN SRV 0 100 123 ipareplica.example.com
+</pre></li><li class="listitem"><div class="para">
+						<span class="emphasis"><em>Optional.</em></span> Set up DNS services for the replica. These are not configured by the setup script, even if the master server uses DNS.
+					</div><div class="para">
+						Use the <code class="command">ipa-dns-install</code> command to install the DNS manually, then use the the <code class="command">ipa dnsrecord-add</code> command to add the required DNS records. For example: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-dns-install</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+$ ipa dnsrecord-add example.com @ --ns-rec ipareplica.example.com.</pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							Use the fully-qualified domain name of the replica, including the final period (.), otherwise BIND will treat the hostname as relative to the domain.
+						</div></div></div></li></ol></div></div><div class="section" id="troubleshooting-replica-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-replica-install">2.5.3. Troubleshooting Replica Installation</h3></div></div></div><div class="para">
+				If the replica installation fails on step 3 (<span class="bold bold"><strong>[3/11]: configuring certificate server instance</strong></span>), that usually means that the required port is not available. This can be verified by checking the debug logs for the CA, <code class="filename">/var/log/pki-ca/debug</code>, which may show error messages about being unable to find certain entries. For example: 
+<pre class="screen">[04/Feb/2011:22:29:03][http-9445-Processor25]: DatabasePanel
+comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</pre>
+
+			</div><div class="para">
+				The only resolution is to uninstall the replica: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+			</div><div class="para">
+				After uninstalling the replica, ensure that port 7389 on the replica is available, and retry the replica installation.
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="creating-server.html"><strong>Prev</strong>2.4. Creating an IPA Server Instance</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Uninstalling_IPA_Servers.html"><strong>Next</strong>2.6. Uninstalling IPA Servers and Replicas</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/config-virt-machines.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/config-virt-machines.html
new file mode 100644
index 0000000..dbb9492
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/config-virt-machines.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.4. Reconfiguring Virtual Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="prev" href="renaming-machines.html" title="5.3. Renaming Machines" /><link rel="next" href="certs.html" title="5.5. Configuring Certificate-Based Machine Authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="renaming-machines.html"><strong>Prev</strong></a></li><l
 i class="next"><a accesskey="n" href="certs.html"><strong>Next</strong></a></li></ul><div class="section" id="config-virt-machines"><div class="titlepage"><div><div><h2 class="title" id="config-virt-machines">5.4. Reconfiguring Virtual Machines</h2></div></div></div><div class="para">
+			There are two cases where it might be necessary to reconfigure a VM enrolled in an IPA domain: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The VM is copied.
+					</div></li><li class="listitem"><div class="para">
+						The VM is migrated from one IPA domain to another.
+					</div><div class="para">
+						This means that there is an IPA configuration that needs to be removed and the machine needs to be enrolled in the new realm.
+					</div></li></ul></div>
+
+		</div><div class="para">
+			In each case, the procedure is identical to that described for renaming an IPA machine: <a class="xref" href="renaming-machines.html#proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine">Procedure 5.3, “To rename an IPA machine:”</a>. Although it is possible to <span class="emphasis"><em>not</em></span> completely unconfigure the client, there is no real downside to doing this (that is, running the <code class="command">ipa-client-install --uninstall</code> command).
+		</div><div class="para">
+			If you cannot use the <code class="command">ipa-client-install --uninstall</code> command, or it is failing for some reason, use the following manual procedure to remove the IPA configuration from the client. Bear in mind, however, that this procedure cannot be undone:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Remove the old hostname from the main keytab. This method removes *ALL* principals in the domain: 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -r EXAMPLE.COM</code></pre>
+
+				</div><div class="para">
+					To remove on a per-principal basis (per-principal and per-encryption type): 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -p host/server.example.com at EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Disable certificate tracking in <code class="systemitem">certmonger</code>: 
+<pre class="programlisting"><code class="command">$ ipa-getcert stop-tracking -n Server-Cert -d /etc/pki/nssdb</code></pre>
+
+				</div><div class="para">
+					If there are any additional certificates being tracked by <code class="systemitem">certmonger</code>, you need to perform this step for each nickname and database pair.
+				</div></li><li class="step"><div class="para">
+					Remove the old host from IPA. This is not strictly required but it is certainly cleaner. 
+<pre class="programlisting"><code class="command">$ ipa host-del <em class="replaceable"><code>HOSTNAME</code></em></code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Add the new host to IPA, or re-join using administrator privileges: 
+<pre class="programlisting"><code class="command">$ ipa-join</code></pre>
+
+				</div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="renaming-machines.html"><strong>Prev</strong>5.3. Renaming Machines</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="certs.html"><strong>Next</strong>5.5. Configuring Certificate-Based Machine Authen...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-active-directory.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-active-directory.html
new file mode 100644
index 0000000..dba8355
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-active-directory.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. Configuring Active Directory Synchronization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html" title="10.2. Setting up Active Directory" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html" title="10.4. Creating Synchronization Agreements" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.re
 dhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-active-directory"><div class="titlepage"><div><div><h2 class="title" id="configuring-active-directory">10.3. Configuring Active Directory Synchronization</h2></div></div></div><div class="para">
+			The Windows Sync plug-in is installed on the IPA server, and enables one-way replication of users and groups from Windows to IPA. The <code class="command">ipa-server-install</code> script automatically installs the plug-in configuration entry and enables it by default. The Windows Sync plug-in is only ever called if Windows Sync is used.
+		</div><div class="para">
+			The passsync plug-in for Windows uses a standard <code class="command">ldapmodify</code> operation to change users' passwords. These operations take effect immediately, and are still normally subject to password policy settings. When the special user used by passsync sets the password, these password policies should be bypassed and the password should not be set to immediately expire, as is the case when a normal administrator resets a user password. To achieve this, you need to add a list of passSync Manager DNs to the password plug-in configuration. These users will be exempt from password policy enforcement in the same way that the Directory Manager is exempt. This currently requires a manual configuration, as follows:
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Windows_Sync_on_the_IPA_Server-To_add_a_list_of_passSync_Manager_DNs_to_the_password_plug_in_configuration"><h6>Procedure 10.2. To add a list of passSync Manager DNs to the password plug-in configuration:</h6><ol class="1"><li class="step"><div class="para">
+					As Directory Manager, modify the entry <em class="parameter"><code>cn=ipa_pwd_extop,cn=plugins,cn=config</code></em>
+				</div></li><li class="step"><div class="para">
+					Add or update the <em class="parameter"><code>passSyncManagersDNs</code></em> attribute. This is a multi-valued list of DNs that bypass password policy.
+				</div></li></ol></div><div class="para">
+			The following is an example of adding the new entry <code class="literal">uid=admin</code>:
+		</div><pre class="screen">% ldapmodify -x -D "cn=Directory Manager" -W
+Enter LDAP Password: *******
+dn: cn=ipa_pwd_extop,cn=plugins,cn=config
+changetype: modify
+add: passSyncManagersDNs
+passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=example,dc=com
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The entry <em class="parameter"><code>cn=Directory Manager</code></em> always bypasses policy and does not need to be explicitly listed.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Prev</strong>10.2. Setting up Active Directory</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Next</strong>10.4. Creating Synchronization Agreements</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-automount.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-automount.html
new file mode 100644
index 0000000..91f7b79
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-automount.html
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Configuring Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="automount.html" title="Chapter 9. Identity: Using Automount" /><link rel="prev" href="automount.html" title="Chapter 9. Identity: Using Automount" /><link rel="next" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</strong></a></li
 ><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">9.2. Configuring Automount</h2></div></div></div><div class="para">
+			IPA natively supports automount and so only minimal configuration is required. IPA 2.0 also introduces the concept of a <em class="firstterm">location</em>, which allows for different sets of maps for different purposes, or locations. 
+			<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					You can direct different clients to use different map sets. These map sets use a tree structure, which means that you cannot share maps between locations.
+				</div></div></div>
+			 Any extra steps required for configuring automount on Linux or Solaris are described below. Refer to the <code class="command">ipa help automount</code> help page for more information and a list of available commands.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">9.2.1. Configuring autofs on Linux</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-To_configure_autofs_on_Linux"><h6>Procedure 9.1. To configure autofs on Linux:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/sysconfig/autofs</code> file as follows. This specifies the attributes that <code class="command">autofs</code> searches for:
+					</div><pre class="programlisting">#
+# Other common LDAP naming
+#
+MAP_OBJECT_CLASS="automountMap"
+ENTRY_OBJECT_CLASS="automount"
+MAP_ATTRIBUTE="automountMapName"
+ENTRY_ATTRIBUTE="automountKey"
+VALUE_ATTRIBUTE="automountInformation"
+</pre></li><li class="step"><div class="para">
+						You also need to specify which <code class="systemitem">LDAP</code> server to use, and the <em class="parameter"><code>basedn</code></em> for <code class="systemitem">LDAP</code> searches:
+					</div><pre class="programlisting">LDAP_URI="ldap://ipa.example.com"
+SEARCH_BASE="cn=&lt;location&gt;,cn=automount,dc=example,dc=com"
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							The default value for <em class="parameter"><code>location</code></em> is <code class="literal">default</code>.
+						</div></div></div></li><li class="step"><div class="para">
+						Save the file and restart <code class="systemitem">autofs</code>:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># service autofs restart</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">9.2.1.1. Testing the Configuration</h4></div></div></div><div class="para">
+					Test the configuration by attempting to list a user's <code class="filename">/home</code> directory:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+				</div><div class="para">
+					If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors or other indications of what the problem might be. You can also increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">9.2.2. Solaris automount</h3></div></div></div><div class="para">
+				The following procedure describes the steps required to configure <code class="command">automount</code> for <code class="systemitem">Solaris</code>.
+			</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+						If the <code class="systemitem">NFS</code> server is running on <code class="systemitem">Linux</code>, you need to specify on the <code class="systemitem">Solaris</code> machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
+					</div><pre class="programlisting">NFS_CLIENT_VERSMAX=3
+</pre></li><li class="step"><div class="para">
+						IPA does not configure automount by default, so you need to use the <code class="command">ldapclient</code> command to manually configure your host to use LDAP:
+					</div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none \
+-a defaultSearchBase=dc=example,dc=com \
+-a defaultServerList=ipa.example.com \
+-a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com \
+-a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com \
+-a serviceSearchDescriptor=auto_master:automountMapName=auto.master, \
+	cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a serviceSearchDescriptor=auto_home:automountMapName=auto_home, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a objectClassMap=shadow:shadowAccount=posixAccount \
+-a searchTimelimit=15 \
+-a bindTimeLimit=5
+</pre></li><li class="step"><div class="para">
+						Enable <code class="command">automount</code> as follows:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># svcadm enable svc:/system/filesystem/autofs</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">9.2.2.1. Testing the Configuration</h4></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Testing_the_Configuration-_To_test_the_automount_configuration_run_the_following_commands_"><h6>Procedure 9.2.  To test the <code class="command">automount</code> configuration, run the following commands: </h6><ol class="1"><li class="step"><div class="para">
+							
+<pre class="screen"><code class="command"># ldapclient -l auto_master</code>
+dn: automountkey=/home,automountmapname=auto.master,cn=&lt;location&gt;,cn=automount,dc=example,dc=com
+objectClass: automount
+objectClass: top
+automountKey: /home
+automountInformation: auto.home
+</pre>
+
+						</div></li><li class="step"><div class="para">
+							Attempt to list a user's <code class="filename">/home</code> directory:
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+						</div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">9.2.3. Configuring Indirect Maps</h3></div></div></div><div class="para">
+				An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
+			</div><div class="para">
+				The following example creates an indirect map for <code class="filename">/usr/man</code> using the built-in IPA commands. This creates a single indirect map, <code class="filename">/usr/man/man1</code>, which:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Creates a new <code class="command">automount</code> map called <code class="filename">auto.man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds <code class="filename">auto.man</code> to <code class="filename">auto.master</code> on the mount point <code class="filename">/usr/man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds an indirect mount of <code class="filename">man1</code> to <code class="filename">auto.man</code>
+					</div></li></ul></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-How_to_create_an_indirect_map"><h6>Procedure 9.3. How to create an indirect map:</h6><ol class="1"><li class="step"><div class="para">
+						Create a new location:
+					</div><pre class="screen"><code class="command">$ ipa automountlocation-add baltimore</code>
+  Location: baltimore</pre></li><li class="step"><div class="para">
+						Create a map for man pages:
+					</div><pre class="screen"><code class="command">$ ipa automountmap-add baltimore auto.man</code>
+  Map: auto.man</pre></li><li class="step"><div class="para">
+						Add this map to the location's auto.master on the mount point /usr/man:
+					</div><pre class="screen"><code class="command">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man</code>
+  Key: /usr/man
+  Mount information: auto.man</pre></li></ol></div><div class="para">
+				Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
+			</div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
+/etc/auto.master:
+/-      /etc/auto.direct
+/usr/man        /etc/auto.man
+---------------------------
+/etc/auto.direct:
+---------------------------
+/etc/auto.man:</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_an_Indirect_Map_on_Solaris"><h5 class="formalpara">Configuring an Indirect Map on Solaris</h5>
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
+  cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">9.2.3.1. Configuring Direct Maps</h4></div></div></div><div class="para">
+					Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
+				</div><div class="para">
+					To add a direct map configuration, IPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
+				</div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automount
+    automountKey: '/-'
+    automountInformation: auto.direct
+</pre><pre class="programlisting">automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automountMap
+    automountMapName: auto.direct
+</pre><div class="para">
+					Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
+				</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Direct_Maps-How_to_create_a_direct_map"><h6>Procedure 9.4. How to create a direct map:</h6><ol class="1"><li class="step"><div class="para">
+							Create a new location:
+						</div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
+  Location: brisbane</pre></li><li class="step"><div class="para">
+							Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
+						</div><pre class="screen"><code class="command">$ ipa automountkey-add brisbane auto.direct --key=/share \</code>
+  <code class="command">--info="-ro,soft, ipaserver.ipadocs.org:/home/share"</code>
+  Key: /share
+  Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">9.2.4. Links</h3></div></div></div><div class="para">
+				The following pages were used as references for this work:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://efod.se/blog/archive/2006/06/27/autofs-and-ldap">http://efod.se/blog/archive/2006/06/27/autofs-and-ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://www.linuxjournal.com/article/6266">http://www.linuxjournal.com/article/6266</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/showthread.php?t=138992">http://forums.fedoraforum.org/showthread.php?t=138992</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap">http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide">http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide</a>
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</strong>Chapter 9. Identity: Using Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong>Chapter 10. Identity: Integrating with Microsoft ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-sudo.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-sudo.html
new file mode 100644
index 0000000..1bcaf93
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/configuring-sudo.html
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. Configuring sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="sudo.html" title="Chapter 13. Policy: Using sudo" /><link rel="prev" href="sudo.html" title="Chapter 13. Policy: Using sudo" /><link rel="next" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sudo.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="server-config.ht
 ml"><strong>Next</strong></a></li></ul><div class="section" id="configuring-sudo"><div class="titlepage"><div><div><h2 class="title" id="configuring-sudo">13.2. Configuring sudo</h2></div></div></div><div class="para">
+			To fully implement Sudo rules, you need to perform various configuration steps on both the IPA server and client. You should first create a <em class="firstterm">Sudo command object</em>, and optionally create any <em class="firstterm">Sudo command groups</em>. Finally, create a <em class="firstterm">Sudo rule</em>, which should contain at least the following components: 
+			<div class="itemizedlist"><div class="para">
+					One or more:
+				</div><ul><li class="listitem"><div class="para">
+						users or groups of users
+					</div></li><li class="listitem"><div class="para">
+						hosts or groups of hosts
+					</div></li><li class="listitem"><div class="para">
+						commands or groups of commands
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These steps are described in detail in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">13.2.1. Server Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules"><h6>Procedure 13.1. How to configure your server to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Set up a host group, and add the client to the host group:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add bne_doc</code>
+  Description: BNE Documentation hosts
+  -------------------------------
+  Added hostgroup "bne_doc"
+  -------------------------------
+  Host-group: bne_doc
+  Description: BNE Documentation hosts</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add-member bne_doc --hosts ipaclient.ipadocs.org</code>
+  Host-group: bne_doc
+  Description: BNE Documentation hosts
+  Member hosts: ipaclient.ipadocs.org
+-------------------------
+Number of members added 1
+-------------------------</pre></li></ol></li><li class="step"><div class="para">
+						Set up a user group, and add the required users to this group. This procedure assumes that the IPA users already exist:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa group-add translators</code>
+  Description: Translation team
+  -------------------------
+  Added group "translators"
+  -------------------------
+  Group name: translators
+  Description: Translation team
+  GID: 1014000006</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa group-add-member translators --users yhuang,klim,hchoi</code>
+    Group name: translators
+    Description: Translation team
+    GID: 1014000006
+    Member users: yhuang, klim, hchoi
+-------------------------
+Number of members added 3
+-------------------------
+</pre></li></ol></li><li class="step"><div class="para">
+						Set up a bind user. This requires setting the password for the <code class="command">sudo</code> bind user. 
+<pre class="screen"><code class="command">$ LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipaserver.ipadocs.org -ZZ \</code>
+  <code class="command">-D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org</code>
+    New password: &lt;sudo user's password&gt;
+    Re-enter new password: &lt;sudo user's password&gt;
+    Enter LDAP Password: &lt;Directory Manager's password&gt;
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Set up the Sudo commands.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add one or more logically-related Sudo commands: 
+<pre class="screen"><code class="command">$ ipa sudocmd-add --desc 'For reading log files' '/usr/bin/less'</code>
+----------------------------------
+Added sudo command "/usr/bin/less"
+----------------------------------
+  Sudo Command: /usr/bin/less
+  Description: For reading log files</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add a suitable Sudo command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add --desc 'Read-only commands' readonly</code>
+-----------------------------------
+Added sudo command group "readonly"
+-----------------------------------
+  Sudo Command Group: readonly
+  Description: Read-only commands</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the command to the command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add-member --sudocmds '/usr/bin/less' readonly</code>
+  Sudo Command Group: readonly
+  Description: Read-only commands
+  Member Sudo commands: /usr/bin/less
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the Sudo rules.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add readonly-commands</code>
+-----------------------------------
+Added sudo rule "readonly-commands"
+-----------------------------------
+  Rule name: readonly-commands
+  Enabled: TRUE
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the allowable commands. These are the commands enabled by this Sudo rule when it is active. 
+<pre class="screen">$ ipa sudorule-add-allow-command --sudocmdgroups readonly readonly-commands
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the hosts. These are the hosts and host groups to which this Sudo rule applies when it is active. 
+<pre class="screen"><code class="command">$ ipa sudorule-add-host --hostgroups bne_doc readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the users (or groups of users). These are the IPA users affected by this Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add-user --groups translators readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Groups: translators
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">13.2.2. Client Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-How_to_configure_your_client_to_use_Sudo_rules"><h6>Procedure 13.2. How to configure your client to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Configure <code class="command">sudo</code> to look to LDAP for the <code class="filename">sudoers</code> file. Add the following line to <code class="filename">/etc/nsswitch.conf</code>: 
+<pre class="programlisting">sudoers:  ldap</pre>
+
+					</div><div class="para">
+						You can still use the local <code class="filename">/etc/sudoers</code> file in preference to the LDAP version. The following configuration uses the local file before referring to LDAP to find <code class="command">sudo</code> rules: 
+<pre class="programlisting">sudoers:  files ldap</pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure SSSD to look for NIS netgroups.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following line immediately after the <em class="parameter"><code>ipa_server</code></em> entry in the <code class="filename">/etc/sssd/sssd.conf</code> file: 
+<pre class="programlisting">ldap_netgroup_search_base = cn=ng,cn=compat,dc=ipadocs,dc=org</pre>
+
+							</div></li><li class="step"><div class="para">
+								Restart the SSSD daemon: 
+<pre class="screen"><code class="command"># service sssd restart</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Edit the LDAP configuration file for <code class="command">sudo</code>:
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following lines to the <code class="filename">/etc/nss_ldap.conf</code> file. You may have to create this file if it does not already exist: 
+<pre class="programlisting">sudoers_base ou=SUDOers,dc=ipadocs,dc=org
+binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org
+bindpw &lt;sudo user's password&gt;
+ssl start_tls
+tls_cacertfile /etc/ipa/ca.crt
+tls_checkpeer yes
+bind_timelimit 5
+timelimit 15
+uri ldap://ipaserver.ipadocs.org
+</pre>
+								 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+										The sudo user's password in this configuration is the same password you set up in <a class="xref" href="configuring-sudo.html#proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules">Procedure 13.1, “How to configure your server to use Sudo rules:”</a>.
+									</div></div></div>
+
+							</div><div class="para">
+								If desired, you can also add the <em class="parameter"><code>sudoers_debug</code></em> parameter to this file to assist with any troubleshooting processes. Valid values for this parameter are 0, 1, and 2. Refer to <a href="http://www.gratisoft.us/sudo/readme_ldap.html">http://www.gratisoft.us/sudo/readme_ldap.html</a> for more information.
+							</div></li><li class="step"><div class="para">
+								To support compatibility with the legacy configuration, create the following symbolic link: 
+<pre class="screen"><code class="command"># ln -s /etc/nss_ldap.conf /etc/ldap.conf</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the NIS domain. Sudo still utilizes NIS netgroups, and so to support the client-side identification of NIS netgroup domains, you need to define your NIS domain name, as follows: 
+<pre class="screen"><code class="command"># nisdomainname example.com</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">13.2.2.1. NIS Configuration Notes</h4></div></div></div><div class="para">
+					Originally called <em class="firstterm">Yellow Pages (YP)</em>, NIS was created by Sun Microsystems and stands for Network Information Service. It was primarily used by UNIX to centrally manage authentication and enumeration information such as user/password, host/IP address, POSIX groups, and netgroups. NIS (the service) does not actually need to be configured on either the client or the server. Not only is it unnecessary, but might be considered a security risk if it were running. NIS is an RPC service and is insecure by today's standards, partly because: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								It provides no host authentication mechanisms
+							</div></li><li class="listitem"><div class="para">
+								It transmits all of its information over the network unencrypted, including password hashes
+							</div></li></ul></div>
+
+				</div><div class="para">
+					Modern Linux/BSD systems implement the <em class="firstterm">Name Service Switch (NSS)</em>, which provides a means of controlling and directing look ups for authentication and enumeration information.
+				</div><div class="para">
+					The IPA LDAP implementation provides the schema to support NIS as defined in <a href="http://tools.ietf.org/html/rfc2307">RFC 2307</a>. NIS objects are automatically created inside of LDAP and NSS_LDAP, or SSSD fetches them using an encrypted LDAP connection.
+				</div><div class="para">
+					Utilizing SSSD or NSS_LDAP, a client system can enumerate the necessary NIS information using authenticated and encrypted queries to the back end LDAP service provided by the IPA Server. This eliminates the need for NIS client configuration for systems that can support NIS using LDAP when utilizing IPA.
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sudo.html"><strong>Prev</strong>Chapter 13. Policy: Using sudo</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="server-config.html"><strong>Next</strong>Chapter 14. Configuring the IPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/creating-roles.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/creating-roles.html
new file mode 100644
index 0000000..b176f9e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/creating-roles.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.2. Creating Roles</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="next" href="self-service.html" title="14.3. Defining Self-Service Settings" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="server-config.html"><strong>Prev</strong></a></li><li class="next">
 <a accesskey="n" href="self-service.html"><strong>Next</strong></a></li></ul><div class="section" id="creating-roles"><div class="titlepage"><div><div><h2 class="title" id="creating-roles">14.2. Creating Roles</h2></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_an_IPA_Role-To_set_up_a_new_role"><h6>Procedure 14.1. To set up a new role:</h6><ol class="1"><li class="step"><div class="para">
+					Add the new role:
+				</div><pre class="screen"><code class="command"># ipa role-add --desc="User Administrator" useradmin</code>
+  ------------------------
+  Added role "useradmin"
+  ------------------------
+  Role name: useradmin
+  Description: User Administrator</pre></li><li class="step"><div class="para">
+					Add the required privileges to the role:
+				</div><pre class="screen"><code class="command"># ipa role-add-privilege --privileges="User Administrators" useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Privileges: user administrators
+  ----------------------------
+  Number of privileges added 1
+----------------------------
+</pre></li><li class="step"><div class="para">
+					Add the required groups to the role. In this case, we are adding only a single group, <code class="systemitem">useradmin</code>, which already exists.
+				</div><pre class="screen"><code class="command"># ipa role-add-member --groups=useradmins useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Member groups: useradmins
+  Privileges: user administrators
+  -------------------------
+  Number of members added 1
+-------------------------
+</pre></li></ol></div><div class="para">
+			The result of this procedure is that any user in the <code class="systemitem">useradmins</code> group can add, modify, and remove users, change user passwords, add users to the default group, and unlock user accounts. You can use the <code class="command">ipa privilege-show</code> command to determine exactly which command set the user or group can access: 
+<pre class="screen"><code class="command"># ipa privilege-show 'user administrators'</code>
+  Privilege name: User Administrators
+  Description: User Administrators
+  Permissions: add users, change a user password, add user to default group, unlock user accounts,
+  remove users, modify users
+  Granting privilege to roles: useradmin</pre>
+
+		</div><div class="para">
+			As the needs of your enterprise change, you may need to modify the roles that you have established. For example, you may need to change the members of the role, or change the privileges associated with the role. You can use the <code class="command">ipa role-*</code> commands to perform these functions. For example, to remove an existing privilege from a role, use the <code class="command">ipa role-remove-privilege</code> command. To remove members from a role, use the <code class="command">ipa role-remove-member</code> command. Refer to the <code class="command">ipa role help</code> pages for more information.
+		</div><div class="para">
+			You can use the <code class="command">ipa role-del</code> command to delete IPA roles from your configuration. Bear in mind, however, that any entities that rely on this role for access to IPA objects or to perform certain tasks will no longer have that ability.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="server-config.html"><strong>Prev</strong>Chapter 14. Configuring the IPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="self-service.html"><strong>Next</strong>14.3. Defining Self-Service Settings</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/creating-server.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/creating-server.html
new file mode 100644
index 0000000..be7b91b
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/creating-server.html
@@ -0,0 +1,426 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. Creating an IPA Server Instance</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="prev" href="Installing_the_IPA_Server_Packages.html" title="2.3. Installing the IPA Server Packages" /><link rel="next" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html" title="2.5. Setting up IPA Replicas" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Ins
 talling_the_IPA_Server_Packages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Next</strong></a></li></ul><div class="section" id="creating-server"><div class="titlepage"><div><div><h2 class="title" id="creating-server">2.4. Creating an IPA Server Instance</h2></div></div></div><div class="para">
+			The IPA setup script creates a server instance, which includes configuring all of the required services for the IPA domain:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					The network time daemon (ntpd)
+				</div></li><li class="listitem"><div class="para">
+					A 389 Directory Server instance
+				</div></li><li class="listitem"><div class="para">
+					A Kerberos key distribution center (KDC)
+				</div></li><li class="listitem"><div class="para">
+					Apache (httpd)
+				</div></li><li class="listitem"><div class="para">
+					An updated SELinux targeted policy
+				</div></li><li class="listitem"><div class="para">
+					The Active Directory WinSync plug-in
+				</div></li><li class="listitem"><div class="para">
+					A certificate authority
+				</div></li><li class="listitem"><div class="para">
+					<span class="emphasis"><em>Optional.</em></span> A domain name service (DNS) server
+				</div></li></ul></div><div class="para">
+			The IPA setup process can be minimal, where the administrator only supplies some required information, or it can be very specific, with user-defined settings for many parts of the IPA services. The configuration is passed using arguments with the <code class="command">ipa-install-server</code> script.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				The port numbers and directory locations used by IPA are all defined automatically, as defined in <a class="xref" href="Preparing_for_an_IPA_Installation.html#prereq-ports">Section 2.2.3.3, “System Ports”</a> and <a class="xref" href="ipa-files.html">Section 4.4, “A Summary of IPA Server Configuration Files and Directories”</a>. These ports and directories <span class="emphasis"><em>cannot</em></span> be changed or customized.
+			</div></div></div><div class="section" id="install-command"><div class="titlepage"><div><div><h3 class="title" id="install-command">2.4.1. About ipa-server-install</h3></div></div></div><div class="para">
+				An IPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS nad Kerberos, that are used by the IPA instance, or it can supply predefined values for minimal input from the administrator.
+			</div><div class="para">
+				While <code class="command">ipa-server-install</code> can be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
+			</div><div class="para">
+				<a class="xref" href="creating-server.html#tab.ipa-server-install-param">Table 2.3, “ipa-server-install Options”</a> lists the possible arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="creating-server.html#install-examples">Section 2.4.3, “Examples of Creating the IPA Server”</a> has examples of some common installation scenarios. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
+			</div><div class="table" id="tab.ipa-server-install-param"><h6>Table 2.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+								Argument
+							</th><th>
+								Alternate Argument
+							</th><th>
+								Description
+							</th></tr></thead><tbody><tr><td colspan="3">
+								<span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id2947721" href="#ftn.id2947721" class="footnote">a</a>]</sup>
+							</td></tr><tr><td>
+								-a <span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								--admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								The password for the IPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
+							</td></tr><tr><td>
+								--hostname=<span class="emphasis"><em>hostname</em></span>
+							</td><td>
+
+							</td><td>
+								The fully-qualified domain name of the IPA server machine.
+							</td></tr><tr><td>
+								-n <span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								--domain=<span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								The name of the LDAP server domain to use for the IPA domain. This is usually based on the IPA server's hostname.
+							</td></tr><tr><td>
+								-p <span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								--ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
+							</td></tr><tr><td>
+								-r <span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								--realm=<span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								The name of the Kerberos realm to create for the IPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Certificate Authority Options</strong></span>
+							</td></tr><tr><td>
+								--external-ca
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the IPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--selfsign
+							</td><td>
+
+							</td><td>
+								Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the IPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
+							</td></tr><tr><td>
+								--subject=<span class="emphasis"><em>subject_DN</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>DNS Options</strong></span>
+							</td></tr><tr><td>
+								--forwarder=<span class="emphasis"><em>forwarder</em></span>
+							</td><td>
+
+							</td><td>
+								Gives a comma-separated list of DNS forwarders to use with the DNS service.
+							</td></tr><tr><td>
+								--no-forwarders
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--no-reverse
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--setup-dns
+							</td><td>
+
+							</td><td>
+								Tells the installation script to set up a DNS service within the IPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
+							</td></tr><tr><td>
+								--zonemgr=<span class="emphasis"><em>email_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Kerberos Options</strong></span>
+							</td></tr><tr><td>
+								--ip-address=<span class="emphasis"><em>ip_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the IP address of the Kerberos master KDC. This can be used if there are multiple IPA servers in the same realm.
+							</td></tr><tr><td>
+								-P <span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								--master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								The password for the KDC account. This is randomly generated if no value is given.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>NTP Options</strong></span>
+							</td></tr><tr><td>
+								-N, --no-ntp
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> configure the NTP service for the IPA server. This is normally done by default. 
+								<div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+										If the IPA server is running as a virtual guest, it should not run an NTP service.
+									</div></div></div>
+
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>IPA Server Configuration Options</strong></span>
+							</td></tr><tr><td>
+								--idmax=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the upper bound for IDs which can be assigned by the IPA server. The default value is the ID start value plus 199999.
+							</td></tr><tr><td>
+								--idstart=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the lower bound (starting value) for IDs which can be assigned by the IPA server. The default value is randomly selected.
+							</td></tr><tr><td>
+								--no_hbac_allow
+							</td><td>
+
+							</td><td>
+								Disables the <code class="command">allow_all</code> rule for host-based access control in the IPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Other Setup Options</strong></span>
+							</td></tr><tr><td>
+								--no-host-dns
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the IPA server machine during the installation process.
+							</td></tr><tr><td>
+								-U
+							</td><td>
+								--unattended
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
+							</td></tr><tr><td>
+								--uninstall
+							</td><td>
+
+							</td><td>
+								Uninstalls an existing IPA server.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>General Tool Options</strong></span>
+							</td></tr><tr><td>
+								-d
+							</td><td>
+								--debug
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
+							</td></tr><tr><td>
+								-h
+							</td><td>
+								--help
+							</td><td>
+								Prints the help information for the <code class="command">ipa-server-install</code> command.
+							</td></tr><tr><td>
+								--version
+							</td><td>
+
+							</td><td>
+								Prints the version number of the <code class="command">ipa-server-install</code> command.
+							</td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id2947721" href="#id2947721" class="para">a</a>] </sup>
+									The installation script will prompt for these options if they are not passed with the script.
+								</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">2.4.2. Setting up an IPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
+				All that is required to set up an IPA server is to run the <code class="command">ipa-server-install</code> script. This launchs the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Run the <code class="command">ipa-server-install</code> script.
+					</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install</span></pre></li><li class="listitem"><div class="para">
+						Enter the hostname. This is determined automatically using reverse DNS.
+					</div><pre class="programlisting">Server host name [ipa2.server.example.com]:</pre></li><li class="listitem"><div class="para">
+						Enter the domain name. This is determined automatically based on the hostname.
+					</div><pre class="programlisting">Please confirm the domain name [example.com]:</pre></li><li class="listitem"><div class="para">
+						The script then reprints the hostname, IP address, and domain name.
+					</div><pre class="programlisting">The IPA Master Server will be configured with
+<span class="perl_BString">Hostname</span>:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre></li><li class="listitem"><div class="para">
+						Enter the new Kerberos realm name. This is usually based on the domain name.
+					</div><pre class="programlisting">Please provide a realm name [EXAMPLE.COM]:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the Directory Server superuser, <code class="command">cn=Directory Manager</code>. There are password strength requirements for this password, including a minimum password length.
+					</div><pre class="programlisting">Directory Manager password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the IPA system user account, <code class="command">admin</code>. This user is created on the machine.
+					</div><pre class="programlisting">IPA admin password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						After that, the script configures all of the associated services for IPA, with task counts and progress bars.
+					</div><pre class="programlisting">Configuring ntpd
+  [1/4]: stopping ntpd
+ ...
+<span class="perl_Keyword">done</span> configuring ntpd.
+
+Configuring directory server <span class="perl_Keyword">for</span> the CA: Estimated time 30 seconds
+  [1/3]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring pkids.
+
+Configuring certificate server: Estimated time 6 minutes
+  [1/17]: creating certificate server user
+....
+<span class="perl_Keyword">done</span> configuring pki-cad.
+
+Configuring directory server: Estimated time 1 minute
+  [1/32]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring dirsrv.
+
+Configuring Kerberos KDC: Estimated time 30 seconds
+  [1/14]: setting KDC account password
+...
+<span class="perl_Keyword">done</span> configuring krb5kdc.
+
+Configuring ipa_kpasswd
+  [1/2]: starting ipa_kpasswd
+  [2/2]: configuring ipa_kpasswd to start on boot
+<span class="perl_Keyword">done</span> configuring ipa_kpasswd.
+
+Configuring the web interface: Estimated time 1 minute
+  [1/12]: disabling mod_ssl <span class="perl_Keyword">in</span> httpd
+...
+<span class="perl_Keyword">done</span> configuring httpd.
+Setting the certificate subject base
+restarting certificate server
+Applying LDAP updates
+Restarting the directory server
+Restarting the KDC
+Restarting the web server
+Sample zone <span class="perl_BString">file</span> <span class="perl_Keyword">for</span> <span class="perl_Reserved">bind</span> has been created <span class="perl_Keyword">in</span> /tmp/sample.zone.ygzij5.db
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+						Restart the <code class="systemitem">SSH</code> service to retrive the Kerberos principal and to refresh the name server switch (NSS) configuration file: 
+<pre class="programlisting"><span class="perl_Comment"># service sshd restart</span></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
+					</div><pre class="programlisting">$ kinit admin
+Password <span class="perl_Keyword">for</span> admin at EXAMPLE.COM:</pre></li><li class="listitem"><div class="para">
+						Test the IPA configuration by running a command like <code class="command">ipa user-find</code>. For example:
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa user-find admin</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>  --------------
+  1 user matched
+  --------------
+  User <span class="perl_BString">login</span>: admin
+  <span class="perl_BString">Last</span> name: Administrator
+  Home directory: /home/admin
+  <span class="perl_BString">Login</span> shell: /bin/bash
+  Account disabled: <span class="perl_BString">False</span>
+  Member of <span class="perl_BString">groups</span>: admins
+  ----------------------------
+  Number of entries returned 1
+  ----------------------------</pre></li></ol></div></div><div class="section" id="install-examples"><div class="titlepage"><div><div><h3 class="title" id="install-examples">2.4.3. Examples of Creating the IPA Server</h3></div></div></div><div class="para">
+				The way that an IPA server is installed can be different depending on the network environment, security requirements within the organization, and the desired topology. These example illustrate some common options when installing the server. These examples are not mutually exclusive; it is entirely possible to use CA options, DNS options, and IPA configuration options in the same server invocation. These are called out separately simply to make it more clear what each configuration area requires.
+			</div><div class="section" id="install-normal"><div class="titlepage"><div><div><h4 class="title" id="install-normal">2.4.3.1. Non-Interactive Basic Installation</h4></div></div></div><div class="para">
+					As shown in <a class="xref" href="creating-server.html#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>, only a few pieces of information are required to configured an IPA server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Passwords for the IPA administrative user and the Directory Server super user (Directory Manager)
+						</div></li><li class="listitem"><div class="para">
+							The server hostname
+						</div></li><li class="listitem"><div class="para">
+							The Kerberos realm name
+						</div></li><li class="listitem"><div class="para">
+							The DNS domain name
+						</div></li></ul></div><div class="para">
+					This information can be passed with the <code class="command">ipa-server-install</code>, along with the <code class="option">-U</code> to force it to run without requiring user interaction.
+				</div><div class="example" id="ex.basic-opts"><h6>Example 2.1. Basic Installation without Interaction</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U</span></pre><div class="para">
+						The script then prints the submitted values:
+					</div><pre class="programlisting">To accept the default shown in brackets, press the Enter key.
+
+The IPA Master Server will be configured with
+Hostname:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre><div class="para">
+						Then the script runs through the configuration progress for each IPA service, as in <a class="xref" href="creating-server.html#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>.
+					</div></div></div><br class="example-break" /></div><div class="section" id="install-ca-options"><div class="titlepage"><div><div><h4 class="title" id="install-ca-options">2.4.3.2. Using Different CAs</h4></div></div></div><div class="para">
+					The default installation of IPA uses an integrated Dogtag Certificate System instance as a certificate authority to issue certificates. However, this configuration is not required. IPA only requires <span class="emphasis"><em>a</em></span> certificate authority. This can be an external CA like Verisign or a corporate CA inconjunction with the internal Certificate System, or it can even be the IPA server itself, using a self-signed certificate.
+				</div><div class="para">
+					For the IPA server itself to work as a CA, it uses a self-signed certificate, meaning that it approved and issued its own certificate. This is done by using the <code class="option">--selfsign</code> option with the <code class="command">ipa-server-install</code> command. When the IPA server uses a self-signed certificate, the setup process is exactly the same as a normal installation, except that no Dogtag Certificate System instance is created. There is still a <code class="filename">cacert.p12</code> file created that can be used by replicas and the domain functions exactly the same. The only difference is what CA issues the certificates.
+				</div><div class="example" id="ex.selfsigned"><h6>Example 2.2. Using a Self-Signed Certificate</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U --selfsign</span></pre></div></div><br class="example-break" /><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+						A self-signed certificate should only be used for a testing or development environment. A production environment should use the Dogtag Certificate System instance or an external, public CA.
+					</div></div></div><div class="para">
+					Alternatively, the IPA server can use a certificate issued by an external CA. This can be a corporate CA or a third-party CA like Verisign or Thawte. As with a normal setup process, using an external CA still uses a Dogtag Certificate System instance for the IPA server for issuing all of its client and replica certificates; the initial CA certificate is simply issued by a different CA.
+				</div><div class="para">
+					When using an external CA, there are two additional steps that must be performed: submit the generated certificate request to the external CA and then load the CA certificate and issued server certificate to complete the setup.
+				</div><div class="example" id="ex.externalca"><h6>Example 2.3. Using an External CA</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--external-ca</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --external-ca</span></pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP and Directory Server services as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script completes the CA setup and returns information about where the certificate signing request (CSR) is located, <code class="filename">/root/ipa.csr</code>. This request must be submitted to the external CA.
+							</div><pre class="programlisting">Configuring certificate server: Estimated time 6 minutes
+  [1/4]: creating certificate server user
+  [2/4]: creating pki-ca instance
+  [3/4]: restarting certificate server
+  [4/4]: configuring certificate server instance
+The next step is to get /root/ipa.csr signed by your CA and re-run ipa-server-install.</pre></li><li class="listitem"><div class="para">
+								Submit the request to the CA. The process differs for every service.
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the issued certificate and the CA certificate chain for the issuing CA. Again, the process differs for every certificate service, but there is usually a download link on a web page or in the notification email that allows administrators to download all the required certificates. Be sure to get the full certificate chain for the CA, not just the CA certificate.
+							</div></li><li class="listitem"><div class="para">
+								Rerun <code class="command">ipa-server-install</code>, specifying the locations and names of the certificate and CA chain files. For example:
+							</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install --external_cert_file=/tmp/servercert20110601.p12 --external_ca_file=/tmp/cacert.p12</span></pre></li><li class="listitem"><div class="para">
+								Complete the setup process and verify that everything is working as expected, as in <a class="xref" href="creating-server.html#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /></div><div class="section" id="install-dns"><div class="titlepage"><div><div><h4 class="title" id="install-dns">2.4.3.3. Using DNS</h4></div></div></div><div class="para">
+					IPA can be configured to manage its own DNS, use an existing DNS, or not use DNS services at all (which is the default). Running the setup script alone does not configure DNS; this requires the <code class="option">--setup-dns</code> option.
+				</div><div class="para">
+					As with a basic setup, the DNS setup can either prompt for the required information or the DNS information can be passed with the script to allow an automatic or unattended setup process.
+				</div><div class="example" id="ex.dns-w-prompts"><h6>Example 2.4. Interactive DNS Setup</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--setup-dns</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --setup-dns</span></pre></li><li class="listitem"><div class="para">
+								The script configures the hostname and domain name as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script then prompts for DNS forwarders. If forwarders will be used, enter yes, and then supply the list of DNS servers. If IPA will manage its own DNS service, then enter no.
+							</div><pre class="programlisting">Do you want to configure DNS forwarders? [<span class="perl_BString">yes</span>]: no
+No DNS forwarders configured</pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP, Directory Server, Certificate System, Kerberos, and Apache services.
+							</div></li><li class="listitem"><div class="para">
+								Before completing the configuration, the script prompts to ask whether it should configure reverse DNS services. If you select yes, then it configures the <code class="systemitem">named</code> service.
+							</div><pre class="programlisting">Do you want to configure the reverse zone? [<span class="perl_BString">yes</span>]: <span class="perl_BString">yes</span>
+Configuring named:
+  [1/9]: adding DNS container
+  [2/9]: setting up our zone
+  [3/9]: setting up reverse zone
+  [4/9]: setting up our own record
+  [5/9]: setting up kerberos principal
+  [6/9]: setting up named.conf
+  [7/9]: restarting named
+  [8/9]: configuring named to start on boot
+  [9/9]: changing resolv.conf to point to ourselves
+<span class="perl_Keyword">done</span> configuring named.
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+								Verify that everything is working as expected, as in <a class="xref" href="creating-server.html#install-interactive">Section 2.4.2, “Setting up an IPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /><div class="para">
+					If DNS is used with IPA, then two pieces of information are required: any DNS forwarders that will be used and using (or not) reverse DNS. To perform a non-interactive setup, this information can be passed using the <code class="option">--forwarder | --no-forwarders</code> option and <code class="option">--no-reverse</code> option.
+				</div><div class="example" id="ex.dns-script"><h6>Example 2.5. Setting up DNS Non-Interactively</h6><div class="example-contents"><div class="para">
+						To use DNS always requires the <code class="option">--setup-dns</code>. To user forwarders, use the <code class="option">--forwarder</code> with a comma-separated list of forwarders.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --forwarder=1.2.3.0,1.2.255.0</span></pre><div class="para">
+						Some kind of forwarder information is required. If no external forwarders will be used with the IPA DNS service, then use the <code class="option">--no-forwarders</code> option to indicate that only root servers will be used.
+					</div><div class="para">
+						The script always assumes that reverse DNS is configured along with DNS, so it is not necessary to use any options to <span class="emphasis"><em>enable</em></span> reverse DNS. To disable reverse DNS, use the <code class="option">--no-reverse</code> option.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">2.4.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id2761885">GSS Failures When Running IPA Commands</h5>
+					Immediately after installation, there can be Kerberos problems when trying to run an <code class="command">ipa-*</code> command. For example:
+				</div><pre class="programlisting">ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may provide more information', 851968)/('Decrypt integrity check failed', -1765328353)</pre><div class="para">
+				There are two potential causes for this:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						DNS is not properly configured.
+					</div></li><li class="listitem"><div class="para">
+						Active Directory is in the same domain as the IPA server.
+					</div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id2761935">named Daemon Fails to Start</h5>
+					If an IPA server is configured to manage DNS and is set up successfully, but the <code class="systemitem">named</code> service fails to start, this can indicate that there is a package conflict. Check the <code class="filename">/var/log/messages</code> file for error messages related to the <code class="command">named</code> service and the <code class="filename">ldap.so</code> library:
+				</div><pre class="screen">ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory</pre><div class="para">
+				This usually means that the <span class="package">bind-chroot</span> package is installed and is preventing the <code class="systemitem">named</code> service from starting. To resolve this issue, remove the <span class="package">bind-chroot</span> package and then restart the IPA server. 
+<pre class="programlisting"><span class="perl_Comment"># yum remove bind-chroot</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+<span class="perl_Comment"># ipactl restart</span></pre>
+
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Installing_the_IPA_Server_Packages.html"><strong>Prev</strong>2.3. Installing the IPA Server Packages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Next</strong>2.5. Setting up IPA Replicas</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/deployment-scenarios.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/deployment-scenarios.html
new file mode 100644
index 0000000..6d415b7
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/deployment-scenarios.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Planning IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="prev" href="policy.html" title="1.3. Defining Policies: Authorization" /><link rel="next" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="policy.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="
 installing-ipa.html"><strong>Next</strong></a></li></ul><div class="section" id="deployment-scenarios"><div class="titlepage"><div><div><h2 class="title" id="deployment-scenarios">1.4. Planning IPA</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="policy.html"><strong>Prev</strong>1.3. Defining Policies: Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="installing-ipa.html"><strong>Next</strong>Chapter 2. Installing an IPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/disabling-anon-binds.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/disabling-anon-binds.html
new file mode 100644
index 0000000..066020e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/disabling-anon-binds.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.6. Disabling Anonymous Binds</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="search-limits.html" title="14.5. Setting Default Search Limits" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html" title="14.7. Implementing Unique UID and GID Attributes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previou
 s"><a accesskey="p" href="search-limits.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Next</strong></a></li></ul><div class="section" id="disabling-anon-binds"><div class="titlepage"><div><div><h2 class="title" id="disabling-anon-binds">14.6. Disabling Anonymous Binds</h2></div></div></div><div class="para">
+			Even though the XML-RPC and WebUI always require authentication, the default IPA configuration allows anonymous binds to the LDAP port by anyone in the same domain as the IPA server, and consequent retrieval of a range of data, including user, group, netgroup, host, host group, and service records. This is generally considered insecure, and some RFC standards require that it be disabled to achieve compliance. With anonymous binds disabled, all connections to the directory server need to provide a valid identity.
+		</div><div class="para">
+			To disable anonymous binds, perform this LDAP modification: 
+<pre class="screen"><code class="command"># ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password:
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+
+<code class="command"># service dirsrv restart</code></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="search-limits.html"><strong>Prev</strong>14.5. Setting Default Search Limits</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Next</strong>14.7. Implementing Unique UID and GID Attributes</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/doc-history.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/doc-history.html
new file mode 100644
index 0000000..b9997e0
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/doc-history.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4. Document Change History</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="feedback.html" title="3. Giving Feedback" /><link rel="next" href="introduction.html" title="Chapter 1. Introduction to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="feedback.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="introduction.html"><strong>Next</strong></a></li></u
 l><div xml:lang="en-US" class="section" id="doc-history" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="doc-history">4. Document Change History</h2></div></div></div><div class="para">
+		<div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+					<table border="0" summary="Simple list" class="simplelist"><tr><td>Beginning draft.</td></tr></table>
+
+				</td></tr></table></div>
+
+	</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="feedback.html"><strong>Prev</strong>3. Giving Feedback</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="introduction.html"><strong>Next</strong>Chapter 1. Introduction to IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/editing-users.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/editing-users.html
new file mode 100644
index 0000000..2b9c0b6
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/editing-users.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.3. Editing Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="adding-users.html" title="6.2. Adding Users" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html" title="6.4. Activating and Deactivating User Accounts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a ac
 cesskey="p" href="adding-users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" id="editing-users"><div class="titlepage"><div><div><h2 class="title" id="editing-users">6.3. Editing Users</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa user-mod</code> command to modify user account details, such as adding, removing or changing attributes. Refer to the following examples:
+		</div><div class="para">
+			To update attributes for the user <code class="systemitem">jsmith</code>:
+		</div><div class="para">
+			<code class="command">$ ipa user-mod jsmith <code class="option">--email=johnsmith at mydomain.com</code> <code class="option">--title=Editor</code></code>
+		</div><div class="para">
+			To retrieve a list of attributes for a user:
+		</div><div class="para">
+			<code class="command">$ ipa user-show --raw &lt;user name&gt;</code>
+		</div><div class="para">
+			The list of attributes corresponds to those available in the web interface, not including any custom attributes that may have been defined.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="adding-users.html"><strong>Prev</strong>6.2. Adding Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Next</strong>6.4. Activating and Deactivating User Accounts</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/enrolling-machines.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/enrolling-machines.html
new file mode 100644
index 0000000..279814c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/enrolling-machines.html
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Enrolling Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="prev" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="next" href="renaming-machines.html" title="5.3. Renaming Machines" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="managing-clients.html"><strong>Prev</strong></a></li><li
  class="next"><a accesskey="n" href="renaming-machines.html"><strong>Next</strong></a></li></ul><div class="section" id="enrolling-machines"><div class="titlepage"><div><div><h2 class="title" id="enrolling-machines">5.2. Enrolling Machines</h2></div></div></div><div class="para">
+			Enrollment is the process whereby a host entry is created and saved in the directory server, and a keytab for that host entry is generated on the server and provisioned to the client. This keytab is saved with specific ownership and permission properties in a specific directory on the client.
+		</div><div class="para">
+			With the host entry successfully created and the keytab in place, enrollment is complete and the client machine can now automatically connect to and communicate with the IPA server.
+		</div><div class="para">
+			The enrollment process itself is performed by the <code class="command">ipa-client-install</code> command, part of the <span class="package">ipa-client</span> package. After installing the client packages, the system administrator invokes this command, providing their Kerberos credentials as parameters. The <code class="command">ipa-client-install</code> command authenticates against IPA using these credentials.
+		</div><div class="para">
+			The actual steps that constitute the enrollment process are not consistent. Instead, they depend on the enrollment scenario being implemented. IPA currently supports the following enrollment scenarios: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Manual host enrollment with privileged administrator
+					</div></li><li class="listitem"><div class="para">
+						Manual enrollment with separation of duties
+					</div></li><li class="listitem"><div class="para">
+						Bulk host deployment
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These are examined in more detail below.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">5.2.1. Manual Host Enrollment with Privileged Administrator</h3></div></div></div><div class="para">
+				This scenario implements the following sequence of operations: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							The Administrator logs into the machine that they want to enroll with IPA.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator installs the IPA client packages on that machine.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator runs the <code class="command">ipa-client-install</code> command, providing their Kerberos credentials as parameters.
+						</div><div class="para">
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										The <code class="command">ipa-client-install</code> command authenticates against IPA using the administrator's credentials.
+									</div></li><li class="listitem"><div class="para">
+										The host entry for the machine is synthesized and saved in the directory server.
+									</div></li><li class="listitem"><div class="para">
+										The keytab is generated on the server and provisioned to the client machine.
+									</div></li></ul></div>
+
+						</div></li><li class="listitem"><div class="para">
+							The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+						</div></li></ol></div>
+
+			</div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the IPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">5.2.2. Manual Host Enrollment with Separation of Duties</h3></div></div></div><div class="para">
+				This scenario assumes that there are different administrators with different levels of privileges regarding host-related operations. One administrator (A) can add and edit host entries, and thus enroll the hosts as described in <a class="xref" href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">Section 5.2.1, “Manual Host Enrollment with Privileged Administrator”</a>. The second administrator (B) has insufficient permissions to create host entries, but is allowed to enroll machines. The following sequence of operations is engaged:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Administrator A authorizes enrollment of a host by creating the host entry in the back end using the webUI or command-line script.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B installs the IPA client packages on the machine.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B invokes the enrollment script, providing their Kerberos credentials as parameters to the script.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script authenticates against IPA using Administrator B's credentials.
+								</div></li><li class="listitem"><div class="para">
+									The keytab is generated on the server and provisioned to the client machine.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+					</div></li></ol></div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the IPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">5.2.3. Bulk Host Deployment</h3></div></div></div><div class="para">
+				This scenario is very useful for automatic provisioning of multiple hosts (or virtual machines). In this scenario you can pre-create a number of hosts on the IPA server and set passwords on them. You can use your kickstart operation to perform the enrollment. For example, the <span class="application"><strong>cobbler</strong></span> utility makes this relatively easy because you can store variables in the <span class="application"><strong>cobbler</strong></span> system configuration.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There are two ways to set the password. You can either supply your own or have IPA generate a random one.
+				</div></div></div><div class="para">
+				This scenario implies the following sequence of operations:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						The host entry is pre-created on the IPA server. This can be done using:
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The webUI – manually
+								</div></li><li class="listitem"><div class="para">
+									The command line interface – manually or using a script
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						When the entry is created a user password is set to a suitable value.
+					</div></li><li class="listitem"><div class="para">
+						The password is set to expire after the first authentication in the same way as the user password after it has been reset by an administrator.
+					</div></li><li class="listitem"><div class="para">
+						The bulk provisioning scripts and tools (such as kickstart) will be hard coded to use the same password that was used to create host entries on the server side.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script (kickstart) installs the IPA packages.
+								</div></li><li class="listitem"><div class="para">
+									The script (kickstart) runs the enrollment script and passes in the password.
+								</div></li><li class="listitem"><div class="para">
+									The enrollment script connects to the IPA server using the provided password and a bind DN derived from the machine name. It then authenticates using a simple bind over SSL.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Because the password is set to expire, the Kerberos keytab will be generated and the password attribute cleared.
+					</div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="managing-clients.html"><strong>Prev</strong>Chapter 5. Managing Clients in the IPA Domain</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="renaming-machines.html"><strong>Next</strong>5.3. Renaming Machines</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/feedback.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/feedback.html
new file mode 100644
index 0000000..a0167f6
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/feedback.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3. Giving Feedback</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="Document_Conventions.html" title="2. Examples and Formatting" /><link rel="next" href="doc-history.html" title="4. Document Change History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Document_Conventions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="doc-history.html"><strong>
 Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="feedback" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="feedback">3. Giving Feedback</h2></div></div></div><div class="para">
+		If there is any error in this book or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for IPA through Bugzilla, <a href="http://bugzilla.redhat.com/bugzilla">http://bugzilla.redhat.com/bugzilla</a>. Make the bug report as specific as possible, so we can be more effective in correcting any issues:
+	</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+				Select the Red Hat group and the Red Hat Enterprise Linux 6 product.
+			</div></li><li class="listitem"><div class="para">
+				Set the component to <code class="command">doc-Enterprise_Identity_Management_Guide</code>.
+			</div></li><li class="listitem"><div class="para">
+				For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.
+			</div><div class="para">
+				For enhancements, put in what information needs to be added and why.
+			</div></li><li class="listitem"><div class="para">
+				Give a clear title for the bug. For example, <code class="command">"Incorrect command example for setup script options"</code> is better than <code class="command">"Bad example"</code>.
+			</div></li></ol></div><div class="para">
+		We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact Red Hat Content Services directly at <a href="mailto:docs at redhat.com">docs at redhat.com</a>.
+	</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Document_Conventions.html"><strong>Prev</strong>2. Examples and Formatting</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="doc-history.html"><strong>Next</strong>4. Document Change History</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/host-groups.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/host-groups.html
new file mode 100644
index 0000000..8a0396e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/host-groups.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Creating Host Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="hosts.html" title="Chapter 7. Identity: Managing Hosts and Host Groups" /><link rel="prev" href="hosts.html" title="Chapter 7. Identity: Managing Hosts and Host Groups" /><link rel="next" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="hosts.html"><strong>Prev</strong></a></li><l
 i class="next"><a accesskey="n" href="kerberos.html"><strong>Next</strong></a></li></ul><div class="section" id="host-groups"><div class="titlepage"><div><div><h2 class="title" id="host-groups">7.2. Creating Host Groups</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="hosts.html"><strong>Prev</strong>Chapter 7. Identity: Managing Hosts and Host Grou...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="kerberos.html"><strong>Next</strong>Chapter 8. Identity: Using IPA for a Kerberos Dom...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/hosts.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/hosts.html
new file mode 100644
index 0000000..27e291d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/hosts.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Identity: Managing Hosts and Host Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="searching.html" title="6.8. Searching for Users and Groups" /><link rel="next" href="host-groups.html" title="7.2. Creating Host Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="searching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="host-groups.h
 tml"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="hosts" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Managing Hosts and Host Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="hosts.html#adding-hosts">7.1. Adding and Editing Hosts</a></span></dt><dt><span class="section"><a href="host-groups.html">7.2. Creating Host Groups</a></span></dt></dl></div><div class="para">
+		XXXXX introXXXXXXXX
+	</div><div class="section" id="adding-hosts"><div class="titlepage"><div><div><h2 class="title" id="adding-hosts">7.1. Adding and Editing Hosts</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="searching.html"><strong>Prev</strong>6.8. Searching for Users and Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="host-groups.html"><strong>Next</strong>7.2. Creating Host Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/ASCII_Cert_Export.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/ASCII_Cert_Export.png
new file mode 100644
index 0000000..6f6b16c
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/ASCII_Cert_Export.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/Accept_CA_No_Exception.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/Accept_CA_No_Exception.png
new file mode 100644
index 0000000..63758d3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/Accept_CA_No_Exception.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_Migration_Final_State.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_Migration_Final_State.png
new file mode 100755
index 0000000..fe8b961
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_Migration_Final_State.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_Migration_Initial_State.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_Migration_Initial_State.png
new file mode 100644
index 0000000..c0aaaf3
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_Migration_Initial_State.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_arch.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_arch.png
new file mode 100644
index 0000000..7fc4bc1
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/IPA_arch.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/Select_User_WebUI.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/Select_User_WebUI.png
new file mode 100644
index 0000000..101c9c9
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/Select_User_WebUI.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/add_user.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/add_user.png
new file mode 100644
index 0000000..e7bda97
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/add_user.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/finalstate.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/finalstate.svg
new file mode 100755
index 0000000..85be850
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/finalstate.svg
@@ -0,0 +1,3241 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="444"
+   height="471.94431"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.48.0 r9654"
+   sodipodi:docname="finalstate.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape"
+   version="1.0"
+   inkscape:export-filename="C:\Users\elladeon\Desktop\finalstate.png"
+   inkscape:export-xdpi="90"
+   inkscape:export-ydpi="90">
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="124.79082"
+     inkscape:cy="133.55533"
+     inkscape:document-units="px"
+     inkscape:current-layer="g51234"
+     showgrid="false"
+     inkscape:window-width="1274"
+     inkscape:window-height="996"
+     inkscape:window-x="-39"
+     inkscape:window-y="80"
+     inkscape:window-maximized="0"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     showguides="false"
+     inkscape:guide-bbox="true">
+    <sodipodi:guide
+       id="guide6372"
+       position="301,506"
+       orientation="1,0" />
+  </sodipodi:namedview>
+  <defs
+     id="defs4">
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3987"
+       id="radialGradient51340"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.886887,0,0,1.602074,-235.025,-437.5826)"
+       cx="265"
+       cy="789.56696"
+       fx="265"
+       fy="789.56696"
+       r="265" />
+    <linearGradient
+       id="linearGradient3987">
+      <stop
+         id="stop3989"
+         offset="0"
+         style="stop-color:#e3dcc0;stop-opacity:0;" />
+      <stop
+         id="stop3991"
+         offset="1"
+         style="stop-color:#e3dcc0;stop-opacity:1;" />
+    </linearGradient>
+    <pattern
+       patternTransform="matrix(0.375,0,0,0.375,379,437.7952)"
+       id="pattern4015"
+       xlink:href="#white-spots"
+       inkscape:collect="always" />
+    <pattern
+       patternTransform="matrix(0.593284,0,0,0.6723114,298.46193,1419.2297)"
+       id="pattern4062"
+       xlink:href="#pattern4015"
+       inkscape:collect="always" />
+    <pattern
+       patternUnits="userSpaceOnUse"
+       width="32"
+       height="32"
+       id="white-spots"
+       patternTransform="matrix(0.375,0,0,0.375,71.51384,20.36167)">
+      <g
+         inkscape:label="#g3035"
+         id="white-spot"
+         transform="translate(-484.3997,-513.505)">
+        <path
+           sodipodi:nodetypes="czzzz"
+           d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+           id="path3033"
+           style="opacity:0.25;fill:white" />
+      </g>
+    </pattern>
+    <mask
+       id="mask4631">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-1) #000000;fill-opacity:1"
+         id="path4633" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1"
+       xlink:href="#linearGradient4584-7"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4" />
+    </linearGradient>
+    <mask
+       id="mask4631-7">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-8) #000000;fill-opacity:1"
+         id="path4633-8" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8"
+       xlink:href="#linearGradient4584-70"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-70">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0" />
+    </linearGradient>
+    <pattern
+       inkscape:collect="always"
+       xlink:href="#pattern4062"
+       id="pattern51338"
+       patternTransform="matrix(0.44763582,0,0,0.35756317,1367.612,792.51535)" />
+    <mask
+       id="mask7729">
+      <rect
+         style="fill:url(#linearGradient7733) #000000;fill-opacity:1"
+         id="rect7731"
+         y="71.481766"
+         x="483.75613"
+         height="123.26292"
+         width="103.35121" />
+    </mask>
+    <linearGradient
+       gradientTransform="matrix(0.948176,0,0,0.948176,560.558,-440.533)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient7584"
+       id="linearGradient7733"
+       y2="595.06226"
+       x2="20.999998"
+       y1="539.95715"
+       x1="20.999998" />
+    <linearGradient
+       id="linearGradient7584">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7586" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7588" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.4388067"
+       y="-0.21940336"
+       width="1.2520971"
+       x="-0.12604854"
+       id="filter9847">
+      <feGaussianBlur
+         id="feGaussianBlur9849"
+         stdDeviation="1.7113675"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5805">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5807" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5809" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.3127669"
+       y="-0.15638345"
+       width="1.1948662"
+       x="-0.09743309"
+       id="filter5917">
+      <feGaussianBlur
+         id="feGaussianBlur5919"
+         stdDeviation="0.60257196"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.233731"
+       y="-0.11686549"
+       width="1.2466146"
+       x="-0.12330729"
+       id="filter9827">
+      <feGaussianBlur
+         id="feGaussianBlur9829"
+         stdDeviation="13.567379"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient8317-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop8319-5" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8321-8" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5557">
+      <stop
+         offset="0"
+         style="stop-color: rgb(0, 147, 217); stop-opacity: 1;"
+         id="stop5559" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5561" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5541">
+      <stop
+         offset="0"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5543" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 0;"
+         id="stop5545" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10494">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0.754902;"
+         id="stop10496" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop10498" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10668">
+      <feGaussianBlur
+         id="feGaussianBlur10670"
+         stdDeviation="0.40041338"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5797">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5799" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5801" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8391">
+      <feGaussianBlur
+         id="feGaussianBlur8393"
+         stdDeviation="0.23516584"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5813">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5815" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(238, 238, 238); stop-opacity: 1;"
+         id="stop5817" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5931">
+      <stop
+         offset="0"
+         style="stop-color: rgb(162, 162, 162); stop-opacity: 1;"
+         id="stop5933" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5935" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter7106">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="0.51373373"
+         id="feGaussianBlur7108" />
+    </filter>
+    <linearGradient
+       id="linearGradient7359-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7361-9" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7363-3" />
+    </linearGradient>
+    <mask
+       id="mask7570-2">
+      <rect
+         style="fill:url(#linearGradient7574-6) #000000;fill-opacity:1"
+         id="rect7572-2"
+         y="60.362179"
+         x="536"
+         height="111"
+         width="86" />
+    </mask>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3"
+       id="linearGradient7574-6"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <linearGradient
+       id="linearGradient8481-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7576-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(137, 137, 137); stop-opacity: 1;"
+         id="stop7578-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7580-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5573-77">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5575-4" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5577-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5565-0">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5567-1" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5569-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5677-53">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5679-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5681-1" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8351-5">
+      <feGaussianBlur
+         id="feGaussianBlur8353-2"
+         stdDeviation="0.21855907"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5669-6">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5671-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5673-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.0124482"
+       y="-0.0062240968"
+       width="1.3332899"
+       x="-0.16664496"
+       id="filter8323-5">
+      <feGaussianBlur
+         id="feGaussianBlur8325-5"
+         stdDeviation="0.15442502"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10486-9">
+      <feGaussianBlur
+         id="feGaussianBlur10488-0"
+         stdDeviation="0.36649474"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient10566-93">
+      <stop
+         offset="0"
+         style="stop-color: rgb(102, 102, 102); stop-opacity: 1;"
+         id="stop10568-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop10570-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5685-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5687-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5689-7" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6414-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop6416-21" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop6418-9" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6398-9">
+      <stop
+         offset="0"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 1;"
+         id="stop6400-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop6402-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6478-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop6480-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(211, 215, 207); stop-opacity: 0;"
+         id="stop6482-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7808-7">
+      <stop
+         offset="0"
+         style="stop-color: rgb(171, 171, 171); stop-opacity: 1;"
+         id="stop7810-7" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7812-0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10554-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(168, 168, 168); stop-opacity: 1;"
+         id="stop10556-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop10558-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10534-4">
+      <feGaussianBlur
+         id="feGaussianBlur10536-7"
+         stdDeviation="0.50670758"
+         inkscape:collect="always" />
+    </filter>
+    <mask
+       id="mask4631-8">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 z"
+         style="fill:url(#linearGradient4635) #000000;fill-opacity:1"
+         id="path4633-3" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635"
+       xlink:href="#linearGradient4584"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588" />
+    </linearGradient>
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4708"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4710"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4712"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4714"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4716"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4718"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4720"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4722"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4724"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4726"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4728"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4730"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4732"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4734"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4736"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4738"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4740"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4742"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4744"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5142"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5144"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5146"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5148"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5150"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5152"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5154"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5156"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5158"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5160"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5162"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5164"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5166"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5168"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5170"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5172"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5174"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5176"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5178"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5370"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5372"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5374"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5376"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5378"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5380"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5382"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5384"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5386"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5388"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5390"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5392"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5394"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5396"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5398"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5400"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5402"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5404"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5406"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5451"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5453"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5455"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5457"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5459"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5461"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5463"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5465"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5467"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5469"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5471"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5473"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5475"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5477"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5479"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5481"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5483"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5485"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5487"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       id="linearGradient4584-70-8-6">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3-8-9" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0-3-2" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8-1-4"
+       xlink:href="#linearGradient4584-70-8-6"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7-8-5">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0-9-4" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4-6-0" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1-4-2"
+       xlink:href="#linearGradient4584-7-8-5"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient8481-3-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3-7" />
+    </linearGradient>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3-1"
+       id="linearGradient7574-6-7"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <marker
+       style="overflow:visible"
+       id="TriangleInSQ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSQ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9776" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS7"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS7">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9779" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSg"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSg">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9782" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSG"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSG">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9785" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSE"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSE">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9788" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSf"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSf">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9791" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSJ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSJ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9794" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS2"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS2">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9797" />
+    </marker>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7576-1"
+       id="linearGradient12740"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.585274"
+       y1="39.151588"
+       x2="29.061579"
+       y2="21.046715" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12742"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="21.322929"
+       y1="44.46735"
+       x2="34.585835"
+       y2="30.312105" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12744"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.246363"
+       y1="51.641129"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12746"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12748"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12750"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12752"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5685-1"
+       id="linearGradient12754"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,59.2801)"
+       x1="42.074207"
+       y1="42.648251"
+       x2="42.382099"
+       y2="30.0221" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12756"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12758"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6398-9"
+       id="linearGradient12760"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12762"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,-29)"
+       x1="603.48352"
+       y1="145.48944"
+       x2="603.48352"
+       y2="141.11491" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12764"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,55.7801)"
+       x1="41.126476"
+       y1="36.09766"
+       x2="44.599358"
+       y2="35.376236" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12766"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,64.6801)"
+       x1="53.072731"
+       y1="36.17104"
+       x2="35.096169"
+       y2="33.830193" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12768"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12770"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7808-7"
+       id="linearGradient12772"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="37.260498"
+       y1="27.37009"
+       x2="17.47529"
+       y2="37.98819" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12774"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="27.247866"
+       y1="46.597134"
+       x2="20.776503"
+       y2="33.722939" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12776"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="16.030468"
+       y1="50.84045"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12778"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12780"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12782"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12784"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10554-1"
+       id="linearGradient12786"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="48.126881"
+       y1="35.527008"
+       x2="35.096169"
+       y2="33.830193" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12788"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12790"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12792"
+       gradientUnits="userSpaceOnUse"
+       x1="603.25"
+       y1="140.36218"
+       x2="603.7171"
+       y2="144.12111" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12794"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="45.470558"
+       y1="35.187798"
+       x2="40.255276"
+       y2="36.286098" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12796"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,90.1801)"
+       x1="55.874207"
+       y1="35.072224"
+       x2="37.686401"
+       y2="33.083126" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12798"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12800"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12802"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12804"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+  </defs>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="translate(-33.785574,76.85193)"
+     id="layer1"
+     inkscape:groupmode="layer"
+     inkscape:label="Layer 1">
+    <g
+       transform="translate(20.785574,15.148096)"
+       id="g1758">
+      <g
+         inkscape:label="Layer 1"
+         id="layer1-8"
+         style="display:inline"
+         transform="translate(-204.5471,-8.3623809)">
+        <g
+           id="g51234">
+          <g
+             inkscape:label="#g4018"
+             id="background"
+             transform="matrix(0.83773585,0,0,1.0487651,217.5471,-715.37408)">
+            <rect
+               style="fill:#e3dcc0"
+               id="rect1933"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+            <rect
+               ry="19.070024"
+               rx="23.873896"
+               y="602.36218"
+               x="0"
+               height="450"
+               width="530"
+               id="rect3092"
+               style="fill:url(#pattern51338);fill-opacity:1" />
+            <rect
+               style="fill:url(#radialGradient51340);fill-opacity:1"
+               id="rect3985"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+          </g>
+          <g
+             inkscape:label="Layer 1"
+             id="layer1-0"
+             transform="matrix(0,1,-1,0,-569.42108,5708.5683)">
+            <rect
+               width="0"
+               height="24.171429"
+               rx="60.428574"
+               ry="24.171429"
+               x="-788.32996"
+               y="3808.3428"
+               id="rect5314-36"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="translate(511.139,-788.394)"
+               id="g8484" />
+            <g
+               transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+               id="g6374"
+               style="fill:#ffffff" />
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="420.08853"
+               y="-763.33875"
+               id="rect5314-1-2"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+               style="opacity:0.30729232"
+               mask="url(#mask4631)"
+               id="g4596" />
+            <g
+               transform="translate(235.628,616.018)"
+               id="g3002" />
+            <g
+               transform="translate(71.1162,-7.34373)"
+               id="g4898">
+              <g
+                 id="g4900-4">
+                <g
+                   id="g4902-3" />
+              </g>
+            </g>
+            <g
+               transform="translate(979.728,-180.625)"
+               id="g3002-4-7" />
+            <g
+               transform="translate(815.216,-803.987)"
+               id="g4898-9-7">
+              <g
+                 id="g4900-9-8">
+                <g
+                   id="g4902-1-1" />
+              </g>
+            </g>
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text19594-4"
+               y="276.983"
+               x="500.69299"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan19596-6"
+                 y="276.983"
+                 x="500.69299" /></text>
+            <g
+               transform="translate(916.728,50.3749)"
+               id="g3002-3-2" />
+            <g
+               transform="translate(752.216,-572.987)"
+               id="g4898-2-2">
+              <g
+                 id="g4900-7-1">
+                <g
+                   id="g4902-8-8" />
+              </g>
+            </g>
+            <g
+               transform="translate(-218.272,-381.625)"
+               id="g21694-0">
+              <text
+                 sodipodi:linespacing="125%"
+                 x="321.965"
+                 y="658.60797"
+                 id="text21702-5"
+                 xml:space="preserve"
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                   x="321.965"
+                   y="658.60797"
+                   id="tspan21704-1" /></text>
+            </g>
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="1173.8944"
+               y="303.50519"
+               id="rect5314-3-3"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               inkscape:label="Layer 1"
+               id="layer1-4"
+               transform="translate(212.407,560.774)">
+              <rect
+                 width="0"
+                 height="24.171429"
+                 rx="60.428574"
+                 ry="24.171429"
+                 x="-788.32996"
+                 y="3808.3428"
+                 id="rect5314-14"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="translate(511.139,-788.394)"
+                 id="g8484-7" />
+              <g
+                 transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+                 id="g6374-8"
+                 style="fill:#ffffff" />
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="420.08853"
+                 y="-763.33875"
+                 id="rect5314-1-6"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+                 style="opacity:0.30729232"
+                 mask="url(#mask4631-7)"
+                 id="g4596-06" />
+              <g
+                 transform="translate(235.628,616.018)"
+                 id="g3002-8" />
+              <g
+                 transform="translate(71.1162,-7.34373)"
+                 id="g4898-4">
+                <g
+                   id="g4900-3">
+                  <g
+                     id="g4902-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(979.728,-180.625)"
+                 id="g3002-4-4" />
+              <g
+                 transform="translate(815.216,-803.987)"
+                 id="g4898-9-3">
+                <g
+                   id="g4900-9-9">
+                  <g
+                     id="g4902-1-3" />
+                </g>
+              </g>
+              <text
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+                 xml:space="preserve"
+                 id="text19594-8"
+                 y="276.983"
+                 x="500.69299"
+                 sodipodi:linespacing="125%"><tspan
+                   id="tspan19596-2"
+                   y="276.983"
+                   x="500.69299" /></text>
+              <g
+                 transform="translate(916.728,50.3749)"
+                 id="g3002-3-5" />
+              <g
+                 transform="translate(752.216,-572.987)"
+                 id="g4898-2-0">
+                <g
+                   id="g4900-7-4">
+                  <g
+                     id="g4902-8-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(-218.272,-381.625)"
+                 id="g21694-4">
+                <text
+                   sodipodi:linespacing="125%"
+                   x="321.965"
+                   y="658.60797"
+                   id="text21702-3"
+                   xml:space="preserve"
+                   style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                     x="321.965"
+                     y="658.60797"
+                     id="tspan21704-3" /></text>
+              </g>
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="1173.8944"
+                 y="303.50519"
+                 id="rect5314-3-0"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <text
+                 sodipodi:linespacing="125%"
+                 transform="matrix(0,-1,1,0,0,0)"
+                 xml:space="preserve"
+                 style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;opacity:0.12604998;fill:#000000;fill-opacity:1;stroke:none;font-family:Interstate-Black"
+                 x="1740.2687"
+                 y="-5540.999"
+                 id="text28374"><tspan
+                   style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans Bold"
+                   sodipodi:role="line"
+                   id="tspan28376"
+                   x="1740.2687"
+                   y="-5540.999">#49658</tspan></text>
+            </g>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314"
+             y="5244.3931"
+             x="4432.2417"
+             ry="24.171429"
+             rx="60.428574"
+             height="24.171429"
+             width="0" />
+          <g
+             id="g8484-6"
+             transform="translate(5731.7105,647.6564)" />
+          <g
+             style="fill:#ffffff"
+             id="g6374-4"
+             transform="matrix(0.867051,0,0,0.867051,5533.8055,759.9764)" />
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-1"
+             y="672.71167"
+             x="5640.6602"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             id="g4596-3"
+             mask="url(#mask4631-8)"
+             style="opacity:0.30729232"
+             transform="matrix(1.73,0,0,0.659171,5511.8225,1611.9864)" />
+          <g
+             id="g3002-33"
+             transform="translate(5456.1995,2052.0684)" />
+          <g
+             id="g4898-8"
+             transform="translate(5291.6877,1428.7067)">
+            <g
+               id="g4900">
+              <g
+                 id="g4902" />
+            </g>
+          </g>
+          <g
+             id="g3002-4"
+             transform="translate(6200.2995,1255.4254)" />
+          <g
+             id="g4898-9"
+             transform="translate(6035.7875,632.0634)">
+            <g
+               id="g4900-9">
+              <g
+                 id="g4902-1" />
+            </g>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             x="5721.2646"
+             y="1713.0334"
+             id="text19594"
+             xml:space="preserve"
+             style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+               x="5721.2646"
+               y="1713.0334"
+               id="tspan19596" /></text>
+          <g
+             id="g3002-3"
+             transform="translate(6137.2995,1486.4253)" />
+          <g
+             id="g4898-2"
+             transform="translate(5972.7875,863.0634)">
+            <g
+               id="g4900-7">
+              <g
+                 id="g4902-8" />
+            </g>
+          </g>
+          <g
+             id="g21694"
+             transform="translate(5002.2995,1054.4254)">
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text21702"
+               y="658.60797"
+               x="321.965"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan21704"
+                 y="658.60797"
+                 x="321.965" /></text>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-3"
+             y="1739.5555"
+             x="6394.4658"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             transform="matrix(1.1935043,0,0,1.1935043,-56.738176,6.0556725)"
+             id="g9226">
+            <g
+               id="g17509"
+               transform="matrix(0.95549,0,0,0.95549,-131.63026,-97.114486)">
+              <g
+                 transform="matrix(-0.871732,0,0,0.875699,945.308,163.109)"
+                 mask="url(#mask7570-2)"
+                 id="g7663"
+                 style="opacity:0.53157899">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7667"
+                   style="fill:url(#linearGradient12740);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7669"
+                   style="fill:url(#linearGradient12742);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.24488,-5.533632 14.24488,-5.533632 L 579.37701,66.81781 z"
+                   id="path7671"
+                   style="fill:url(#linearGradient12744);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7673"
+                   style="fill:none;stroke:url(#linearGradient12746);stroke-width:1.57957995;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7675"
+                   style="fill:none;stroke:url(#linearGradient12748);stroke-width:2.10610008;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,41.25)"
+                   id="use7678">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5196"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12750);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5198"
+                     style="fill:url(#linearGradient12752);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,127.61454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7680"
+                   style="opacity:0.759843;fill:none;stroke:url(#linearGradient12754);stroke-width:1.05305004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="translate(0,31)"
+                   id="g7682">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7684"
+                     style="fill:url(#linearGradient12756);fill-opacity:1;stroke:url(#linearGradient12758);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7686"
+                     style="fill:url(#linearGradient12760);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,112.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7688"
+                   style="fill:url(#linearGradient12762);fill-opacity:1;stroke:url(#linearGradient12764);stroke-width:0.63183099;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,126.56345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7690"
+                   style="opacity:0.964567;fill:none;stroke:url(#linearGradient12766);stroke-width:0.95091498;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7692">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7694"
+                     style="opacity:0.680851;fill:url(#radialGradient12768);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7696"
+                     style="fill:url(#radialGradient12770);fill-opacity:1" />
+                </g>
+              </g>
+              <g
+                 transform="matrix(-0.875699,0,0,0.875699,947.549,115.264)"
+                 id="g7698">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7700"
+                   style="fill:url(#linearGradient12772);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7702"
+                   style="fill:url(#linearGradient12774);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.03777,-5.180079 14.03777,-5.180079 L 579.37701,66.81781 z"
+                   id="path7704"
+                   style="fill:url(#linearGradient12776);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7706"
+                   style="fill:none;stroke:url(#linearGradient12778);stroke-width:1.57599998;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7708"
+                   style="fill:none;stroke:url(#linearGradient12780);stroke-width:2.10133004;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,10.25)"
+                   id="use7710">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5186"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12782);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5188"
+                     style="fill:url(#linearGradient12784);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,153.11454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7712"
+                   style="opacity:0.62621304;fill:none;stroke:url(#linearGradient12786);stroke-width:1.05066001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   id="g7714">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7716"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12788);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7718"
+                     style="fill:url(#linearGradient12790);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,141.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7720"
+                   style="fill:url(#linearGradient12792);fill-opacity:1;stroke:url(#linearGradient12794);stroke-width:0.63039899;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,152.06345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7722"
+                   style="fill:none;stroke:url(#linearGradient12796);stroke-width:0.94875801;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10534-4)" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7724">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7726"
+                     style="opacity:0.680851;fill:url(#radialGradient12798);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7728"
+                     style="fill:url(#radialGradient12800);fill-opacity:1" />
+                </g>
+                <g
+                   transform="matrix(1.02462,0,0,1.02462,108.25,-131.553)"
+                   id="use7730">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path5236"
+                     style="opacity:0.680851;fill:url(#radialGradient12802);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path5238"
+                     style="fill:url(#radialGradient12804);fill-opacity:1" />
+                </g>
+              </g>
+            </g>
+          </g>
+          <g
+             transform="translate(271,-329)"
+             id="g5300">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,266.42705,-63.62544)"
+               id="g8866">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g8868"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8870"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8872"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8874"
+                   style="fill:url(#linearGradient4708);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8876"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path8878"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8880"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8882"
+                   style="fill:url(#linearGradient4710)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8884"
+                   style="fill:url(#linearGradient4712);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8886"
+                   style="fill:url(#linearGradient4714);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8888"
+                   style="opacity:0.62254902;fill:url(#radialGradient4716);fill-opacity:1;stroke:url(#radialGradient4718);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8890"
+                   style="fill:url(#linearGradient4720);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g8892">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8894"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8896"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8898"
+                   style="fill:url(#linearGradient4722);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8900"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path8902"
+                   style="fill:url(#linearGradient4724);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8904"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8906"
+                   style="fill:url(#linearGradient4726)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8908"
+                   style="fill:url(#linearGradient4728);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8910"
+                   style="fill:url(#linearGradient4730);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8912"
+                   style="opacity:0.96825406;fill:url(#radialGradient4732);fill-opacity:1;stroke:url(#radialGradient4734);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8914"
+                   style="fill:url(#linearGradient4736);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path8916"
+                   style="opacity:0.71957703;fill:url(#radialGradient4738);fill-opacity:1;stroke:url(#radialGradient4740);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g8918">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path8920"
+                   style="opacity:0.680851;fill:url(#radialGradient4742);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path8922"
+                   style="fill:url(#radialGradient4744);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="283.6499"
+               y="335.79758"
+               id="text3608"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan3610"
+                 x="285.31396"
+                 y="335.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4746"
+                 sodipodi:role="line"
+                 x="283.6499"
+                 y="348.63757"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5410">using </tspan>SSSD with an LDAP backend</tspan></text>
+          </g>
+          <g
+             transform="translate(169,-217.33331)"
+             id="g5335">
+            <g
+               id="g4892"
+               transform="matrix(-0.6631863,0,0,0.67913371,367.88733,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g4894"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4896"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4898"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5370);fill-opacity:1"
+                   id="path4900"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4902"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path4904"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4906"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5372)"
+                   id="path4908"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5374);fill-opacity:1"
+                   id="polygon4910"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5376);fill-opacity:1"
+                   id="path4912"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5378);fill-opacity:1;stroke:url(#radialGradient5380);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4914"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5382);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4916"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g4918"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4920"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4922"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5384);fill-opacity:1"
+                   id="path4924"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4926"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5386);fill-opacity:1"
+                   id="path4928"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4930"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5388)"
+                   id="path4932"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5390);fill-opacity:1"
+                   id="polygon4934"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5392);fill-opacity:1"
+                   id="path4936"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5394);fill-opacity:1;stroke:url(#radialGradient5396);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4938"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5398);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4940"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5400);fill-opacity:1;stroke:url(#radialGradient5402);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path4942"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g4944"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5404);fill-opacity:1"
+                   id="path4946"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5406);fill-opacity:1"
+                   id="path4948"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4427"
+               y="333.29758"
+               x="386.11017"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="387.77423"
+                 id="tspan4429"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4748"
+                 y="346.13757"
+                 x="386.11017"
+                 sodipodi:role="line"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5408">using </tspan>SSSD with an IPA backend</tspan></text>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             id="text4497"
+             y="199.29758"
+             x="284.07538"
+             style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:125%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+             xml:space="preserve"><tspan
+               style="font-size:13px"
+               id="tspan4501"
+               y="199.29758"
+               x="284.07538"
+               sodipodi:role="line">IPA</tspan></text>
+          <g
+             transform="translate(36,-105.66666)"
+             id="g5416">
+            <g
+               id="g5046"
+               transform="matrix(-0.6631863,0,0,0.67913371,501.21208,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g5048"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5050"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5052"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5451);fill-opacity:1"
+                   id="path5054"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5056"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path5058"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5060"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5453)"
+                   id="path5062"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5455);fill-opacity:1"
+                   id="polygon5064"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5457);fill-opacity:1"
+                   id="path5066"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5459);fill-opacity:1;stroke:url(#radialGradient5461);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5068"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5463);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5070"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g5072"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5074"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5076"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5465);fill-opacity:1"
+                   id="path5078"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5080"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5467);fill-opacity:1"
+                   id="path5082"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5084"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5469)"
+                   id="path5086"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5471);fill-opacity:1"
+                   id="polygon5088"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5473);fill-opacity:1"
+                   id="path5090"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5475);fill-opacity:1;stroke:url(#radialGradient5477);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5092"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5479);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5094"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5481);fill-opacity:1;stroke:url(#radialGradient5483);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path5096"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g5098"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5485);fill-opacity:1"
+                   id="path5100"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5487);fill-opacity:1"
+                   id="path5102"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="519.57751"
+               y="332.79758"
+               id="text4433"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan4435"
+                 x="521.13611"
+                 y="332.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4750"
+                 sodipodi:role="line"
+                 x="519.57751"
+                 y="345.63757"><tspan
+   id="tspan5412"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_LDAP/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(-112,6)"
+             id="g5489">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,650.68426,-63.62544)"
+               id="g4988">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g4990"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4992"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path4994"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path4996"
+                   style="fill:url(#linearGradient5142);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4998"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path5000"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5002"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5004"
+                   style="fill:url(#linearGradient5144)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5006"
+                   style="fill:url(#linearGradient5146);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5008"
+                   style="fill:url(#linearGradient5148);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5010"
+                   style="opacity:0.62254902;fill:url(#radialGradient5150);fill-opacity:1;stroke:url(#radialGradient5152);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5012"
+                   style="fill:url(#linearGradient5154);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g5014">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5016"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path5018"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path5020"
+                   style="fill:url(#linearGradient5156);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5022"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path5024"
+                   style="fill:url(#linearGradient5158);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5026"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5028"
+                   style="fill:url(#linearGradient5160)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5030"
+                   style="fill:url(#linearGradient5162);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5032"
+                   style="fill:url(#linearGradient5164);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5034"
+                   style="opacity:0.96825406;fill:url(#radialGradient5166);fill-opacity:1;stroke:url(#radialGradient5168);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5036"
+                   style="fill:url(#linearGradient5170);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path5038"
+                   style="opacity:0.71957703;fill:url(#radialGradient5172);fill-opacity:1;stroke:url(#radialGradient5174);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g5040">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path5042"
+                   style="opacity:0.680851;fill:url(#radialGradient5176);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path5044"
+                   style="fill:url(#radialGradient5178);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4439"
+               y="333.29758"
+               x="669.04968"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="670.60828"
+                 id="tspan4441"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4752"
+                 y="346.13757"
+                 x="669.04968"
+                 sodipodi:role="line"><tspan
+   id="tspan5414"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_KRB5/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(539.98213,665.63497)"
+             id="g3002-35" />
+          <g
+             transform="translate(375.47031,42.27285)"
+             id="g4898-37">
+            <g
+               id="g4900-5">
+              <g
+                 id="g4902-5" />
+            </g>
+          </g>
+          <g
+             transform="translate(321.48515,123.56711)"
+             id="g3002-4-44" />
+          <g
+             transform="translate(156.97333,-499.79501)"
+             id="g4898-3">
+            <g
+               id="g4900-3-7">
+              <g
+                 id="g4902-3-9" />
+            </g>
+          </g>
+          <g
+             transform="translate(4.49242,441.24827)"
+             id="g9694" />
+          <g
+             transform="translate(-160.01938,-182.11385)"
+             id="g9696">
+            <g
+               id="g9698">
+              <g
+                 id="g9700" />
+            </g>
+          </g>
+          <g
+             transform="translate(531.70846,712.31515)"
+             id="g11586" />
+          <g
+             transform="translate(367.19664,88.95298)"
+             id="g11591">
+            <g
+               id="g11593">
+              <g
+                 id="g11595" />
+            </g>
+          </g>
+          <g
+             transform="translate(945.16259,126.17676)"
+             id="g13960" />
+          <g
+             transform="translate(780.65077,-497.18536)"
+             id="g13962">
+            <g
+               id="g13964">
+              <g
+                 id="g13966" />
+            </g>
+          </g>
+          <g
+             id="g6425"
+             transform="matrix(-0.58230043,0,0,1.2021785,341.20931,-1013.0128)"
+             style="fill:#5c3566" />
+          <text
+             xml:space="preserve"
+             style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+             x="902.75421"
+             y="196.70628"
+             id="text13535"><tspan
+               sodipodi:role="line"
+               id="tspan13537"
+               x="902.75421"
+               y="196.70628" /></text>
+          <path
+             id="path18414"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSQ);marker-end:url(#TriangleOutS7);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,-44.15908 -100.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,130.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -72.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,289.61762 -100.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-113.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -72.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSE);marker-end:url(#TriangleOutSf);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6366" />
+          <path
+             id="path6368"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSg);marker-end:url(#TriangleOutSG);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,175.61762 -78.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-15.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -94.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,65.84092 -78.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,36.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -94.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSJ);marker-end:url(#TriangleOutS2);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6370" />
+        </g>
+      </g>
+      <g
+         id="layer2"
+         inkscape:label="sdfsdf"
+         style="display:none"
+         transform="translate(-204.5471,-8.3623809)">
+        <rect
+           style="opacity:0.22325583;fill:#180e00;fill-opacity:1;fill-rule:nonzero;stroke:#211601;stroke-width:2.10500002;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:0.09661835;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+           id="rect26435"
+           width="1620"
+           height="951.42859"
+           x="-308.57144"
+           y="92.362144"
+           ry="26.574863"
+           rx="26.574863" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/images/icon.svg b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/icon.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/images/icon.svg
rename to public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/icon.svg
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/kinit_admin.png b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/kinit_admin.png
new file mode 100644
index 0000000..a0b81e1
Binary files /dev/null and b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/images/kinit_admin.png differ
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html
new file mode 100644
index 0000000..4a47673
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Enterprise Identity Management Guide</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, includ
 ing both servers and clients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="next" href="Preface.html" title="Preface" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="id4040048" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Red Hat Enterprise Linux</span> <span class="productnumber">6.2</span></di
 v><div><h1 id="id4040048" class="title">Enterprise Identity Management Guide</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 0.1</p><div><h3 class="corpauthor">
+		<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
+
+	</h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id2970571" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+		Copyright <span class="trademark"></span>© 2011 Red Hat.
+	</div><div class="para">
+		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+	</div><div class="para">
+		Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+	</div><div class="para">
+		Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+	</div><div class="para">
+		<span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+	</div><div class="para">
+		<span class="trademark">Java</span>® is a registered trademark of Oracle and/or its affiliates.
+	</div><div class="para">
+		<span class="trademark">XFS</span>® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
+	</div><div class="para">
+		<span class="trademark">MySQL</span>® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
+	</div><div class="para">
+		All other trademarks are the property of their respective owners.
+	</div><div class="para">
+		<div class="address"><p><br />
+			<span class="street">1801 Varsity Drive</span><br />
+			 <span class="city">Raleigh</span>, <span class="state">NC</span> <span class="postcode">27606-2072</span> <span class="country">USA</span><br />
+			 <span class="phone">Phone: +1 919 754 3700</span><br />
+			 <span class="phone">Phone: 888 733 4281</span><br />
+			 <span class="fax">Fax: +1 919 754 3701</span><br />
+<br />
+		</p></div>
+
+	</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
+			Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.
+		</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="Preface.html#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="Document_Conventions.html">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="Document_Conventions.html#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="feedback.html">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="doc-history.html">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="introduction.html">1. Introduction to IPA</a></span>
 </dt><dd><dl><dt><span class="section"><a href="introduction.html#what-is-ipa">1.1. IPA Defined</a></span></dt><dd><dl><dt><span class="section"><a href="introduction.html#ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</a></span></dt><dd><dl><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</a></span></dt><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</a></span></dt><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</a></span></dt></dl></dd><dt><span class="section"><a href="introduction.html#ipa-domains">1.1.2. About IPA Domains</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-components.h
 tml">1.2. Identity Management: Authentication</a></span></dt><dt><span class="section"><a href="policy.html">1.3. Defining Policies: Authorization</a></span></dt><dt><span class="section"><a href="deployment-scenarios.html">1.4. Planning IPA</a></span></dt></dl></dd><dt><span class="chapter"><a href="installing-ipa.html">2. Installing an IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#Operating_System_Requirements">2.1. Supported Server Platforms</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html">2.2. Preparing to Install the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_
 for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requirements</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prerequisites">2.2.3. System Prerequisites</a></span></dt><dd><dl><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prereq-ds">2.2.3.1. Directory Server</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prereq-system">2.2.3.2. System Files </a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prereq-ports">2.2.3.3. System Ports</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Ne
 tworking</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="Installing_the_IPA_Server_Packages.html">2.3. Installing the IPA Server Packages</a></span></dt><dt><span class="section"><a href="creating-server.html">2.4. Creating an IPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-command">2.4.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="creating-server.html#install-interactive">2.4.2. Setting up an IPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-examples">2.4.3. Examples of Creating the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-normal">2.4.3.1. Non-Interactive Basic Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-ca-options">2.4.3.2. Using Different CAs</a></span></dt><dt><span class="section"><a h
 ref="creating-server.html#install-dns">2.4.3.3. Using DNS</a></span></dt></dl></dd><dt><span class="section"><a href="creating-server.html#troubleshooting-install">2.4.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html">2.5. Setting up IPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#installing-replica">2.5.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#creating-the-replica">2.5.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#troubleshooting-replica-install">2.5.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section">
 <a href="Uninstalling_IPA_Servers.html">2.6. Uninstalling IPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="setting-up-clients.html">3. Setting up Systems as IPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux">3.1. Configuring a Red Hat Enterprise Linux System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#rhel-pkgs">3.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">3.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos">3.1.3. Configuring NFS 
 v4 with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="Using_Microsoft_Windows.html">3.2. Configuring a Microsoft Windows System as an IPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">3.3. Configuring a Solaris System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">3.3.1. Configuring Solaris 10</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">3.3.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">3.3.1.2. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client
 _on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">3.3.1.3. Configuring NFS v4</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">3.3.2. Configuring Solaris 9</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">3.3.2.1. Configuring PAM on Solaris 9</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">3.4. Configuring an HP-UX System as an IPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">3.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_C
 lient_on_HP_UX-Configuring_Kerberos_and_PAM">3.4.2. Configuring Kerberos and PAM</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Kerberos">3.4.2.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_PAM">3.4.2.2. Configuring PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Access_Control">3.4.2.3. Configuring Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">3.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">3.4.4. Configuring Access Control</a></span></dt><dt><spa
 n class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">3.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">3.5. Configuring an AIX System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">3.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">3.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">3.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Testing_
 System_Login">3.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">3.6. Configuring a Macintosh OS X System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">3.6.1. Configuring Kerberos Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_Kerberos_Authentication-Configuring_Kerberos">3.6.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">3.6.1.2. Enabling Kerberos Authentication</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Maci
 ntosh_OS_X-Configuring_LDAP_Authorization">3.6.2. Configuring LDAP Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">3.6.2.1. Creating the LDAP Configuration</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">3.6.2.2. Setting up the LDAP Service Configuration Options</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">3.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">3.6.4. Configuring NTP</a></span></dt><dt><span c
 lass="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">3.6.5. Accessing the IPA Server Using SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Macintosh_OS_X-Configuring_System_Login">3.6.6. Configuring System Login</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="basic-usage.html">4. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#using-the-ui">4.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">4.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Au
 thentication_in_Your_Browser">4.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="logging-in.html">4.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="switching-users.html">4.3. Switching Users</a></span></dt><dt><span class="section"><a href="ipa-files.html">4.4. A Summary of IPA Server Configuration Files and Directories</a></span></dt></dl></dd><dt><span class="chapter"><a href="managing-clients.html">5. Managing Clients in the IPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">5.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">5.1.1. Adding Hosts to an IPA DNS</a></span></dt><dt><span class="section"><a href="managin
 g-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">5.1.2. Removing Hosts from an IPA DNS</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">5.1.3. Managing DNS Zones</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">5.1.3.1. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">5.1.3.2. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">5.1.3.3. Deleting Records from DNS Zones</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="enrolli
 ng-machines.html">5.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">5.2.1. Manual Host Enrollment with Privileged Administrator</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">5.2.2. Manual Host Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">5.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">5.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="config-virt-machines.html">5.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="sectio
 n"><a href="certs.html">5.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="certs.html#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">5.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html">5.6. Client Problems</a></span></dt><dt><span class="section"><a href="uninstalling-clients.html">5.7. Uninstalling an IPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="users.html">6. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="users.html#home-directories">6.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="adding-users.html">6.2. Adding Users</a></span></dt><dt><span class="section"><a href="editing-users.html">6.3. Editing
  Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html">6.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">6.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html">6.5. Deleting IPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">6.5.1. Using the Command Line</a></span></dt></dl></dd><dt><sp
 an class="section"><a href="user-groups.html">6.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">6.6.1. Creating IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">6.6.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">6.6.2. Editing IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">6.6.2.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_G
 roups">6.6.3. Deleting IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">6.6.3.1. Using the Command Line</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html">6.7. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">6.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">6.7.2. Changing Passwords as the IPA Administrator</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_a
 s_a_Regular_User">6.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">6.7.4. Editing the Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">6.7.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">6.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">6.7.5.1. Setting the
  Priority of Password Policies</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">6.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">6.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">6.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">6.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html">6.8. Searching for Users and Groups</a></span></dt
 ><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">6.8.1. Searching for Users</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">6.8.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">6.8.2. Searching for Groups</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">6.8.2.1. Using the Command Line</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="chapter"><a href="hosts.html">7. Identity: Managing Hosts and Host Groups</a></span></dt><dd><dl><dt><span class="section"><a href="hosts.html#adding-hosts">7.1. Addi
 ng and Editing Hosts</a></span></dt><dt><span class="section"><a href="host-groups.html">7.2. Creating Host Groups</a></span></dt></dl></dd><dt><span class="chapter"><a href="kerberos.html">8. Identity: Using IPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">8.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">8.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">8.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">8.3.1. Creating an IPA Se
 rvice</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">8.3.1.1. Requesting a Certificate for a Service</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">8.3.1.2. Using certmonger to Manage Certificate Requests</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">8.3.1.3. Using NSS</a></span></dt></dl></dd><dt><span class="section"><a h
 ref="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">8.3.2. Configuring an NFS Service Principal on the IPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html">8.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">8.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html">8.6. Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="automount.html">9. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#about-automount">9.1. About Automount and IPA</a><
 /span></dt><dd><dl><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">9.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">9.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html">9.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">9.2.1. Configuring autofs on Linux</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">9.2.1.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html
 #sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">9.2.2. Solaris automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">9.2.2.1. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">9.2.3. Configuring Indirect Maps</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">9.2.3.1. Configuring Direct Maps</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">9.2.4. Links</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="active-dir
 ectory.html">10. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">10.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">10.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">10.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="configuring-active-directory.html">10.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">10.4. Creating Synchronization Agreements<
 /a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">10.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">10.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">10.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsy
 nc_Agreement_Failures.html">10.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="nis.html">11. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#about-nis">11.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">11.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">11.1.2. The IPA Approach to Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">11.1.2.1. How IPA Stores Netgroups</a></span></dt></dl></dd><dt><span class="section"><a href="nis.html#adding-netgroups">11.1.3. Adding Netgroups</a></span></dt
 ><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">11.1.4. IPA Netgroup Commands</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">11.1.4.1. Examples</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html">11.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">11.2.1. Exposing Automount Maps to NIS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the
 _Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">11.2.1.1. Example Automount Map Configuration</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="migrintg-from-nis.html">11.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">11.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">11.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="authz.html">12. Policy: Configuring Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="authz.html#configuring-host-access">12.1. Configuring Host-Based Access Control
 </a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">12.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">12.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="sudo.html">13. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#about-sudo">13.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">13.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">13.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-En
 terprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">13.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">13.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-sudo.html">13.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">13.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">13.2.2. Client Configuration for Sudo Rules</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo
 .html#sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">13.2.2.1. NIS Configuration Notes</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="chapter"><a href="server-config.html">14. Configuring the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">14.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">14.1.1. Server-side Access Control</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">14.1.1.1. Types of Access Control</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="creating-roles.html">14.2. Creating Roles</a></span></dt><dt><span class="section"><a href="self-service.html">14.3
 . Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html">14.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="search-limits.html">14.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="disabling-anon-binds.html">14.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html">14.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">14.7.1. Assigning UIDs and GIDs</a></span></dt><dd><dl><dt><span class="sec
 tion"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">14.7.1.1. Selecting ID Ranges</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">14.7.1.2. Adding New Ranges</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html">14.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Insta
 lling_Your_Own_Certificate">14.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">14.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#Using_OCSP">14.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">14.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">14.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerb
 eros_Credentials_for_a_Clustered_Environment">14.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">14.10.1.1. Service-specific Configuration</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">14.10.1.2. SSL Server Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">14.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Work
 ing_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html">14.11. Creating DNS Entries for IPA Replicas</a></span></dt><dt><span class="section"><a href="promoting-replica.html">14.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="logging.html">14.13. IPA Server Logging</a></span></dt></dl></dd><dt><span class="appendix"><a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html">A. Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html">B. Services: Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_wit
 h_certmonger-Using_certmonger.html">B.2. Using certmonger</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html">B.3. Using certmonger with NSS</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html">B.4. Using certmonger with IPA</a></span></dt></dl></dd><dt><span class="appendix"><a href="Migrating_from_a_Directory_Server_to_IPA.html">C. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><spa
 n class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</a></span></dt></dl></dd><d
 t><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</a></span></dt></dl></dd><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guid
 e-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect
 -Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html">C.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Ente
 rprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Perfor
 ming_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="Glossary.html">Glossary</a></span></dt><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/installing-ipa.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/installing-ipa.html
new file mode 100644
index 0000000..de41244
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/installing-ipa.html
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. Installing an IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="deployment-scenarios.html" title="1.4. Planning IPA" /><link rel="next" href="Preparing_for_an_IPA_Installation.html" title="2.2. Preparing to Install the IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="deployment-scenarios.html"><strong>Prev</strong></a></li><li class="n
 ext"><a accesskey="n" href="Preparing_for_an_IPA_Installation.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="installing-ipa" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Installing an IPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="installing-ipa.html#Operating_System_Requirements">2.1. Supported Server Platforms</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html">2.2. Preparing to Install the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requi
 rements</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prerequisites">2.2.3. System Prerequisites</a></span></dt><dd><dl><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prereq-ds">2.2.3.1. Directory Server</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prereq-system">2.2.3.2. System Files </a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#prereq-ports">2.2.3.3. System Ports</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</a></span></dt><dt><span class="section"><a href="Preparing_for_an_IPA_Installation.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Networking</a></span></dt></dl></dd></dl></dd><dt><span class="section
 "><a href="Installing_the_IPA_Server_Packages.html">2.3. Installing the IPA Server Packages</a></span></dt><dt><span class="section"><a href="creating-server.html">2.4. Creating an IPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-command">2.4.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="creating-server.html#install-interactive">2.4.2. Setting up an IPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-examples">2.4.3. Examples of Creating the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-normal">2.4.3.1. Non-Interactive Basic Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-ca-options">2.4.3.2. Using Different CAs</a></span></dt><dt><span class="section"><a href="creating-server.html#install-dns">2.4.3.3. Using DNS</a></span>
 </dt></dl></dd><dt><span class="section"><a href="creating-server.html#troubleshooting-install">2.4.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html">2.5. Setting up IPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#installing-replica">2.5.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#creating-the-replica">2.5.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#troubleshooting-replica-install">2.5.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="Uninstalling_IPA_Servers.html">2.6. Uninstalling IPA Server
 s and Replicas</a></span></dt></dl></div><div class="para">
+		The IPA domain is defined and managed by an IPA <span class="emphasis"><em>server</em></span> which is essentially a domain controller. There can be multiple domain controllers within a domain for load-balancing and failover tolerance. These additional servers are called <span class="emphasis"><em>replicas</em></span> of the master IPA server.
+	</div><div class="para">
+		Both IPA servers and replicas only run on Red Hat Enterprise Linux systems. For both servers and replicas, the necessary packages must be installed and then the IPA server or replica itself is configured through setup scripts, which configure all of the requisite services.
+	</div><div class="section" id="Operating_System_Requirements"><div class="titlepage"><div><div><h2 class="title" id="Operating_System_Requirements">2.1. Supported Server Platforms</h2></div></div></div><div class="para">
+			IPA 2.1 is supported on these platforms:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Red Hat Enterprise Linux 6.1 i386
+				</div></li><li class="listitem"><div class="para">
+					Red Hat Enterprise Linux 6.1 x86_64
+				</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="deployment-scenarios.html"><strong>Prev</strong>1.4. Planning IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Preparing_for_an_IPA_Installation.html"><strong>Next</strong>2.2. Preparing to Install the IPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/introduction.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/introduction.html
new file mode 100644
index 0000000..f0a2818
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/introduction.html
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. Introduction to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="doc-history.html" title="4. Document Change History" /><link rel="next" href="ipa-components.html" title="1.2. Identity Management: Authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="doc-history.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="
 ipa-components.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="introduction" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Introduction to IPA</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="introduction.html#what-is-ipa">1.1. IPA Defined</a></span></dt><dd><dl><dt><span class="section"><a href="introduction.html#ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</a></span></dt><dd><dl><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</a></span></dt><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</a></span></dt><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture
 -IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</a></span></dt></dl></dd><dt><span class="section"><a href="introduction.html#ipa-domains">1.1.2. About IPA Domains</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-components.html">1.2. Identity Management: Authentication</a></span></dt><dt><span class="section"><a href="policy.html">1.3. Defining Policies: Authorization</a></span></dt><dt><span class="section"><a href="deployment-scenarios.html">1.4. Planning IPA</a></span></dt></dl></div><div class="para">
+		XXXXX introXXXXXXXX
+	</div><div class="section" id="what-is-ipa"><div class="titlepage"><div><div><h2 class="title" id="what-is-ipa">1.1. IPA Defined</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div><div class="para">
+			IPA is an integrated security information management solution which combines Red Hat Enterprise Linux, Red Hat Directory Server, MIT Kerberos, and NTP. It provides web browser and command-line interfaces, and its numerous administration tools allow an administrator to quickly install, set up, and administer one or more servers for centralized authentication and identity management.
+		</div><div class="para">
+			The latest version of IPA extends the integration of DNS, includes a Certificate System Server, an enhanced administrative framework, support for host identities, netgroups, automount by location and other features.
+		</div><div class="para">
+			IPA focuses on making centralized identity and policy easy to manage in Linux and Unix environments, and includes interoperability with the Windows environment.
+		</div><div class="section" id="ipa-v-ldap"><div class="titlepage"><div><div><h3 class="title" id="ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</h3></div></div></div><div class="para">
+				XXXXXXXXXX fix me XXXXXXXX
+			</div><div class="para">
+				The following diagram provides a high-level view of the current IPA architecture. It is broken down into three main components: the IPA core; the management station; and the managed host. Each of these components is described in more detail below.
+			</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-High_level_IPA_Architecture"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_arch.png" alt="High-level IPA Architecture" /></div></div><h6>Figure 1.1. High-level IPA Architecture</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</h4></div></div></div><div class="para">
+					The IPA core consists of the servers, services, and other utilities necessary to provide the fundamental IPA functionality. This includes the management framework, the directory server, the KDC, the web server, and the DNS.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Kerberos_KDC"><h5 class="formalpara">Kerberos KDC</h5>
+						The Kerberos KDC is the Kerberos authentication server, and provides authentication services for users, hosts, and services. It stores its data in the directory server.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Directory_Server"><h5 class="formalpara">Directory Server</h5>
+						The directory server is the core storage system of the IPA server. The directory server stores all of the information about user accounts used by the KDC for authentication, groups, hosts, services, netgroups and policy information. If configured and used, DNS uses the same instance of the directory server to store DNS information. The directory server provides a multi-master replication capability so that multiple IPA replicas can be deployed.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Management_Framework"><h5 class="formalpara">Management Framework</h5>
+						The management framework is an abstraction layer which provides some business logic on top of the directory server. The management of data in the DS is performed over the XML-RPC interface through the management framework.
+					</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+						Direct modifications to the DS data is strongly discouraged unless explicitly mentioned in the documentation.
+					</div></div></div><div class="para">
+					The management framework uses a pluggable architecture that allows adding or extending existing objects in IPA by third parties.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-DNS"><h5 class="formalpara">DNS</h5>
+						The DNS is the Domain Name Service. This is an optional component that can be installed and configured at any time. Alternatively, an existing DNS server can be used. In this case, however, there will be no tight integration between DNS management and the management of hosts that IPA provides.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Web_UI"><h5 class="formalpara">Web UI</h5>
+						The web UI provides web-based management services for the IPA server.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-NTP"><h5 class="formalpara">NTP</h5>
+						NTP is an optional service, but can be enabled on the IPA server, in which case the IPA server becomes the NTP server for the deployment. You can use other NTP servers as desired.
+					</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</h4></div></div></div><div class="para">
+					The management station is used to perform administrative tasks on the IPA server. IPA provides two interfaces for these tasks.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Management_Stations-Command_Line_Interface_CLI"><h5 class="formalpara">Command Line Interface (CLI)</h5>
+						The CLI performs management tasks using the management framework over the XML-RPC interface. Every management operation that can be performed against the IPA server can be done using this interface. The client side of the administrative interface is a package that needs to be installed on the Management Station.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Management_Stations-Browser_Interface"><h5 class="formalpara">Browser Interface</h5>
+						The browser interface is used for web-based management. It connects to the management framework using the JSON RPC.
+					</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</h4></div></div></div><div class="para">
+					An IPA <em class="firstterm">managed host</em> is a host that is managed by IPA. The definition of "manage" in this context can be stated as "being able to retrieve a keytab and certificates on behalf of another host or service". This management is established by enrolling the host with IPA, a task performed by the <code class="command">ipa-client-install</code> command. As a result of this enrollment, <code class="systemitem">SSSD</code> and <code class="systemitem">certmonger</code> are configured (they are aware of the location of the IPA server), the keytab is provisioned and the host certificate is created. The host certificate is not used by IPA but is created nonetheless, for possible use by services that might be running on the host. The web server is one example of this.
+				</div><div class="para">
+					As a result of user authentication against the KDC, the TGT (ticket-granting ticket) is stored on the client machine. That ticket is used to access different services that are members of the same Kerberos domain. All services need to be registered in IPA and have a keytab provisioned for them. To do this, you need to create a service record in IPA and then execute the <code class="command">ipa-getkeytab</code> on the host where the service will be running. Note that this operation is independent of making the host a managed host. The service can run on either a managed host or an unmanaged host.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-SSSD"><h5 class="formalpara">SSSD</h5>
+						When configured to use IPA via its IPA back end, SSSD provides user authentication, identity look ups and HBAC (Host-based Access Control) enforcement. The host enrollment and configuration of SSSD are performed automatically by the <code class="command">ipa-client-install</code> command.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-certmonger"><h5 class="formalpara">certmonger</h5>
+						<code class="systemitem">certmonger</code> is an unattended service that can monitor the certificates on the client system and renew them on a scheduled basis when they are about to expire. It can also be used to request new certificates for the services running on the system or for a different system, for example when a management server or hypervisor requests certificates for a set of virtual machines.
+					</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-Extending_the_Permissions_of_IPA_Managed_Hosts"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-Extending_the_Permissions_of_IPA_Managed_Hosts">1.1.1.3.1. Extending the Permissions of IPA Managed Hosts</h5></div></div></div><div class="para">
+						As discussed in <a class="xref" href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">Section 1.1.1.3, “IPA Managed Hosts”</a>, the definition of "manage" is "being able to retrieve a keytab and certificates on behalf of another host or service". Every host and service has a <em class="parameter"><code>managedby</code></em> entry. By default, a host can manage itself and all of its services. It is also possible to allow a host to manage other hosts, or services on other hosts, by updating the appropriate delegations or providing a suitable <em class="parameter"><code>managedby</code></em> entry. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								If a host is provided with a <em class="parameter"><code>managedby</code></em> entry to another host, it does not mean management of all services on that host. Each delegation has to be performed independently.
+							</div></div></div>
+
+					</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Service_Management"><div class="titlepage"><div><div><h6 class="title" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Service_Management">1.1.1.3.1.1. Delegating Service Management</h6></div></div></div><div class="para">
+							This section describes how to create a new host and a service on that host, and then delegate management of that service to another host. In this example, the IPA server is installed on <code class="systemitem">slinky.example.com</code>
+						</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Delegating_Service_Management-To_delegate_service_management_to_another_host"><h6>Procedure 1.1. To delegate service management to another host</h6><ol class="1"><li class="step"><div class="para">
+									Create a new host: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add panther.example.com</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Create a service on this host: 
+<pre class="screen"><code class="command"># ipa service-add test/panther.example.com</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Delegate managing the service: 
+<pre class="screen"><code class="command"># ipa service-add-host --hosts=slinky panther</code></pre>
+
+								</div><div class="para">
+									You can now use the host service principal on <code class="systemitem">slinky</code> to manage <code class="systemitem">panther</code>: 
+<pre class="screen"><code class="command"># kinit -kt /etc/krb5.keytab host/`hostname`</code>
+<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/test.keytab -p test/panther.example.com</code>
+Keytab successfully retrieved and stored in: /tmp/test.keytab</pre>
+
+								</div></li><li class="step"><div class="para">
+									To create a ticket for this service, create a CSR and then run the following command: 
+<pre class="screen"><code class="command"># ipa cert-request --add --principal=test/panther.example.com panther.csr</code>
+  Certificate: MIICETCCAXqgA...[snip]
+  Subject: CN=panther.example.com,O=EXAMPLE.COM
+  Issuer: CN=EXAMPLE.COM Certificate Authority
+  Not Before: Tue Feb 08 18:51:51 2011 UTC
+  Not After: Mon Feb 08 18:51:51 2016 UTC
+  Fingerprint (MD5): c1:46:8b:29:51:a6:4c:11:cd:81:cb:9d:7c:5e:84:d5
+  Fingerprint (SHA1):
+  01:43:bc:fa:b9:d8:30:35:ee:b6:54:dd:a4:e7:d2:11:b1:9d:bc:38
+  Serial number: 1005
+</pre>
+
+								</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Host_Management"><div class="titlepage"><div><div><h6 class="title" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Host_Management">1.1.1.3.1.2. Delegating Host Management</h6></div></div></div><div class="para">
+							This section describes how to delegate management of one host to another host. This example uses the same hosts as those used in the previous example.
+						</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Delegating_Host_Management-To_delegate_host_management_to_another_host"><h6>Procedure 1.2. To delegate host management to another host</h6><ol class="1"><li class="step"><div class="para">
+									Ensure you have <code class="systemitem">admin</code> credentials and then add the appropriate <em class="parameter"><code>managedby</code></em> entry: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add-managedby --hosts=slinky panther</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Obtain a TGT as the host <code class="systemitem">slinky</code> and then retrieve a keytab for <code class="systemitem">panther</code>: 
+<pre class="screen"><code class="command"># kinit -kt /etc/krb5.keytab host/`hostname`</code>
+<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/panther.keytab -p host/panther.example.com</code>
+Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
+
+								</div></li></ol></div></div></div></div></div><div class="section" id="ipa-domains"><div class="titlepage"><div><div><h3 class="title" id="ipa-domains">1.1.2. About IPA Domains</h3></div></div></div><div class="para">
+				XXXXXXXXXX fix me XXXXXXXX
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="doc-history.html"><strong>Prev</strong>4. Document Change History</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-components.html"><strong>Next</strong>1.2. Identity Management: Authentication</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-apache.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-apache.html
new file mode 100644
index 0000000..1582183
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-apache.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.9. Setting an IPA Server as an Apache Virtual Host</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html" title="14.8. Configuring Certificates and Certificate Authorities" /><link rel="next" href="ipa-cluster.html" title="14.10. Using IPA in a Cluster" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
 "><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">14.9. Setting an IPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
+			If you have a standard Apache instance running on port 80, you can configure IPA to run on a secondary port, for example, on port 8089. You should be aware, however, that in this configuration, IPA does not use <code class="systemitem">SSL</code>; all requests will use standard <code class="systemitem">HTTP</code>.
+		</div><div class="para">
+			The following procedure assumes that IPA is configured to run on port 80, and that you want to move it to port 8089.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_IPA_to_run_as_an_Apache_Virtual_Host-To_configure_IPA_to_run_on_port_8089"><h6>Procedure 14.4. To configure IPA to run on port 8089:</h6><ol class="1"><li class="step"><div class="para">
+					Log in as the <code class="systemitem">root</code> user.
+				</div></li><li class="step"><div class="para">
+					Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file. Add the following three lines to the beginning of the file:
+				</div><pre class="programlisting">Listen 8089
+NameVirtualHost *:8089
+&lt;VirtualHost *:8089&gt;
+</pre></li><li class="step"><div class="para">
+					Add the following line to the end of the file:
+				</div><pre class="programlisting">&lt;/VirtualHost&gt;
+</pre><div class="para">
+					This wraps the entire IPA configuration in a virtual host, and ensures that Apache is listening to that port.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You cannot use port 8080. This port is used by the <code class="systemitem">ipa_webgui</code> service.
+					</div></div></div></li><li class="step"><div class="para">
+					Comment out the following rewrite rules from the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file:
+				</div><pre class="programlisting">----------------------------------------------------------------------
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+RewriteCond %{HTTP_HOST}    !^host.foo.com$ [NC]
+RewriteRule ^/(.*)          http://host.foo.com/$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
+RewriteCond %{SERVER_PORT}  !^443$
+RewriteCond %{REQUEST_URI}  !^/(errors|config|favicon.ico)
+RewriteRule ^/(.*)          https://host.foo.com/$1 [L,R=301,NC]
+---------------------------------------------------------------------
+</pre></li><li class="step"><div class="para">
+					Reload the <code class="systemitem">httpd</code> service.
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># service httpd reload</code></pre>
+
+				</div></li></ol></div><div class="para">
+			This configures IPA to run on port 8089, leaving port 80 free for your normal web site.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong>14.8. Configuring Certificates and Certificate Au...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong>14.10. Using IPA in a Cluster</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-cluster.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-cluster.html
new file mode 100644
index 0000000..17ad790
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-cluster.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.10. Using IPA in a Cluster</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="ipa-apache.html" title="14.9. Setting an IPA Server as an Apache Virtual Host" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html" title="14.11. Creating DNS Entries for IPA Replicas" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li clas
 s="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">14.10. Using IPA in a Cluster</h2></div></div></div><div class="para">
+			The IPA server currently does not specifically handle the case of a service running in a cluster. That is, the IPA server is not <em class="firstterm">cluster aware</em>. It is possible to configure a clustered service to be part of IPA, although a certain amount of manual configuration is required. This involves sharing and synchronizing Kerberos keys across all of the participating hosts, and also configuring services running on the hosts to respond to whatever names the clients want to use.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">14.10.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
+				Use the following procedure to set up the Kerberos credentials for an environment where your managed host is a cluster of nodes.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><h6>Procedure 14.5. Configuring Kerberos Credentials for a Clustered Environment</h6><ol class="1"><li class="step"><div class="para">
+						Enroll all of the hosts in the IPA domain, and collect any keytabs that have been set up. At a minimum, this is <code class="filename">/etc/krb5.keytab</code>, although additional services may have their keys in other files.
+					</div></li><li class="step"><div class="para">
+						Use the <code class="command">ktutil</code> command to produce a single keytab file that contains the contents of all of the keytab files.
+					</div><ol class="a"><li class="step"><div class="para">
+								For each file, use the <code class="command">rkt</code> command to read the keys from that file.
+							</div></li><li class="step"><div class="para">
+								Use the <code class="command">wkt</code> command to write all of the keys which have been read to a new keytab file.
+							</div></li></ol></li><li class="step"><div class="para">
+						Replace the keytab files on each host with the newly-created keytab file.
+					</div></li></ol></div><div class="para">
+				Each host in this cluster should now be able to impersonate any other host.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">14.10.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
+					Additional service-specific configuration may be required if cluster members do not reset their hostnames when they take over for a failed service. 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								For <code class="systemitem">sshd</code>, set <em class="parameter"><code>GSSAPIStrictAcceptorCheck no</code></em> in <code class="filename">/etc/ssh/sshd_config</code>
+							</div></li><li class="listitem"><div class="para">
+								For <code class="systemitem">mod_auth_kerb</code>, set <em class="parameter"><code>KrbServiceName Any</code></em> in <code class="filename">/etc/httpd/conf.d/auth_kerb.conf</code>
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">14.10.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
+					For SSL servers, it is important that the subject name or a <em class="parameter"><code>subjectAlternativeName</code></em> value for the server's certificate look correct when a client connects to the clustered item. The simplest way to do this is to keep the private key and certificate synchronized across all of the hosts, but it is better to share the private key if possible. Ensuring that certificates issued to each cluster member contain <em class="parameter"><code>subjectAlternativeName</code></em> values naming all of the cluster members should satisfy any client connection requirements.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">14.10.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
+				One aspect of applying IPA in a cluster use case is using the same service principal for multiple services, spread across different machines. This is a simple procedure and could be implemented as follows: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Retrieve a service principal in the normal way, using the <code class="command">ipa-getkeytab</code> command, or use the keytab that is set up when the host joins the realm. That is, by using <code class="command">ipa-join</code>, which creates or updates the <code class="filename">/etc/krb5.keytab</code> file with a host/principal.
+						</div></li><li class="listitem"><div class="para">
+							When you have the principal in a keytab on the system, you can direct multiple servers or services to use the same file, or you can copy the file to discrete locations as required.
+						</div></li></ol></div>
+
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong>14.9. Setting an IPA Server as an Apache Virtual ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Next</strong>14.11. Creating DNS Entries for IPA Replicas</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-components.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-components.html
new file mode 100644
index 0000000..5987c52
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-components.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Identity Management: Authentication</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="prev" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="next" href="policy.html" title="1.3. Defining Policies: Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="introduction.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="p
 olicy.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-components"><div class="titlepage"><div><div><h2 class="title" id="ipa-components">1.2. Identity Management: Authentication</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="introduction.html"><strong>Prev</strong>Chapter 1. Introduction to IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="policy.html"><strong>Next</strong>1.3. Defining Policies: Authorization</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-files.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-files.html
new file mode 100644
index 0000000..8d58117
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ipa-files.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.4. A Summary of IPA Server Configuration Files and Directories</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="basic-usage.html" title="Chapter 4. Basic Usage" /><link rel="prev" href="switching-users.html" title="4.3. Switching Users" /><link rel="next" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="switching-users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" hr
 ef="managing-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-files"><div class="titlepage"><div><div><h2 class="title" id="ipa-files">4.4. A Summary of IPA Server Configuration Files and Directories</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="switching-users.html"><strong>Prev</strong>4.3. Switching Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong>Chapter 5. Managing Clients in the IPA Domain</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ix01.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ix01.html
new file mode 100644
index 0000000..2f8c746
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/ix01.html
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Index</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div class="index" id="id2927694"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div class="index"></
 div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong>Glossary</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/kerb-policies.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/kerb-policies.html
new file mode 100644
index 0000000..3e78ff7
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/kerb-policies.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Setting Kerberos Ticket Policies</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /><link rel="prev" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html" title="8.3. Creating and Using Service Principals" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul clas
 s="docnav"><li class="previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong></a></li></ul><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">8.2. Setting Kerberos Ticket Policies</h2></div></div></div><div class="para">
+			Kerberos tickets are issued subject to the restraints of the <em class="firstterm">Kerberos ticket policy</em>. This policy defines the maximum ticket lifetime and also the maximum renewal age, the period during which the ticket is renewable. You can use the <code class="command">ipa krbtpolicy-mod</code> command to modify the policy to suit your environment. You can also use the <code class="command">ipa krbtpolicy-reset</code> command to reset the policy to the default values.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Use the following command to restart the KDC: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div></div></div><div class="para">
+			Kerberos authentication is the core of the IPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+		</div><div class="para">
+			IPA uses a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age; that is, the period during which the ticket is renewable. You can also create a per-user ticket policy by specifying the user login.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Changes to the global policy require a restart of the KDC service to take effect, as follows: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div><div class="para">
+				Changes to per-user policies take effect immediately for newly-requested tickets, for example, when the user next runs <code class="command">kinit</code>.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong>Chapter 8. Identity: Using IPA for a Kerberos Dom...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong>8.3. Creating and Using Service Principals</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/kerberos.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/kerberos.html
new file mode 100644
index 0000000..2af8c86
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/kerberos.html
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Identity: Using IPA for a Kerberos Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="host-groups.html" title="7.2. Creating Host Groups" /><link rel="next" href="kerb-policies.html" title="8.2. Setting Kerberos Ticket Policies" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="host-groups.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="kerb-
 policies.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Using IPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">8.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">8.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">8.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">8.3.1. Creating an 
 IPA Service</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">8.3.1.1. Requesting a Certificate for a Service</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">8.3.1.2. Using certmonger to Manage Certificate Requests</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">8.3.1.3. Using NSS</a></span></dt></dl></dd><dt><span class="section
 "><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">8.3.2. Configuring an NFS Service Principal on the IPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html">8.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">8.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html">8.6. Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">8.1. About Kerberos</h2></div></div></div><div class="para">
+			The Kerberos server is a part of IPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <em class="firstterm">ticket</em>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
+		</div><div class="para">
+			To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <em class="firstterm">ticket-granting ticket</em> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+		</div><div class="para">
+			<code class="systemitem">Kerberos</code> is a network authentication protocol which allows users to authenticate to services with the help of a KDC. <code class="systemitem">Kerberos</code> authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <em class="firstterm">principal names</em>, and those users and services are often referred to simply as <em class="firstterm">principals</em>.
+		</div><div class="para">
+			A service principal consists of three components: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						the service name
+					</div></li><li class="listitem"><div class="para">
+						the fully-qualified domain name (FQDN)
+					</div></li><li class="listitem"><div class="para">
+						the Kerberos realm
+					</div></li></ul></div>
+
+		</div><div class="para">
+			The service name is an arbitrary case-sensitive string, such as <code class="systemitem">host</code>, <code class="systemitem">HTTP</code>, <code class="systemitem">ldap</code>, or <code class="systemitem">DNS</code>. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the <code class="systemitem">host</code> service principal.
+		</div><div class="para">
+			The syntax, or structure, of a service principal is as follows: <code class="systemitem">service/FQDN at REALM</code>. For example, the host service principal for a machine named <code class="systemitem">test.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code> would be <code class="systemitem">host/test.example.com at EXAMPLE.COM</code>. By convention, this principal is stored in <code class="filename">/etc/krb5.keytab</code>.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				When you run the <code class="command">ipa-client-install</code> command, it retrieves the host service principal and stores it in the <code class="filename">/etc/krb5.keytab</code> file. This host principal is stored within the host record so that the service commands cannot be used with this principal. The idea behind this is that after you have run the <code class="command">ipa-client-install</code> command, your client should be fully prepared to participate in the IPA network.
+			</div></div></div><div class="para">
+			Clients use service principals to inform the KDC which service they need a ticket for. The KDC uses the key assigned to the service principal to encrypt the service ticket it grants to client. Service principals and their associated keys are stored in a keytab file. If the KDC has the service principal and the key assigned to that principal, it can still provide the client with a ticket, but the service server will not be able to decrypt the ticket without the key stored in that keytab file.
+		</div><div class="para">
+			Service principals are typically released per service, although it is possible for one service principal to be used for more than one service.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-The_Importance_of_Service_Principals_and_keytabs"><h5 class="formalpara">The Importance of Service Principals and keytabs</h5>
+				Service principals and their associated keys play a critical role in a <code class="systemitem">Kerberos</code>-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their <code class="systemitem">Kerberos</code> credentials.
+			</div><div class="para">
+			For example, if a user tries to mount an <code class="systemitem">NFS</code> directory using <code class="systemitem">Kerberos</code>, then both the <code class="systemitem">NFS</code> server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the IPA <code class="systemitem">NFS</code> configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-Protecting_keytab_Files"><h5 class="formalpara">Protecting keytab Files</h5>
+				To protect your keytab files, consider the following general rules with respect to their permissions and ownership: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Owner: <span class="property">uid</span> of the process that will use the keytab
+						</div></li><li class="listitem"><div class="para">
+							Mode: 0600
+						</div></li></ul></div>
+				 For example, set the owner of the <span class="application"><strong>Apache</strong></span> keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Clients attempting to mount <code class="systemitem">NFS</code> exports rely on the existence of a valid principal and secret key on both the <code class="systemitem">NFS</code> server and the client host. Clients themselves should not have access to the <code class="systemitem">NFS</code> keytab. The ticket for the <code class="systemitem">NFS</code> connection will be given to clients from the KDC.
+			</div><div class="para">
+				Failure to export an updated keytab can cause problems that are difficult to isolate. For example, existing service connections may continue to function, but no new connections may be possible.
+			</div><div class="para">
+				Due to the critical role that keytabs play in authenticating users and services, and the issues that can arise if they are compromised, ensure that all keytab files are appropriately secured, and have suitable file ownership and permissions established.
+			</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="host-groups.html"><strong>Prev</strong>7.2. Creating Host Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="kerb-policies.html"><strong>Next</strong>8.2. Setting Kerberos Ticket Policies</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/logging-in.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/logging-in.html
new file mode 100644
index 0000000..f28c245
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/logging-in.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Logging into the IPA UI</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="basic-usage.html" title="Chapter 4. Basic Usage" /><link rel="prev" href="basic-usage.html" title="Chapter 4. Basic Usage" /><link rel="next" href="switching-users.html" title="4.3. Switching Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="basic-usage.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="switching-users.html"><stron
 g>Next</strong></a></li></ul><div class="section" id="logging-in"><div class="titlepage"><div><div><h2 class="title" id="logging-in">4.2. Logging into the IPA UI</h2></div></div></div><div class="para">
+			To be able to perform any administrative task you need to authenticate to the server. During the configuration step you were prompted to create two users. The first of these, <code class="literal">Directory Manager</code>, is the superuser, used to perform rare, low-level tasks. The second user, <code class="literal">admin</code>, is used to perform normal administrative activities.
+		</div><div class="para">
+			To authenticate as the <code class="literal">admin</code> user:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Open a new terminal window. This is to ensure that all default aspects of the environment (especially paths) are set correctly.
+				</div></li><li class="step"><div class="para">
+					In this window, type <code class="command">kinit admin</code>.
+				</div></li><li class="step"><div class="para">
+					When you are prompted to enter a password, use the password that you specified during the configuration step for the <code class="literal">admin</code> user.
+				</div></li></ol></div><div class="para">
+			As a result of this operation you will acquire what is known as a Kerberos <em class="firstterm">ticket</em>. You can use the <code class="command">klist</code> command to inspect the details of the ticket that you have acquired.
+		</div><div class="para">
+			You can now authenticate using the newly-created user and temporary password. Type <code class="command">kinit &lt;user login&gt;</code> to log in to IPA. This will prompt you for a password and then immediately request a password change.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The <span class="application"><strong>Kerberos</strong></span> client libraries used by the <code class="command">kinit</code> utility have some limitations. One of these limitations is the fact that the on-disc ticket storage is overwritten with any new invocation of <code class="command">kinit</code>. This means that if you authenticated as <code class="systemitem">admin</code>, then added user <code class="systemitem">foo</code>, set their password and then tried to authenticate as that user, the administrator's ticket would be lost. To prevent this from happening, a special environment variable, <code class="varname">KRB5CCNAME</code>, can be used. This allows you to keep credential caches separate in different shells. Refer to the <code class="command">kinit</code> man page for more information.
+			</div></div></div><div class="para">
+			You can browse the IPA man pages and help system to explore other IPA commands. Please take some time to become familiar with the ways other IPA objects can be created and modified.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="basic-usage.html"><strong>Prev</strong>Chapter 4. Basic Usage</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="switching-users.html"><strong>Next</strong>4.3. Switching Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/logging.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/logging.html
new file mode 100644
index 0000000..4affe8c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/logging.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.13. IPA Server Logging</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="promoting-replica.html" title="14.12. Promoting a Read-Only Replica to an IPA Server" /><link rel="next" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
 "p" href="promoting-replica.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Next</strong></a></li></ul><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">14.13. IPA Server Logging</h2></div></div></div><div class="para">
+			If you are using the IPA command-line tools or the WebUI to manage IPA data then you should refer to the following sections to help troubleshoot any problems.
+		</div><div class="para">
+			You should first check the <code class="filename">/var/log/httpd/error_log</code> file. This may contain more information on the error and/or a python stacktrace.
+		</div><div class="para">
+			To see the LDAP queries that are being made by the framework you can inspect the <code class="filename">/var/log/dirsrv/slapd-INSTANCE/access</code> file. Note that this file is buffered and so it only writes to disk about every 30 seconds.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Server_Debugging_Output"><h5 class="formalpara">Increasing Server Debugging Output</h5>
+				To increase the server debugging output you can create the <code class="filename">/etc/ipa/server.conf</code> file and include the following entry: 
+<pre class="programlisting">[global]
+debug=True</pre>
+				 You need to restart the <code class="systemitem">httpd</code> daemon for this change to take effect.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Client_Debugging_Output"><h5 class="formalpara">Increasing Client Debugging Output</h5>
+				You can increase debugging output on the client with the <code class="option">-v</code> global option: 
+<pre class="screen"><code class="command">$ ipa -v user-show admin</code></pre>
+				 You can use the <code class="option">-v</code> option twice to display the XML-RPC exchange: 
+<pre class="screen"><code class="command">$ ipa -vv user-show admin</code></pre>
+
+			</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="promoting-replica.html"><strong>Prev</strong>14.12. Promoting a Read-Only Replica to an IPA Se...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Next</strong>Appendix A. Frequently Asked Questions</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/managing-clients.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/managing-clients.html
new file mode 100644
index 0000000..486d6cd
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/managing-clients.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. Managing Clients in the IPA Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="ipa-files.html" title="4.4. A Summary of IPA Server Configuration Files and Directories" /><link rel="next" href="enrolling-machines.html" title="5.2. Enrolling Machines" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-files.html"><strong>Prev</strong></a></li><li class="next"><a
  accesskey="n" href="enrolling-machines.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="managing-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Managing Clients in the IPA Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">5.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">5.1.1. Adding Hosts to an IPA DNS</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">5.1.2. Removing Hosts from an IPA DNS</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DN
 S-Managing_DNS_Zones">5.1.3. Managing DNS Zones</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">5.1.3.1. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">5.1.3.2. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">5.1.3.3. Deleting Records from DNS Zones</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="enrolling-machines.html">5.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">5.2.1. Manual Host Enrollment wi
 th Privileged Administrator</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">5.2.2. Manual Host Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">5.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">5.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="config-virt-machines.html">5.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="certs.html">5.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="certs.html#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">5.5.1. Authen
 tication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html">5.6. Client Problems</a></span></dt><dt><span class="section"><a href="uninstalling-clients.html">5.7. Uninstalling an IPA Client</a></span></dt></dl></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">5.1. Working with DNS</h2></div></div></div><div class="para">
+			A number of benefits exist if you take advantage of IPA's ability to automatically install and configure a DNS, in particular the ability to ease the modification of DNS records when adding hosts to IPA. For example, options exist to add and remove IP addresses, A entries, PTR entries, etc. These options are not available if you are not using an IPA-based DNS.
+		</div><div class="para">
+			IPA stores all DNS information as discrete records in LDAP, and communicates with LDAP using the <span class="package">bind-dyndb-ldap</span> plug-in and the <code class="filename">install/share/60basev2.ldif</code> schema. You can install and configure the DNS as part of the IPA server installation, using the <code class="option">--setup-dns</code> option, or you can add it later using the <code class="command">ipa-dns-install</code> command.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				The following options are currently only available with IPv4 addresses.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">5.1.1. Adding Hosts to an IPA DNS</h3></div></div></div><div class="para">
+				If you are using an IPA-based DNS system, you can use the <code class="option">--ip-address</code> and <code class="option">--force</code> options to the <code class="command">ipa host-add</code> command to provide the IP address and hostname of the IPA machine to the DNS. For example, 
+<pre class="screen"><code class="command">$ ipa host-add --force --ip-address=192.168.166.31 puma.example.com </code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">5.1.2. Removing Hosts from an IPA DNS</h3></div></div></div><div class="para">
+				IPA provides the <code class="command">ipa host-del</code> command to delete IPA hosts. You can pass the <code class="option">--updatedns</code> option to this command to remove the associated records from the DNS. It will attempt to remove any record, A, AAAA, PTR, NS, SRV, and other entries that reference this host. For example, 
+<pre class="screen"><code class="command">$ ipa host-del --updatedns puma</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">5.1.3. Managing DNS Zones</h3></div></div></div><div class="para">
+				IPA provides all the necessary commands to create and manage zones in an IPA-managed DNS server. You can create and delete zones and add entries to any of these zones using the appropriate IPA commands.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">5.1.3.1. Adding DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnszone-add</code> command to add a new zone to your DNS server. You can pass optional attributes on the command line, and you will be prompted for any required information. The following example demonstrates adding a new zone to your top-level domain.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You need to restart the <code class="systemitem">named</code> service whenever you create a new zone, otherwise the DNS server will not reply successfully to queries asking for records in the new zone. This is a one-time operation; any subsequent changes to the zone do not require any further action to be effective.
+					</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_add_the_sub_domain_translation_to_the_ipadocs.org_domain"><h6>Procedure 5.1. To add the sub-domain "translation" to the ipadocs.org domain</h6><ol class="1"><li class="step"><div class="para">
+							Ensure you have a valid Kerberos ticket: 
+<pre class="screen"><code class="command">$ kinit admin</code>
+Password for admin at IPADOCS.ORG:</pre>
+
+						</div></li><li class="step"><div class="para">
+							Run the following command to add the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-add translation.ipadocs.org</code></pre>
+
+						</div></li><li class="step"><div class="para">
+							Reload the <code class="systemitem">named</code> service (ensure you have <code class="systemitem">root</code> privileges): 
+<pre class="screen"><code class="command"># service named reload</code></pre>
+
+						</div></li></ol></div><div class="para">
+					Use the <code class="command">ipa dnszone-show</code> command to display details about the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-show translation.ipadocs.org</code>
+  Zone name: translation.ipadocs.org
+  Authoritative name server: ipaserver.ipadocs.org.
+  Administrator e-mail address: root.translation.ipadocs.org.
+  SOA serial: 2011090201
+  SOA refresh: 3600
+  SOA retry: 900
+  SOA expire: 1209600
+  SOA minimum: 3600
+  Active zone: TRUE</pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><h5 class="formalpara">Using Dynamic DNS Updates</h5>
+						Dynamic DNS updates are not enabled by default for new DNS zones served by IPA; that is, zones added by the <code class="command">ipa dnszone-add</code> command. This may lead to errors in the <code class="command">ipa-client-install</code> script when it joins this domain and tries to add a DNS record pointing to this new client.
+					</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_enable_dynamic_DNS_updates"><h6>Procedure 5.2. To enable dynamic DNS updates</h6><ul><li class="step"><div class="para">
+							Use the following command to enable dynamic updates:
+						</div><pre class="screen"><code class="command">$ ipa dnszone-mod clients.example.com --allow-dynupdate \ </code>
+                        <code class="command">--update-policy="grant TESTRELM krb5-self * A; grant TESTRELM krb5-self * AAAA;"</code></pre><div class="para">
+							In this example, <code class="systemitem">clients.example.com</code> is the custom DNS domain managed by the IPA server and TESTRELM is the Kerberos realm.
+						</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">5.1.3.2. Adding Records to DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-add</code> command to add various types of records to DNS zones. The following examples demonstrate adding some of these types of records.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv4_Type_A_Resource_Records"><h5 class="formalpara">Adding IPv4 (Type A) Resource Records</h5>
+						Type A resource records map hostnames to IPv4 addresses. To add a type A resource record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165</code></pre>
+						 This creates the record <code class="uri">www.example.com</code> with the IP address 10.64.14.165. Refer to <a href="http://tools.ietf.org/html/rfc1035">http://tools.ietf.org/html/rfc1035</a> for detailed information on Type A resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv6_Type_AAAA_Resource_Records"><h5 class="formalpara">Adding IPv6 (Type AAAA) Resource Records</h5>
+						Type AAAA resource records (<em class="firstterm">quad-A records)</em> map hostnames to IPv6 addresses. Uses the same command syntax to add AAAA resource records, as follows: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+						 This creates the same record as in the previous example but with an IPv6 address. Refer to <a href="http://tools.ietf.org/html/rfc3596">http://tools.ietf.org/html/rfc3596</a> for detailed information on Type AAAA resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_Service_SRV_Resource_Records"><h5 class="formalpara">Adding Service (SRV) Resource Records</h5>
+						<em class="firstterm">Service (SRV) resource records</em> map service names, for example, LDAP, to the DNS name of the server that is providing that particular service. Use the <code class="command">ipa dnsrecord-add</code> command to add SRV records to the DNS database. You need to add these records using a particular format for both the name of the record and the associated RDATA. For example: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="0 100 389 ipaserver.ipadocs.org"</code>
+<code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="1 100 389 ipareplica.ipadocs.org"</code></pre>
+
+					</div><div class="para">
+					Each record must be entered using the format <em class="replaceable"><code>_service._protocol</code></em>. RDATA is entered using the format <em class="replaceable"><code>"priority weight port target"</code></em>. Refer to <a href="http://tools.ietf.org/html/rfc2782">http://tools.ietf.org/html/rfc2782</a> for a detailed explanation.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa dnsrecord-add</code> command only creates forward entries, not reverse entries.
+					</div></div></div><div class="para">
+					IPA DNS integration supports the following DNS record types: 
+<pre class="programlisting">A, AAAA, A6, AFSDB, APL, CERT, CNAME, DHCID, DLV, DNAME, DNSKEY, DS, HIP, IPSECKEY, KX, LOC,
+MX, NAPTR, NS, NSEC, NSEC3, NSEC3PARAM, PTR, RRSIG, RP, SIG, SPF, SRV, SSHFP, TA, TXT</pre>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">5.1.3.3. Deleting Records from DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-del</code> command to remove records from DNS zones. The following examples demonstrate how to remove the records added in the preceding examples.
+				</div><div class="para">
+					To remove the A type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --a-rec 10.64.14.213</code></pre>
+
+				</div><div class="para">
+					To remove the AAAA type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+
+				</div><div class="para">
+					Alternatively, you can use the <code class="option">--del-all</code> option to remove all associated records.
+				</div><div class="para">
+					You can also delegate zones if you want to allow other areas of your company intranet to reach your DNS server, or if you want to allow access from outside your firewalls. Refer to the <a href="http://www.isc.org/software/bind/documentation">ISC BIND documentation</a> for further information.
+				</div><div class="para">
+					Refer to the <code class="command">ipa help dns</code> help page for more information about working with DNS and IPA.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-files.html"><strong>Prev</strong>4.4. A Summary of IPA Server Configuration Files ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="enrolling-machines.html"><strong>Next</strong>5.2. Enrolling Machines</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/migrintg-from-nis.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/migrintg-from-nis.html
new file mode 100644
index 0000000..649b6ca
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/migrintg-from-nis.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.3. Migrating from NIS to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="nis.html" title="Chapter 11. Identity: Integrating with NIS Domains and Netgroups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html" title="11.2. Configuring the Network Information Service (NIS)" /><link rel="next" href="authz.html" title="Chapter 12. Policy: Configuring Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav">
 <li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong></a></li></ul><div class="section" id="migrintg-from-nis"><div class="titlepage"><div><div><h2 class="title" id="migrintg-from-nis">11.3. Migrating from NIS to IPA</h2></div></div></div><div class="para">
+			The IPA development team researched the topic of how netgroups are typically used in order to better determine an optimal migration design solution. This research shows that the main use cases for netgroups are the aggregation of users and the aggregation of hosts, but not both at the same time. IPA does not provide a special script or command to facilitate the migration of customers' existing netgroups to IPA. This operation must be performed by the system administrator himself or with the help of professional services. This chapter provides some guidelines to ease the process of migrating netgroups to IPA.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">11.3.1. Preparing Your Environment</h3></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					These procedures are guidelines only, and are provided to help clean your environment and make it more manageable. It is not a definitive set of instructions, and administrators need to be creative and factor in the real constraints present in their environment. If any steps described below are not possible due to independent conditions, we recommend migrating netgroups on a one-to-one basis. This is described later in this chapter.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment"><h6>Procedure 11.1. To prepare your environment</h6><ol class="1"><li class="step"><div class="para">
+						Inspect your client applications and determine which kind of grouping information they need from the central server. For example, if netgroups exist that contain only users, and any applications that rely on these netgroups can be converted to use UNIX groups instead of netgroups, then we recommend doing so. If this is not possible, we still recommend creating UNIX groups out of the netgroups. If no applications use them, we recommend deleting these netgroups altogether. Refer to the following example:
+					</div><ol class="a"><li class="step"><div class="para">
+								Given the following netgroup: <code class="systemitem">(host1, user1, )(host2, user2,)(host3, user3, )...</code>, create a group consisting of the users <code class="systemitem">user1</code>, <code class="systemitem">user2</code>, and <code class="systemitem">user3</code> (assuming it does not already exist).
+							</div></li><li class="step"><div class="para">
+								Create a netgroup that has a <em class="parameter"><code>memberUser</code></em> attribute equal to the DN of the newly-created group. This netgroup will be equivalent to your original netgroup.
+							</div></li></ol></li><li class="step"><div class="para">
+						Migrating hosts is more straightforward. The creation of a host group automatically triggers the creation of a netgroup that is linked to the newly-created host group. This functionality is enabled by default, and can be managed with the following commands: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage status</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage disable</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage enable</code>
+								</div></li></ul></div>
+
+					</div><div class="para">
+						This can be disabled when the clients no longer use netgroups for aggregation of hosts.
+					</div></li><li class="step"><div class="para">
+						If none of the above recommendations are possible and the netgroups need to be converted on a one-to-one basis, then:
+					</div><ol class="a"><li class="step"><div class="para">
+								Ensure that all users referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Ensure that all hosts referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Create a netgroup with the same name as the original netgroup.
+							</div></li><li class="step"><div class="para">
+								Add users and hosts as direct members of the netgroup, or, alternatively, put them into groups and then add those groups as members to the netgroup.
+							</div><div class="para">
+								For IPA clients, both methods result in the same thing — having the users and hosts managed in the netgroup — but from an administrative perspective, it may be simpler in some environments to use one option instead of the other.
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">11.3.2. Migrating Netgroups</h3></div></div></div><div class="para">
+				There are three main approaches that can be taken to the actual migration procedure:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dump the netgroups from the source into an LDIF file.
+							</div></li><li class="listitem"><div class="para">
+								Create a script that follows the instructions in <a class="xref" href="migrintg-from-nis.html#proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment">Procedure 11.1, “To prepare your environment”</a> to convert the LDIF format into an LDIF file that contains IPA native objects.
+							</div></li><li class="listitem"><div class="para">
+								Run the conversion script and load the resulting LDIF file into IPA using the <code class="command">ldapmodify</code> command.
+							</div><div class="para">
+								Refer to <a href="http://linux.die.net/man/1/ldapmodify">http://linux.die.net/man/1/ldapmodify</a> or a similar man page for more details.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Create a script to retrieve data from the source (by parsing the LDIF file or by connecting to the original source of information using the client utility).
+							</div></li><li class="listitem"><div class="para">
+								Create a second script that invokes a sequence of IPA CLI commands. This script uses the information from the first script to create user, user group, host, host group and netgroup entries, and to create the appropriate associations.
+							</div><div class="para">
+								Refer to the IPA CLI help system for more details. Use the <code class="command">ipa help</code> command to display a list of available topics.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Use the UI to manually create a new structure of netgroups.
+							</div></li></ol></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong>11.2. Configuring the Network Information Service...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong>Chapter 12. Policy: Configuring Authorization</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/nis.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/nis.html
new file mode 100644
index 0000000..38f1cb4
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/nis.html
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Identity: Integrating with NIS Domains and Netgroups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html" title="10.7. Winsync Agreement Failures" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html" title="11.2. Configuring the Network Information Service (NIS)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="
 Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="nis" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Identity: Integrating with NIS Domains and Netgroups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="nis.html#about-nis">11.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">11.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Use
 s_Netgroups-The_IPA_Approach_to_Netgroups">11.1.2. The IPA Approach to Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">11.1.2.1. How IPA Stores Netgroups</a></span></dt></dl></dd><dt><span class="section"><a href="nis.html#adding-netgroups">11.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">11.1.4. IPA Netgroup Commands</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">11.1.4.1. Examples</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html">11.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class
 ="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">11.2.1. Exposing Automount Maps to NIS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">11.2.1.1. Example Automount Map Configuration</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="migrintg-from-nis.html">11.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">11.3.1. Preparing Your Environment</a></span></dt><dt><span class="section">
 <a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">11.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></div><div class="section" id="about-nis"><div class="titlepage"><div><div><h2 class="title" id="about-nis">11.1. About NIS and IPA</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">11.1.1. What are Netgroups?</h3></div></div></div><div class="para">
+				Netgroups are a concept introduced in the directory service NIS. They were designed to contain users, hosts (machines) and other netgroups. A netgroup is a user-host-domain triplet. Refer to the following for more details about netgroups and their uses:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4">http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F">http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F</a>
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Do not read beyond the section "What are NIS netgroups good for?"; netgroup entries are different in IPA.
+				</div></div></div><div class="para">
+				Despite this difference, it is important to underline that there are two plug-ins in IPA that make the data in the new format available via NIS or the old standard RFC2307 and RFC2307bis LDAP schema. For details, refer to the documentation and examples at: <a href="https://fedorahosted.org/slapi-nis/">https://fedorahosted.org/slapi-nis</a>. The entries stored using the new schema are converted into the standard NIS netgroup map and served via the NIS protocol by the first plug-in described on the slapi-nis project page and the compatibility plug-in can be used to create a virtual LDAP view that matches the standard 2307 or 2307bis schema for netgroups using the IPA-specific schema.
+			</div><div class="para">
+				Historically, netgroups have been used to define groups of hosts or users. The advantage of netgroups for user aggregation has been that netgroups allow nesting while normal UNIX user groups do not. Netgroups also provide the only way to aggregate hosts. There is no notion of host groups in NIS, although for effective centralized system management they are definitely needed. It is important to understand that netgroups are collections of entities, be they users, hosts, or both, but there is no relation between particular user-host pairs defined in the netgroup triplet.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">11.1.2. The IPA Approach to Netgroups</h3></div></div></div><div class="para">
+				IPA defines both user groups and host groups, each of which allow nesting. This is a much cleaner way of aggregation and allows better separation of duties and access control. In an IPA deployment, netgroups are a much less attractive approach to grouping than with other LDAP-based systems compliant with RFC 2307 (this defines the LDAP schema for users, groups, netgroups and other maps).
+			</div><div class="para">
+				Client-side applications, for example, SUDO, need netgroups because there is no alternative to host grouping on the client side. Consequently, netgroups are far from obsolete on the client side. A lot of effort is still required within SSSD and IPA to provide clean interfaces to reliably (both online and offline) relay centrally-managed information to applications running on a client machine. IPA therefore provides a way to define and store netgroups, but they are viewed as secondary to user groups and host groups.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">11.1.2.1. How IPA Stores Netgroups</h4></div></div></div><div class="para">
+					IPA stores netgroups in a different format from that specified in RFC2307 and RFC2307bis. The netgroup entries defined by the IPA schema allow relating different objects (users, groups, hosts, host groups) to each other. IPA also provides what is known as a <em class="firstterm">compat (compatibility)</em> plug-in. This plug-in creates a virtual view of the data stored in native IPA entries in the format expected by the RFC-compliant clients. This means that even though the internal data representation of netgroups is different from the RFC, this deviation does not affect clients due to the presence of the <code class="systemitem">compat</code> plug-in.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Comparison_of_Schema"><h5 class="formalpara">Comparison of Schema</h5>
+						To realize the differences, we can compare the standard RFC schema for netgroups and the schema used by IPA. IPA defines the following object class:
+					</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup'
+  DESC 'IPA version of NIS netgroup'
+  SUP ipaAssociation
+  STRUCTURAL
+  MAY ( externalHost $ nisDomainName $ member $ memberOf )
+  X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The IPA netgroup object class is derived from the association object class:
+				</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation'
+    ABSTRACT
+    MUST ( ipaUniqueID $ cn )
+    MAY ( memberUser $ userCategory $
+    memberHost $ hostCategory $
+    ipaEnabledFlag $ description )
+    X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The RFC2307bis schema defines the netgroup object as:
+				</div><pre class="programlisting">objectClasses: (1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+    SUP top
+    STRUCTURAL
+    DESC 'Abstraction of a netgroup. May refer to other netgroups'
+    MUST cn
+    MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Discussion"><h5 class="formalpara">Discussion</h5>
+						The <em class="parameter"><code>nisNetgroupTriple</code></em> is a string consisting of the host-user-domain triplet. The IPA format allows referencing of other objects present in IPA, such as users and groups, instead of manually adding them to the value of the netgroup triplet. Such an arrangement provides a better administrative experience when a user or group is removed or renamed. Inspecting the <em class="parameter"><code>memberUser</code></em> attribute of the association, you can see that it can hold the DN of a user or a user group. In the same way, the <em class="parameter"><code>memberHost</code></em> attribute can hold a reference to a host or a host group entry. This means that the netgroup can function as a wrapper for groups of users and groups of hosts.
+					</div><div class="para">
+					For examples and more information on the meaning of the user and host category attributes, refer to: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities ">http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities </a>
+							</div></li><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Netgroups">http://www.freeipa.org/page/DS_Design_Summary#Netgroups</a>
+							</div></li></ul></div>
+
+				</div></div></div><div class="section" id="adding-netgroups"><div class="titlepage"><div><div><h3 class="title" id="adding-netgroups">11.1.3. Adding Netgroups</h3></div></div></div><div class="para">
+				NIS groups traditionally contain a so-called netgroup triple of the format: (machine, user, domain)
+			</div><pre class="screen">machine - machine name, a host name
+user - user name
+domain - NIS domain of the machine and user
+</pre><div class="para">
+				IPA does not use this triple. Instead, it uses the membership relationship between LDAP entries. It is a simple matter to add users, hosts, and even their groups as members of a netgroup. The domain field is constant for each netgroup and defaults to the current IPA domain.
+			</div><div class="para">
+				The following is an example of a netgroup displayed using the IPA CLI:
+			</div><pre class="screen"><code class="command"># ipa netgroup-show net1</code>
+Netgroup name: net1
+Description: test netgroup
+NIS domain name: panda
+Member User: admin
+Member Host: icefloat.panda</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There is no necessary relationship between the machine and the user. Only one of those fields is usually used at a time to avoid confusion.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">11.1.4. IPA Netgroup Commands</h3></div></div></div><div class="para">
+				The IPA netgroup management plug-in conforms to the Create, Read, Update, Delete (CRUD) command-naming conventions used in all other plug-ins that ship with the default IPA installation. You can use the following command to display a list of the IPA commands available for working with netgroups:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command"># ipa help netgroup</code></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Creating_New_Netgroups"><h5 class="formalpara">Creating New Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add</code> command to add new netgroups to IPA:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				NAME - the name of the netgroup (can be anything, but must be unique)
+			</div><div class="para">
+				DESCRIPTION - the netgroup description (required)
+			</div><div class="para">
+				NISDOMAIN - the NIS domain name. Defaults to the current IPA domain
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Deleting_Netgroups"><h5 class="formalpara">Deleting Netgroups</h5>
+					Use the <code class="command">ipa netgroup-del</code> command to delete IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-del NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Displaying_Netgroups"><h5 class="formalpara">Displaying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-show</code> command to display information about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-show NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Modifying_Netgroups"><h5 class="formalpara">Modifying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-mod</code> command to modify details about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				Same as <code class="command">ipa netgroup-add</code>, except modifying the description is required and NISDOMAIN does not default to anything.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Searching_for_Netgroups"><h5 class="formalpara">Searching for Netgroups</h5>
+					Use the <code class="command">ipa netgroup-find</code> command to search for IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] [--uuid=UUID]</code></pre><div class="para">
+				CRITERIA is an optional substring, and if included in the query it must appear in either the name, the description or the NIS domain of the groups you are searching for. Other options are the same as <code class="command">ipa netgroup-add</code>, except that nothing is required and there are no default values. There is a new <code class="envar">UUID</code> option that allows searching netgroups by <code class="envar">ipaUniqueID</code>. If one of these options is set, the command returns only exact matches of this option.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Adding_Users_and_Hosts_to_Netgroups"><h5 class="formalpara">Adding Users and Hosts to Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add-member</code> command to add users and hosts to IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] [--hosts=HOSTS] \</code>
+  <code class="command">[--hostgroups=HOSTGROUPS] [--netgroups=NETGROUPS]</code></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Removing_Users_and_Hosts_From_Netgroups"><h5 class="formalpara">Removing Users and Hosts From Netgroups</h5>
+					Use the <code class="command">ipa netgroup-remove-member</code> command to remove users and hosts from IPA netgroups:
+				</div><pre class="screen">
+		<div class="cmdsynopsis"><p><code class="command">ipa netgroup-remove-member</code> {
+					NAME
+				} [
+					--users=USERS
+				] [
+					--groups=GROUPS
+				] [
+					--hosts=HOSTS
+				] [
+					--hostgroups=HOSTGROUPS
+				] [
+					--netgroups=NETGROUPS
+				]</p></div></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">11.1.4.1. Examples</h4></div></div></div><div class="para">
+					The following examples provide an introduction to using the <code class="command">ipa netgroup-*</code> commands:
+				</div><pre class="screen">
+<code class="command"># ipa netgroup-add net0 --desc="test netgroup"</code>
+  Netgroup name: net0
+  Description: test netgroup
+  NIS domain name: pavlova
+  IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a
+
+<code class="command"># ipa netgroup-mod net0 --desc="description change"</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+
+<code class="command"># ipa netgroup-add-member net0 --users=admin --hosts=testbox.pavlova</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member User: admin
+  Member Host: testbox.pavlova
+-------------------------
+Number of members added 2
+-------------------------
+
+<code class="command"># ipa netgroup-remove-member net0 --users=admin</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member Host: testbox.pavlova
+---------------------------
+Number of members removed 1
+---------------------------
+
+<code class="command"># ipa netgroup-del net0</code>
+
+<code class="command"># ipa netgroup-show net0</code>
+ipa: ERROR: no such entry
+</pre></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Prev</strong>10.7. Winsync Agreement Failures</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Next</strong>11.2. Configuring the Network Information Service...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/policy.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/policy.html
new file mode 100644
index 0000000..d32e16d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/policy.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Defining Policies: Authorization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="prev" href="ipa-components.html" title="1.2. Identity Management: Authentication" /><link rel="next" href="deployment-scenarios.html" title="1.4. Planning IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-components.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" 
 href="deployment-scenarios.html"><strong>Next</strong></a></li></ul><div class="section" id="policy"><div class="titlepage"><div><div><h2 class="title" id="policy">1.3. Defining Policies: Authorization</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-components.html"><strong>Prev</strong>1.2. Identity Management: Authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="deployment-scenarios.html"><strong>Next</strong>1.4. Planning IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/promoting-replica.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/promoting-replica.html
new file mode 100644
index 0000000..0729b07
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/promoting-replica.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.12. Promoting a Read-Only Replica to an IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html" title="14.11. Creating DNS Entries for IPA Replicas" /><link rel="next" href="logging.html" title="14.13. IPA Server Logging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
 ref="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="logging.html"><strong>Next</strong></a></li></ul><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">14.12. Promoting a Read-Only Replica to an IPA Server</h2></div></div></div><div class="para">
+			The only difference between a replica and the master server is that the master owns the self-signed CA. If you copy the appropriate files from the master to the replica, import the CA into the replica directory server, and delete the existing replication agreements, that replica will then appear as a master server.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				If you install with the <code class="option">--selfsign</code> option, follow this procedure if you want to promote a replica to a master. This is because the private key for the self-signed CA is stored in the Apache database (<code class="filename">/etc/httpd/alias</code>). The private key for a Dogtag Certificate System CA is stored in its own security database.
+			</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Promoting_Replicas_to_Function_as_Master_Servers-To_promote_a_replica_to_a_master_server"><h6>Procedure 14.6. To promote a replica to a master server:</h6><ol class="1"><li class="step"><div class="para">
+					Copy the <code class="filename">/var/lib/ipa/ca_serialno</code> file from the master to the replica.
+				</div></li><li class="step"><div class="para">
+					Import the CA into the replica DS NSS database, as follows: 
+<pre class="screen"># cd /etc/dirsrv/slapd-REALM
+# pk12util -i /path/to/cacert.p12 -d .
+</pre>
+
+				</div><div class="para">
+					The password on the <code class="filename">PKCS#12</code> file is stored as <code class="filename">/etc/dirsrv/slapd-REALM/pwdfile.txt</code> on the original server.
+				</div></li><li class="step"><div class="para">
+					Delete the existing replication agreements, as follows: 
+<pre class="screen"># ipa-replica-manage del master.example.com
+</pre>
+
+				</div></li></ol></div><div class="para">
+			You now have two identical IPA servers, neither of which know about the other. You can shut down the old master and bring up the new machine (if you are introducing a new replica into your network). Create a replica file on the new master and install it on the new machine.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Prev</strong>14.11. Creating DNS Entries for IPA Replicas</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging.html"><strong>Next</strong>14.13. IPA Server Logging</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/renaming-machines.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/renaming-machines.html
new file mode 100644
index 0000000..75427df
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/renaming-machines.html
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Renaming Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="prev" href="enrolling-machines.html" title="5.2. Enrolling Machines" /><link rel="next" href="config-virt-machines.html" title="5.4. Reconfiguring Virtual Machines" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="enrolling-machines.html"><strong>Prev</strong></a></li><li cl
 ass="next"><a accesskey="n" href="config-virt-machines.html"><strong>Next</strong></a></li></ul><div class="section" id="renaming-machines"><div class="titlepage"><div><div><h2 class="title" id="renaming-machines">5.3. Renaming Machines</h2></div></div></div><div class="para">
+			The hostname of a system is critical for the correct operation of Kerberos and SSL. Both of these security mechanisms rely on the hostname to ensure that communication is occurring between the specified hosts, and that no "man-in-the-middle" or other attacks are affecting the system.
+		</div><div class="para">
+			In an environment where virtual machines are commonplace, or perhaps in a clustered environment, copying, moving, and renaming hosts could be quite common, resulting in frequent demands for renames of machines.
+		</div><div class="para">
+			Red Hat Enterprise Linux does not provide a simple rename command to facilitate the renaming of an IPA host. Renaming a host in an IPA domain involves deleting the entry in IPA, uninstalling the client software, changing the hostname, and re-enrolling using the new name.
+		</div><div class="para">
+			Due to the nature of service principals, renaming hosts also requires the regeneration of service principals. Each service has a Kerberos principal in the form of <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;@&lt;REALM&gt;</code>, for example, <code class="systemitem">ldap/server.example.com at EXAMPLE.COM</code>. This principal can be referred to as a "service principal". In some cases the <code class="systemitem">@&lt;REALM&gt;</code> is omitted, leaving only <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;</code>. (The "/" is a "slash" separator, not an "or" operator.)
+		</div><div class="para">
+			The following procedure renames the host <code class="systemitem">server.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code>, to the new hostname <code class="systemitem">master.example.com</code>. This procedure uses example file names, hostnames and domain names throughout; you need to update these examples to suit your own environment.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine"><h6>Procedure 5.3. To rename an IPA machine:</h6><ol class="1"><li class="step"><div class="para">
+					Identify which services are running on the machine. These need to be re-created when the machine is re-enrolled: 
+<pre class="screen"><code class="command"># ipa service-find server.example.com</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Each host has a default service which does not appear in the list of services. This service can be referred to as the "host service". The service principal for the host service is <code class="systemitem">host/&lt;hostname&gt;</code>, for example, <code class="systemitem">host/server.example.com</code>. This principal can also be referred to as the "host principal".
+					</div></div></div></li><li class="step"><div class="para">
+					Identify all host groups to which this machine belongs: 
+<pre class="screen"><code class="command"># ipa hostgroup-find server.example.com</code></pre>
+
+				</div><div class="para">
+					Identify which of these services have certificates associated with them. The <code class="systemitem">host</code> service always has an associated certificate, so no further action is required for this service.
+				</div></li><li class="step"><div class="para">
+					For any principals in addition to the standard <code class="systemitem">host</code> principal, you need to determine the location of the corresponding keytabs for these services on <code class="systemitem">server.example.com</code>. The keytab location is different for each service, and IPA does not store this information.
+				</div></li><li class="step"><div class="para">
+					On <code class="systemitem">server.example.com</code>, un-enroll from the IPA domain: 
+<pre class="screen"><code class="command"># ipa-client-install --uninstall</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					For each identified keytab other than <code class="filename">/etc/krb5.keytab</code>, remove the old principals: 
+<pre class="screen"><code class="command"># ipa-rmkeytab -k /path/to/keytab -r EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					On another machine using <code class="systemitem">admin</code> (or delegated) credentials, remove the host. This will remove all services and revoke all certificates issued for this host via those services: 
+<pre class="screen"><code class="command"># ipa host-del server.example.com</code></pre>
+
+				</div><div class="para">
+					At this point the host has been completely removed from IPA, and can be recreated with the new name.
+				</div></li><li class="step"><div class="para">
+					Rename the machine to <code class="systemitem">master.example.com</code>.
+				</div></li><li class="step"><div class="para">
+					Re-enroll with IPA: 
+<pre class="screen"><code class="command"># ipa-client-install</code></pre>
+
+				</div><div class="para">
+					This generates a <code class="systemitem">host</code> principal for <code class="systemitem">master.example.com</code> in <code class="filename">/etc/krb5.keytab</code>.
+				</div></li><li class="step"><div class="para">
+					For every service that needs a new keytab, run the following command: 
+<pre class="screen"><code class="command"># ipa service-add &lt;service name&gt;/master.example.com</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					If you need certificates for services, use either <code class="command">certmonger</code> or the IPA administration tools.
+				</div></li><li class="step"><div class="para">
+					Re-add the host to any applicable host groups.
+				</div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="enrolling-machines.html"><strong>Prev</strong>5.2. Enrolling Machines</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="config-virt-machines.html"><strong>Next</strong>5.4. Reconfiguring Virtual Machines</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/rotating-keys.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/rotating-keys.html
new file mode 100644
index 0000000..283bea6
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/rotating-keys.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.5. Rotating Keys</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="8.4. Refreshing Kerberos Tickets" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html" title="8.6. Kerberos Errors" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Sit
 e" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Next</strong></a></li></ul><div class="section" id="rotating-keys"><div class="titlepage"><div><div><h2 class="title" id="rotating-keys">8.5. Rotating Keys</h2></div></div></div><div class="para">
+			Kerberos keys are similar to passwords, and in the interests of security they should occasionally be changed. The frequency of these changes may be determined by company or other policies. Each key has an associated version number, which are stored in the <em class="parameter"><code>KVNO</code></em> parameter.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Rotating_Kerberos_Keys-Obtaining_a_new_service_principal_Kerberos_key"><h5 class="formalpara">Obtaining a new service principal Kerberos key</h5>
+				Use the <code class="command">ipa-getkeytab</code> command to create a new Kerberos key. For example, use the following command to refresh your IPA keytab: 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+				 This will add a new set of keys to your existing keytab. That is, you should now have two identical sets of principals, each with a separate <em class="parameter"><code>KVNO</code></em>.
+			</div><div class="para">
+			Use the <code class="command">klist</code> command to view the existing keys: 
+<pre class="screen"><code class="command"># klist -kt /etc/dirsrv/ds.keytab</code>
+Ticket cache: FILE:/tmp/krb5cc_0
+Default principal: admin at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+03/08/11 13:57:18  03/09/11 13:57:16  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+03/08/11 13:57:27  03/09/11 13:57:16  HTTP/ipa.example.com at EXAMPLE.COM
+03/08/11 13:57:32  03/09/11 13:57:16  ldap/ipa.example.com at EXAMPLE.COM
+</pre>
+
+		</div><div class="para">
+			Use the <code class="command">kvno</code> command to display the version number of a service ticket that you have been issued: 
+<pre class="screen"><code class="command"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+			 The <code class="option">-c</code> option specifies which credentials cache to use. The credentials cache (Ticket cache) is included in the output of the <code class="command">klist</code> command, above.
+		</div><div class="para">
+			Tickets issued against the old service will continue to work as expected but new tickets will be issued using the highest <em class="parameter"><code>KVNO</code></em>. This is to avoid any disruption to system operations. No service restart should be needed.
+		</div><div class="para">
+			You should maintain the old records for at least the amount of time that valid tickets are issues (8 hours by default) so that any clients that have a ticket encrypted with the old key will continue to work. However, there is no real need to remove old keys.
+		</div><div class="para">
+			IPA does not currently provide an automated method of performing this task for all service tickets. Use the following queries to display a list of all services that have been issued keytabs: 
+<pre class="screen"><code class="command"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code>
+<code class="command"># ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code></pre>
+
+		</div><div class="para">
+			This will display service and host keytab information. It is not possible to determine if it has a key directly, but you can infer that a keytab was issued by looking at the last change date.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong>8.4. Refreshing Kerberos Tickets</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Next</strong>8.6. Kerberos Errors</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/search-limits.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/search-limits.html
new file mode 100644
index 0000000..130cf32
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/search-limits.html
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.5. Setting Default Search Limits</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html" title="14.4. Specifying Default User Settings" /><link rel="next" href="disabling-anon-binds.html" title="14.6. Disabling Anonymous Binds" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a ac
 cesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="disabling-anon-binds.html"><strong>Next</strong></a></li></ul><div class="section" id="search-limits"><div class="titlepage"><div><div><h2 class="title" id="search-limits">14.5. Setting Default Search Limits</h2></div></div></div><div class="para">
+			You can set limits on the number of records returned when performing various queries, for example when you run the <code class="command">ipa user-find</code> command. These limits are specified by the <em class="parameter"><code>Search size limit</code></em> attribute in the default IPA configuration. The default value for this attribute is 100.
+		</div><div class="para">
+			To view the current configuration, run the <code class="command"># ipa config-show</code> command. Refer to the <code class="command">ipa help config</code> help page for more information.
+		</div><div class="para">
+			The following is a sample IPA configuration:
+		</div><pre class="screen">[ming at myserver ~]$ ipa config-show
+Max username length: 32
+Home directory base: /home
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 20
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			You can use the <code class="command">ipa config-mod</code> command to specify a suitable value for the <em class="parameter"><code>Search size limit</code></em> attribute. For example, if you set this value to 10, the <code class="command">ipa user-find</code> command will only return 10 entries, even if many more entries exist. If you set this value to 0 (zero) or −1, it means that there are no restrictions on the number of entries that can be returned.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_Limits_for_Search_Results-Setting_search_size_limits"><h6>Procedure 14.2. Setting search size limits</h6><ul><li class="step"><div class="para">
+					To set the <em class="parameter"><code>Search size limit</code></em> attribute to 50, run the following command: 
+<pre class="programlisting"><code class="command"># ipa config-mod --searchrecordslimit=50</code></pre>
+
+				</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to be aware of the potential performance impact of setting the search size limit too high. You need to determine a suitable balance between the benefits of always returning all entries matched by a search, and the performance gained by implementing a search filter.
+			</div><div class="para">
+				Note also that if the size limit is set too high or removed completely it might affect the behavior of UI screens.
+			</div></div></div><div class="para">
+			You can configure various aspects of the IPA search functionality to suit your deployment. For example, you can restrict the number of fields upon which a user can base a search, or limit the number of records returned for any particular search.
+		</div><div class="para">
+			IPA supports the following search configuration attributes:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Time Limit</code></em>: The maximum time, in seconds, that a search will run before failing.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Records Limit</code></em>: The maximum number of records that a search can return. Set this value to zero (0) to specify no limit. The directory server limit (the default value is 2000) still applies.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>User Search Fields</code></em>: For a user search, specifies the fields to search for the values entered by a user.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Group Search Fields</code></em>: For a group search, specifies the fields to search for the values entered by a user.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. For example, to specify a search time limit of 60 seconds, use the following command: 
+<pre class="screen"><code class="command"># ipa config-mod --searchtimelimit=60</code></pre>
+			 Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="para">
+			If you add attributes to the user or group search fields, you should also create a new <code class="systemitem">LDAP</code> index for those attributes to avoid performance degradation. Conversely, the existence of too many indexes can impact write performance, so you need to balance one against the other.
+		</div><div class="para">
+			Refer to <a href="http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Indexes-Creating_Indexes.html">Creating Indexes</a> in the <em class="citetitle">Directory Server Administration Guide</em> for information on creating indexes.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Prev</strong>14.4. Specifying Default User Settings</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="disabling-anon-binds.html"><strong>Next</strong>14.6. Disabling Anonymous Binds</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/searching.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/searching.html
new file mode 100644
index 0000000..cf2e706
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/searching.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.8. Searching for Users and Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="user-pwdpolicy.html" title="6.7. Setting an Individual Password Policy" /><link rel="next" href="hosts.html" title="Chapter 7. Identity: Managing Hosts and Host Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="user-pwdpolicy.html"><strong>Prev</strong></a></l
 i><li class="next"><a accesskey="n" href="hosts.html"><strong>Next</strong></a></li></ul><div class="section" id="searching"><div class="titlepage"><div><div><h2 class="title" id="searching">6.8. Searching for Users and Groups</h2></div></div></div><div class="para">
+			IPA provides extensive search capabilities, which enable you to perform simple and partial-match searches on a range of attributes, including:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					First Name (givenname)
+				</div></li><li class="listitem"><div class="para">
+					Last Name (sn)
+				</div></li><li class="listitem"><div class="para">
+					Login (uid)
+				</div></li><li class="listitem"><div class="para">
+					Job Title (title)
+				</div></li><li class="listitem"><div class="para">
+					Organizational Unit Name (ou)
+				</div></li><li class="listitem"><div class="para">
+					Phone Number (telephoneNumber)
+				</div></li></ul></div><div class="para">
+			Searches are not case sensitive, and automatically search across multiple fields. Search results are displayed with exact matches listed first, followed by partial matches.
+		</div><div class="para">
+			The default display lists users in alphabetical order. Click any column title to sort in alphabetical or numerical order. Click the title again to sort in reverse order. The sort order is indicated by an icon next to the title.
+		</div><div class="para">
+			Not all fields are indexed for searching. For example, you cannot search on the following user details:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Initials
+				</div></li><li class="listitem"><div class="para">
+					Account Status
+				</div></li><li class="listitem"><div class="para">
+					Home Directory
+				</div></li><li class="listitem"><div class="para">
+					Login Shell
+				</div></li><li class="listitem"><div class="para">
+					Gecos
+				</div></li><li class="listitem"><div class="para">
+					Home Page
+				</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot use wildcards to search for users or groups. The search string must include at least one character that appears in one of the indexed search fields.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">6.8.1. Searching for Users</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">6.8.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa user-find</code> command to search for users from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa user-find</code> [
+							options
+						] {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find User utility, you can only search for a single string using the command line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa user-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa user-find</code> command to find users whose record contains the string "kay":
+				</div><pre class="screen">$ ipa user-find kay
+---------------
+2 users matched
+---------------
+User login: klim
+First name: Kay
+Last name: Lim
+Home directory: /home/klim
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+
+User login: kming
+First name: Kay
+Last name: Ming
+Home directory: /home/kming
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+----------------------------
+Number of entries returned 2
+----------------------------</pre><div class="para">
+					If you do not see the entry that you are looking for, you may need to adjust the <code class="option">--searchrecordslimit</code> option in the default IPA configuration.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">6.8.2. Searching for Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">6.8.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-find</code> command to search for groups from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa group-find</code> {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find Group utility, you can only search for a single string using the command-line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa group-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa group-find</code> command to find groups that contain the string "documentation":
+				</div><pre class="screen">$ ipa group-find documentation
+---------------
+1 group matched
+---------------
+Group name: documentation
+Description: Group for all documentation authors
+GID: 1453400012
+Member users: dkim, mkang, lming, klim
+----------------------------
+Number of entries returned 1
+----------------------------</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa group-find</code> command searches both group names and group descriptions. If your search results are too extensive, use a more specific search string.
+					</div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="user-pwdpolicy.html"><strong>Prev</strong>6.7. Setting an Individual Password Policy</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="hosts.html"><strong>Next</strong>Chapter 7. Identity: Managing Hosts and Host Grou...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html
new file mode 100644
index 0000000..f9e8af6
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.4. Refreshing Kerberos Tickets</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html" title="8.3. Creating and Using Service Principals" /><link rel="next" href="rotating-keys.html" title="8.5. Rotating Keys" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
 "><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="rotating-keys.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">8.4. Refreshing Kerberos Tickets</h2></div></div></div><div class="para">
+			Some compliance or company security policies may require that system administrators manually refresh Kerberos tickets, perhaps annually or more frequently. The current version of IPA does not provide automatic renewal of Kerberos tickets.
+		</div><div class="para">
+			Manually refreshing Kerberos tickets is a two step process: you first need to find all of the keytabs that are older than a certain date, and then obtain a new keytab for the host or service in question. This process is described in detail below.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Refreshing_Kerberos_Tickets-How_to_manually_refresh_Kerberos_keytabs"><h6>Procedure 8.2. How to manually refresh Kerberos keytabs</h6><ol class="1"><li class="step"><div class="para">
+					Find all keytabs, both for host services and for any other services, issued before today. Use the following queries (update the dates as necessary): 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Dates are expressed in YYYYMMDD format, and times in HHMMSS format (GMT).
+						</div></div></div>
+
+				</div></li><li class="step"><div class="para">
+					Log into each machine and obtain a new keytab for the given service. To do this, you need to know the location of the keytab on the target system. For example, the default location for the <code class="systemitem">host/</code> principal is <code class="filename">/etc/krb5.keytab</code>. Use the <code class="command">ipa-getkeytab</code> command to retrieve a new <code class="systemitem">host/</code>principal: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM \</code>
+  <code class="command">-s ipa.example.com -k /etc/krb5.keytab</code></pre>
+
+				</div><div class="para">
+					To retrieve a new keytab for the <code class="systemitem">HTTP</code> service, run the following command instead: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM \</code>
+<code class="command">-s ipa.example.com -k /etc/httpd/conf/ipa.keytab</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command does not delete the old keytab in case it already exists in the file.
+					</div></div></div></li></ol></div><div class="para">
+			You can use the <code class="command">klist</code> command to view the new key version number (KVNO): 
+<pre class="screen"><code class="command"># klist -kt /path/to/keytab</code></pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Some services, such as NFSv4, only support a limited set of encryption types. Ensure that you pass the appropriate arguments to the <code class="command">ipa-getkeytab</code> command.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Prev</strong>8.3. Creating and Using Service Principals</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="rotating-keys.html"><strong>Next</strong>8.5. Rotating Keys</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html
new file mode 100644
index 0000000..db94a55
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.8. Configuring Certificates and Certificate Authorities</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html" title="14.7. Implementing Unique UID and GID Attributes" /><link rel="next" href="ipa-apache.html" title="14.9. Setting an IPA Server as an Apache Virtual Host" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
  class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">14.8. Configuring Certificates and Certificate Authorities</h2></div></div></div><div class="para">
+			IPA creates a self-signed Certificate Authority (<abbr class="abbrev">CA</abbr>) during the installation process. If you have your own or a preferred <abbr class="abbrev">CA</abbr>, however, and want to use your own certificates, IPA provides the necessary tools to import certificates for use by Directory Server and the <code class="systemitem">HTTP</code> server. While not a prerequisite for the correct operation of IPA, it is recommended that you save an <acronym class="acronym">ASCII</acronym> copy of your <abbr class="abbrev">CA</abbr> certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code> to ensure that users download the correct certificate.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">14.8.1. Installing Your Own Certificate</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by Directory Server, <code class="systemitem">HTTP</code> Server, or both.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Installing_Your_Own_Certificate-To_install_the_certificate_for_use_by_Directory_Server"><h5 class="formalpara">To install the certificate for use by Directory Server:</h5>
+					<code class="command"> # /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12 </code>
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">14.8.2. Using Your Own Certificate with Firefox</h3></div></div></div><div class="para">
+				To continue using the <span class="application"><strong>Firefox</strong></span> auto-configuration feature, you need an object-signing certificate, and you need to regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					The following procedure assumes that the signing certificate is provided as a PKCS#12 file.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_Your_Own_Certificate_with_Firefox-To_use_your_own_certificate_with_Firefox"><h6>Procedure 14.3. To use your own certificate with Firefox:</h6><ol class="1"><li class="step"><div class="para">
+						Create a suitable directory and then create the new certificate database in that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/signdb</code>
+<code class="command"># certutil -N -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Import the signing certificate into that same directory. 
+<pre class="screen"><code class="command"># pk12util -i /path/to/pkcs12.p12 -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Make a temporary signing directory, and copy the IPA javascript file to that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/sign</code>
+<code class="command"># cp /usr/share/ipa/html/preferences.html /tmp/sign</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Use the certificate you created earlier to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file. 
+<pre class="screen"><code class="command"># signtool -d /tmp/signdb -k Signing_cert_nickname \</code>
+<code class="command">-Z /usr/share/ipa/html/configure.jar -e .html</code></pre>
+
+					</div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h3 class="title" id="Using_OCSP">14.8.3. Using OCSP</h3></div></div></div><div class="para">
+				<code class="systemitem">The Online Certificate Status Protocol (OCSP)</code> is natively provided by the CA embedded into IPA. This is so that any client that supports it can use OCSP for certificate validity checks.
+			</div><div class="para">
+				The OCSP responder URL is encoded into the certificates issued by IPA. In order for that responder to be available, port 9180 needs to be open in the firewall. The OCSP URL uses the following format: 
+<pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre>
+
+			</div><div class="para">
+				For more information on OCSP, refer to the RFC at <a href="http://www.ietf.org/rfc/rfc2560.txt">http://www.ietf.org/rfc/rfc2560.txt</a>
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Prev</strong>14.7. Implementing Unique UID and GID Attributes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong>14.9. Setting an IPA Server as an Apache Virtual ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
new file mode 100644
index 0000000..94596ff
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.4. Activating and Deactivating User Accounts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="editing-users.html" title="6.3. Editing Users" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html" title="6.5. Deleting IPA Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="editing-users.html"><stron
 g>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">6.4. Activating and Deactivating User Accounts</h2></div></div></div><div class="para">
+			IPA user accounts can be set to a status of <code class="literal">Active</code> or <code class="literal">Inactive</code>. If you deactivate a user account, that user can no longer log in to IPA, change their password, or perform any other tasks. Any existing connections will remain valid until their <code class="systemitem">Kerberos</code> TGT and other tickets expire, but they will not be able to renew them. The account and all associated information still exists, but is inaccessible by the user.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">6.4.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-enable</code> and <code class="command">ipa user-disable</code> commands to enable and disable user accounts, respectively. Refer to the following examples:
+			</div><div class="para">
+				To disable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-disable jsmith</code>
+			</div><div class="para">
+				To enable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command"> $ ipa user-enable jsmith</code>
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="editing-users.html"><strong>Prev</strong>6.3. Editing Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Next</strong>6.5. Deleting IPA Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html
new file mode 100644
index 0000000..e1bdb0d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.5. Deleting IPA Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html" title="6.4. Activating and Deactivating User Accounts" /><link rel="next" href="user-groups.html" title="6.6. Creating User Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
 "><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="user-groups.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">6.5. Deleting IPA Users</h2></div></div></div><div class="para">
+			If you delete an IPA user account, all of the information stored in the entry for that identity is lost. This includes the user's full name, group membership, phone numbers, and passwords. The actual user account and home directory still exist, be they on a server, local machine, or other provider, but they are no longer accessible by IPA.
+		</div><div class="para">
+			Unlike deactivation, if you delete a user account, it cannot be retrieved. If you need this user account again, you need to recreate it and add all of the account details manually.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Unlike in earlier versions of IPA, it is now possible to delete the <code class="systemitem">admin</code> user. If, however, you delete all of the <code class="systemitem">admin</code> users then you will need to use the Directory Manager account to create a new administrative user. Alternatively, if you have a user in the group management role, they can add a new <code class="systemitem">admin</code> user.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">6.5.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-del</code> command to delete user accounts. For example:
+			</div><div class="para">
+				To delete the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-del jsmith</code>
+			</div><div class="para">
+				If you intend to delete multiple users, you can use the <code class="option">--continue</code> option to prevent the command from stopping should it encounter any errors. For example:
+			</div><div class="para">
+				<code class="command">$ ipa user-del <code class="option">--continue</code> <em class="parameter"><code>user_01</code></em> <em class="parameter"><code>user_02</code></em> <em class="parameter"><code>user_03</code></em></code>
+			</div><div class="para">
+				If you run this command without using the <code class="option">--continue</code> option, IPA will delete the listed user accounts unless it encounters any errors, at which point it stops. For example, if <em class="parameter"><code>user_02</code></em> did not exist, the previous command would only delete <em class="parameter"><code>user_01</code></em>; <em class="parameter"><code>user_03</code></em> would not be affected.
+			</div><div class="para">
+				The <code class="option">--continue</code> option returns a summary of successes and failures to <code class="systemitem">stdout</code>.
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Prev</strong>6.4. Activating and Deactivating User Accounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="user-groups.html"><strong>Next</strong>6.6. Creating User Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html
new file mode 100644
index 0000000..e896759
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.4. Specifying Default User Settings</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="self-service.html" title="14.3. Defining Self-Service Settings" /><link rel="next" href="search-limits.html" title="14.5. Setting Default Search Limits" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="self-service.html"><strong>Prev</strong></a></li><li class="next"><a ac
 cesskey="n" href="search-limits.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">14.4. Specifying Default User Settings</h2></div></div></div><div class="para">
+			You can configure the default settings for IPA users to suit your deployment. For example, you can specify the maximum username length, the default path to the <code class="filename">/home</code> directory, the default shell, and other attributes.
+		</div><div class="para">
+			IPA supports the following User Settings:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Maximum Username Length</strong></span> (<span class="property">ipaMaxUsernameLength</span>): The maximum length of any username. The default value is eight.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Root for Home Directories</strong></span> (<span class="property">ipaHomesRootDir</span>): The root directory for all home directories. The default value is <code class="filename">/home</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default Shell</strong></span> (<span class="property">ipaDefaultLoginShell</span>): The default shell for all user accounts. The default value is <code class="command">/bin/sh</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default User Group</strong></span> (<span class="property">ipaDefaultPrimaryGroup</span>): The default group to which all newly created accounts are added. The default value is <code class="systemitem">ipausers</code>, which is automatically created during the IPA server installation process.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default E-mail Domain</strong></span> (<span class="property">ipaDefaultEmailDomain</span>): The default domain used to create email addresses for all newly created accounts. The default is the domain to which the IPA server belongs.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. The following is an example of how to set the maximum username length to 64 characters, and the default home directory to <code class="filename">/users/home</code>:
+		</div><pre class="screen"><code class="command"># ipa config-mod --maxusername=64 --homedirectory=/users/home</code>
+Max username length: 64
+Home directory base: /users/home
+Default shell: /bin/sh
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 100
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Migration mode: FALSE
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The default root directory for all home directories is <code class="filename">/home</code>, but it is the responsibility of the system administrator to ensure that whatever value is specified for this attribute is actually available.
+			</div><div class="para">
+				Red Hat Enterprise Linux includes a <code class="systemitem">PAM</code> module called <code class="systemitem module">pam_mkhomedir</code> that can automatically create a home directory if one does not exist for the user authenticating against the system. IPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="self-service.html"><strong>Prev</strong>14.3. Defining Self-Service Settings</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="search-limits.html"><strong>Next</strong>14.5. Setting Default Search Limits</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
new file mode 100644
index 0000000..9e000c2
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Creating and Using Service Principals</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /><link rel="prev" href="kerb-policies.html" title="8.2. Setting Kerberos Ticket Policies" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="8.4. Refreshing Kerberos Tickets" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a 
 accesskey="p" href="kerb-policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">8.3. Creating and Using Service Principals</h2></div></div></div><div class="para">
+			You can use the web interface to create service principals and also to search for existing service principals. For security and other reasons, however, it is not possible to retrieve a keytab using the web interface. This has to be done either on the command line on the system where the service is accessed, or on the IPA server itself, and the keytab then exported to the client host.
+		</div><div class="para">
+			The following example demonstrates creating a service principal and keytab on a client host for the <code class="systemitem">HTTP</code> service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the IPA server is <code class="systemitem">ipaserver.example.com</code>: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add ipaclient.example.com</code>
+<code class="command"># ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com /</code>
+<code class="command">-k /etc/httpd/conf/ipa.keytab</code></pre>
+
+		</div><div class="para">
+			Note the location of the keytab. By default, <span class="application"><strong>IPA</strong></span> saves its <code class="systemitem">HTTP</code> keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the IPA interface would stop working, because the original key would also be deleted.
+		</div><div class="para">
+			Similar locations can be specified for each service that needs to be made Kerberos aware. There is no specific location that must be used, but, when using <code class="command">ipa-getkeytab</code>, you should avoid using <code class="filename">/etc/krb5.keytab</code>. This file should not contain service-specific keytabs; each service should have its keytab saved in a specific location and the access privileges (and possibly SELinux rules) should be configured so that only this service has access to the keytab.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The realm name is optional. The IPA server automatically appends the <code class="systemitem">Kerberos</code> realm for which it is configured. You cannot specify a different realm.
+					</div></li><li class="listitem"><div class="para">
+						The hostname must resolve to a <code class="systemitem">DNS</code> A record for it to work with <code class="systemitem">Kerberos</code>. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
+					</div></li><li class="listitem"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command is part of the <span class="package">ipa-client</span> package, which is only available for Red Hat Enterprise Linux 6.1 or later. For other clients, you need to use this procedure on the server and manually copy the keytab to the client.
+					</div></li><li class="listitem"><div class="para">
+						You can use the <code class="option">-e</code> flag to include a comma-separated list of encryption types to include in the keytab. This supersedes any default encryption type. Refer to the <code class="command">ipa-getkeytab</code> man page for more information.
+					</div></li></ul></div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				The <code class="command">ipa-getkeytab</code> command resets the secret for the specified principal. This means that all other keytabs for that principal are rendered invalid.
+			</div></div></div><div class="para">
+			IPA provides a range of tools and commands to facilitate the creation and administration of services and the service principals and certificates required to use them. Some of this can be automated, but there will always be a certain amount of manual intervention required to create services and certificates after the initial joining of a host to a realm. These requirements and procedures are discussed in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">8.3.1. Creating an IPA Service</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Prerequisites"><h5 class="formalpara">Prerequisites</h5>
+					Before you can create a service for an IPA host, you need to ensure that the host exists. This should be true if it has already joined the realm. Use the following command to determine if the host exists: 
+<pre class="screen"><code class="command"># ipa host-show myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				If the host does <span class="emphasis"><em>not</em></span> exist in the realm, you will see an error message similar to the following: 
+<pre class="screen"><span class="errortext">ipa: ERROR: myserver.mydomain.net: host not found</span></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-To_create_an_IPA_service"><h5 class="formalpara">To create an IPA service:</h5>
+					Use the following command to create a service for that host: 
+<pre class="screen"><code class="command"># ipa service-add test/myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				This will produce output similar to the following:
+			</div><pre class="screen">
+-------------------------------------------------------
+Added service "test/myserver.mydomain.net at MYDOMAIN.NET"
+-------------------------------------------------------
+  Principal: test/myserver.mydomain.net at MYDOMAIN.NET
+  Managed by: myserver.mydomain.net</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">8.3.1.1. Requesting a Certificate for a Service</h4></div></div></div><div class="para">
+					Use the following command to request a certificate for the new service. The certificate request is contained in the <code class="filename">example.csr</code> file. 
+<pre class="screen"><code class="command"># ipa cert-request --principal=test/myserver.mydomain.net example.csr </code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="option">--add</code> option to create the service when requesting the certificate.
+					</div></div></div><div class="para">
+					If necessary, create the CSR file using openssl. The following is an example session creating such a file:
+				</div><pre class="screen"><code class="command"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key</code>
+Generating a 2048 bit RSA private key
+.........................................................+++
+.............................+++
+writing new private key to 'private.key'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [XX]:AU
+State or Province Name (full name) []:QLD
+Locality Name (eg, city) [Default City]:BNE
+Organization Name (eg, company) [Default Company Ltd]:MYDOMAIN.NET
+Organizational Unit Name (eg, section) []:ECS
+Common Name (eg, your name or your server's hostname) []:myserver.mydomain.net
+Email Address []:authors at mydomain.net
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:</pre></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">8.3.1.2. Using certmonger to Manage Certificate Requests</h4></div></div></div><div class="para">
+					You can also use <span class="application"><strong>certmonger</strong></span> to manage the certificate request process for you. Use the following command to request a certificate: 
+<pre class="screen"><code class="command"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</code></pre>
+
+				</div><div class="para">
+					The <code class="filename">/etc/pki/nssdb</code> file is the global NSS database, and <code class="literal">Server-Cert</code> is the nickname of this certificate. There is nothing special about this name; it can be anything, but it does need to be unique within this database. Use the <code class="command">ipa-getcert list</code> command to display the current status of certificates managed by <span class="application"><strong>certmonger</strong></span>.
+				</div><div class="para">
+					If you use <span class="application"><strong>certmonger</strong></span> to request a certificate for a service, you need to use the <code class="option">-K &lt;principal&gt;</code> option. Without this option, <span class="application"><strong>certmonger</strong></span> assumes it is requesting a certificate for the host service (host/fqdn at REALM). For example:
+				</div><pre class="screen"><code class="command"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K</code>
+<code class="command">HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</code></pre><div class="para">
+					You need to use the <code class="option">-N</code> option to specify the subject when using the <code class="option">-K</code> option. The subject format is as follows: CN=&lt;fqdn&gt;,O=&lt;subject base&gt;
+				</div><div class="para">
+					You can configure the IPA subject base as part of the IPA server installation process; the default value is the same as the default value for the realm name, which is derived from the hostname by default. Use the following command to determine the subject base: 
+<pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code></pre>
+					 IPA will reject requests with invalid subject base values.
+				</div><div class="para">
+					Refer to the <code class="systemitem">certmonger</code> man page and also to <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">Section B.1, “What is certmonger?”</a> for more information.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">8.3.1.3. Using NSS</h4></div></div></div><div class="para">
+					If you need to create an NSS database in which to store your key, use the <code class="command">certutil</code> command as follows: 
+<pre class="screen"><code class="command">$ certutil -N -d /path/to/database/dir</code>
+<code class="command">$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" \</code>
+<code class="command">-d /path/to/database/dir -a &gt; example.csr</code></pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_NSS-CSR_File_Formats"><h5 class="formalpara">CSR File Formats</h5>
+						The format of the CSR is partly dependent upon the CA back end you are using.
+					</div><div class="para">
+					If you are using Dogtag, then the Common Name (CN) is the only part of the request subject that is used; all other components are ignored.
+				</div><div class="para">
+					If you are using the selfsigned CA back end, then the subject must match the configured certificate subject base. You can find this with:
+				</div><pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code>
+
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+					This means you need to use MYDOMAIN.NET for the organization. IPA will reject requests whose subject base differs from this value.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">8.3.2. Configuring an NFS Service Principal on the IPA Server</h3></div></div></div><div class="para">
+				The following procedure describes how to configure <code class="systemitem">NFS</code> on the IPA server and to set up an <code class="systemitem">NFS</code> service principal.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 8.1. Configuring <code class="systemitem">NFS</code> on the IPA Server</h6><ol class="1"><li class="step"><div class="para">
+						Configure the export directory. 
+<pre class="screen"><code class="command"># mkdir /export</code>
+<code class="command"># chmod 777 /export</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure the <code class="filename">/etc/exports</code> file as follows:
+					</div><div class="para">
+						
+<pre class="programlisting">/export  *(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5i(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5p(rw,fsid=0,insecure,no_subtree_check)
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						To enable secure <code class="systemitem">NFS</code>, add the following line to <code class="filename">/etc/sysconfig/nfs</code>
+					</div><div class="para">
+						
+<pre class="programlisting">SECURE_NFS=yes
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Add a service principal and keytab for <code class="systemitem">NFS</code>. 
+<pre class="screen"><code class="command"># ipa service-add nfs/ipaserver.example.com</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com \</code>
+ <code class="command">-k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on an older Red Hat Enterprise Linux machine, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's <code class="systemitem">rpc.gssd</code> and the server's <code class="systemitem">rpc.svcgssd</code> daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="step"><div class="para">
+						Run the following commands to reload the NFS configuration and restart the required services: 
+<pre class="screen"><code class="command"># exportfs -a</code>
+<code class="command"># restart services</code>
+<code class="command"># service nfs restart</code>
+<code class="command"># service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Note the use of the <code class="option">-k</code> option when restarting <code class="systemitem">rpcgssd</code>. This is necessary to update the NFS configuration with the path to the NFS keytab.
+						</div></div></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerb-policies.html"><strong>Prev</strong>8.2. Setting Kerberos Ticket Policies</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Next</strong>8.4. Refreshing Kerberos Tickets</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
new file mode 100644
index 0000000..7bc4377
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. Configuring the Network Information Service (NIS)</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="nis.html" title="Chapter 11. Identity: Integrating with NIS Domains and Netgroups" /><link rel="prev" href="nis.html" title="Chapter 11. Identity: Integrating with NIS Domains and Netgroups" /><link rel="next" href="migrintg-from-nis.html" title="11.3. Migrating from NIS to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="nis.html"><strong>Prev</strong></a>
 </li><li class="next"><a accesskey="n" href="migrintg-from-nis.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">11.2. Configuring the Network Information Service (NIS)</h2></div></div></div><div class="para">
+			The Network Information Service (NIS) is an RPC service, used in conjunction with <code class="systemitem">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+		</div><div class="para">
+			IPA provides a NIS server plug-in to facilitate the integration of NIS clients with an IPA domain, including exposing any automount maps that have been configured.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">11.2.1. Exposing Automount Maps to NIS Clients</h3></div></div></div><div class="para">
+				Currently, when the NIS service is enabled, the server is automatically configured to serve the NIS domain with the IPA domain's name, and to serve IPA users, groups, and netgroups (passwd, group, and netgroup maps) to the NIS domain.
+			</div><div class="para">
+				If you have defined automount maps, these maps need to be manually added to the NIS server plug-in's configuration in the directory server in order to expose them to NIS clients.
+			</div><div class="para">
+				The NIS plug-in needs to know the name of the NIS domain, the name of the NIS map, how to find the directory entries to use as the NIS map's contents, and which attributes to use as the NIS map's key and value. Most of these settings will be the same for every map.
+			</div><div class="para">
+				The IPA server stores the automount maps, grouped by automount location, in the <em class="parameter"><code>cn=automount</code></em> branch of the IPA domain's tree.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">11.2.1.1. Example Automount Map Configuration</h4></div></div></div><div class="para">
+					If you have created an automount map named <code class="filename">auto.example</code> in a location named "default", you first need to add an entry to the configuration for the NIS server running on a host named <code class="systemitem">dirsrv</code>, as follows: 
+<pre class="screen">LOCATION=default
+NISDOMAIN=example.com
+NISMAP=auto.master
+NISSERVER=dirsrv
+IPASUFFIX=`echo ${NISDOMAIN} | sed -e 's,^,dc=,g' -e 's,\.,\,dc=,g'`
+
+ldapadd -h ${NISSERVER} -x -D "cn=Directory Manager" -W &lt;&lt; EOF
+dn: nis-domain=${NISDOMAIN}+nis-map=${NISMAP},
+ cn=NIS Server, cn=plugins, cn=config
+objectClass: extensibleObject
+nis-domain: ${NISDOMAIN}
+nis-map: ${NISMAP}
+nis-filter: (objectclass=automount)
+nis-key-format: %{automountKey}
+nis-value-format: %{automountInformation}
+nis-base: automountmapname=${NISMAP}, ${LOCATION:+cn=${LOCATION},}
+ cn=automount, ${IPASUFFIX}
+
+EOF
+</pre>
+
+				</div><div class="para">
+					This entry instructs the plug-in to create a map named <code class="filename">auto.master</code> in the domain named <code class="systemitem">${NISDOMAIN}</code>, and that the data for that map should be read from the entries at and below <em class="parameter"><code>automountmapname=${NISMAP}</code></em>, which exists inside a container named <code class="systemitem">cn=${LOCATION}</code>. This container is in the automount section of the IPA data store. The keys for the entries in the automount map in NIS are the values of the <em class="parameter"><code>automountKey</code></em> attribute for the directory server entries, and the corresponding values in the NIS map are the values of the <em class="parameter"><code>automountInformation</code></em> attribute in those same entries.
+				</div><div class="para">
+					You then need to repeat the process for the <code class="filename">auto.direct</code> map, and then any other maps that you have defined.
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="nis.html"><strong>Prev</strong>Chapter 11. Identity: Integrating with NIS Domain...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="migrintg-from-nis.html"><strong>Next</strong>11.3. Migrating from NIS to IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html
new file mode 100644
index 0000000..001c73e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.6. Client Problems</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="prev" href="certs.html" title="5.5. Configuring Certificate-Based Machine Authentication" /><link rel="next" href="uninstalling-clients.html" title="5.7. Uninstalling an IPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="certs.html"><strong>Prev</strong></a></li><l
 i class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">5.6. Client Problems</h2></div></div></div><div class="para">
+			If you are unable to log into a machine or the standard NSS tools fail to return user and group information (for example, <code class="command">getent passwd admin</code> fails), inspect the SSSD logs in <code class="filename">/var/log/sssd/</code>. You should start with the log file for your domain (<code class="filename">sssd_example.com.log</code>).
+		</div><div class="para">
+			To increase the log level, set <code class="varname">debug_level</code> = 9 in the <code class="literal">[domain/<em class="replaceable"><code>example.com</code></em>]</code> section of the <code class="filename">/etc/sssd/sssd.conf</code> file, and restart the <code class="systemitem">sssd</code> daemon for this change to take effect. Monitor the <code class="filename">/var/log/sssd/sssd_example.com.log</code> file for any relevant information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="certs.html"><strong>Prev</strong>5.5. Configuring Certificate-Based Machine Authen...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong>5.7. Uninstalling an IPA Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html
new file mode 100644
index 0000000..332ea45
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.6. Kerberos Errors</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /><link rel="prev" href="rotating-keys.html" title="8.5. Rotating Keys" /><link rel="next" href="automount.html" title="Chapter 9. Identity: Using Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="
 n" href="automount.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">8.6. Kerberos Errors</h2></div></div></div><div class="para">
+			If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the server: <code class="filename">/var/log/krb5kdc.log</code>
+					</div></li><li class="listitem"><div class="para">
+						If you were using the framework also look in <code class="filename">/var/log/httpd/error_log</code>
+					</div></li></ul></div>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong>8.5. Rotating Keys</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="automount.html"><strong>Next</strong>Chapter 9. Identity: Using Automount</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
new file mode 100644
index 0000000..0c20b80
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. HBAC Service Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="authz.html" title="Chapter 12. Policy: Configuring Authorization" /><link rel="prev" href="authz.html" title="Chapter 12. Policy: Configuring Authorization" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html" title="12.3. HBAC Services" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="authz.ht
 ml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">12.2. HBAC Service Groups</h2></div></div></div><div class="para">
+			HBAC service groups can contain any number of individual services (<em class="firstterm">members</em>), and are typically used to group similar services to make it easier to create HBAC rules. All HBAC service groups require a name and description. IPA provides a single default group, SUDO, used for SUDO-related services.
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvcgroup-find</code> command to display the existing HBAC groups: 
+<pre class="screen"><code class="command"># ipa hbacsvcgroup-find</code>
+----------------------------
+1 HBAC service group matched
+----------------------------
+  Service group name: SUDO
+  Description: Default group of SUDO related services
+----------------------------
+Number of entries returned 1
+----------------------------</pre>
+
+		</div><div class="para">
+			IPA provides commands for adding, removing and modifying HBAC service groups, adding and removing members to and from those groups, and displaying group information. Refer to the <code class="command">ipa help hbacsvcgroup</code> help page for more information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="authz.html"><strong>Prev</strong>Chapter 12. Policy: Configuring Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Next</strong>12.3. HBAC Services</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
new file mode 100644
index 0000000..7b8fc93
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.3. HBAC Services</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="authz.html" title="Chapter 12. Policy: Configuring Authorization" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html" title="12.2. HBAC Service Groups" /><link rel="next" href="sudo.html" title="Chapter 13. Policy: Using sudo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterpr
 ise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sudo.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">12.3. HBAC Services</h2></div></div></div><div class="para">
+			HBAC services refer to the PAM services that the IPA HBAC system can control access to. HBAC service names must exactly match the service name that PAM is evaluating. For example, use the following command to add the <code class="systemitem">tftp</code> service as an HBAC service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-add tftp</code>
+-------------------------
+Added HBAC service "tftp"
+-------------------------</pre>
+
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvc-find</code> command to search for HBAC services. Note that in this example, two results are returned; the newly-added <code class="systemitem">tftp</code> service and the preexisting <code class="systemitem">ftp</code> service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-find ftp</code>
+-----------------------
+2 HBAC services matched
+-----------------------
+Service name: ftp
+Description: ftp
+
+Service name: tftp
+----------------------------
+Number of entries returned 2
+----------------------------
+</pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">ipa help hbacsvc</code> help page for more information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Prev</strong>12.2. HBAC Service Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sudo.html"><strong>Next</strong>Chapter 13. Policy: Using sudo</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html
new file mode 100644
index 0000000..7bae1f0
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.7. Implementing Unique UID and GID Attributes</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="disabling-anon-binds.html" title="14.6. Disabling Anonymous Binds" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html" title="14.8. Configuring Certificates and Certificate Authorities" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li clas
 s="previous"><a accesskey="p" href="disabling-anon-binds.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">14.7. Implementing Unique UID and GID Attributes</h2></div></div></div><div class="para">
+			An IPA deployment needs to handle the dual constraints of generating random UID and GID values, while ensuring that replicas never generate the same UID or GID value. It is also important to minimize the chance that any two deployments of IPA have overlapping ranges.
+		</div><div class="para">
+			The system administrator—or whoever is performing the IPA installation—can impact the logic that deals with these constraints only once, when the system is being installed.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">14.7.1. Assigning UIDs and GIDs</h3></div></div></div><div class="para">
+				To assign UIDs and GIDs, IPA uses the directory server DNA plug-in. This plug-in is configured with a range of IDs and will assign a new ID whenever an entry requiring the uidNumber or gidNumber attributes is added to the system.
+			</div><div class="para">
+				For simplicity, and to allow configuring User Private Groups (UPGs) at any time, IPA uses a single range of UIDs and GIDs, instead of using two separate ranges. When UPGs are active, the private group gidNumber is numerically identical to the uidNumber of its user.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">14.7.1.1. Selecting ID Ranges</h4></div></div></div><div class="para">
+					When the first IPA server is installed, a range of 200,000 IDs is randomly selected between the values 1MiB and 2GiB, approximately. There are 10,000 possible ranges. The selection of a random range provides a high probability of non-conflicting IDs if, at a later stage, a trust relationship or merge between two separate installations needs to occur.
+				</div><div class="para">
+					IDs are assigned in order by a single master, but ID ranges can be split and distributed between replicas. When a replica is installed it is configured with an invalid depleted range, and a place in the shared tree where it can expose information about the ranges it manages. The first time an allocation is needed, the replica will notice it has no more IDs available and will contact one of the other available masters (typically the one with the greatest available range). A special extended operation is performed to split the range in two, so that the original master and the replica will each receive half of the previously available range for their use. When a range comes close to depletion (by default when less than 100 IDs are available), a new range is requested.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">14.7.1.2. Adding New Ranges</h4></div></div></div><div class="para">
+					If the domain-wide range is close to depletion, the system administrator needs to manually select and add a new range to one of the masters. All other replicas will manage sharing the range among them as necessary.
+				</div><div class="para">
+					To add a new range, the Directory Manager must connect to the LDAP server and add the new range as a dash-separated minimum/maximum value pair in the <em class="parameter"><code>dnaNextRange</code></em> attribute in the DNA configuration entry for the ranges in question. For example, the following command adds a new range of 100k values:
+				</div><pre class="screen"><code class="command">% ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password: *******
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: modify
+add: dnaNextRange
+dnaNextRange: 123400000-123500000</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						This command only adds the specified range of values; it does not check that the values in that range are actually available. This check will be performed when an attempt is made to allocate those values. If, for example, you added a range that contained mostly values that were already allocated, time would be lost as the system cycled through searching for unallocated values, and then finally failing if none were available.
+					</div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="disabling-anon-binds.html"><strong>Prev</strong>14.6. Disabling Anonymous Binds</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong>14.8. Configuring Certificates and Certificate Au...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
new file mode 100644
index 0000000..9ae55db
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>C.3. Performing a Client-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="C.2. Performing a Server-based Migration" /><link rel="next" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docna
 v"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_S
 SSD">C.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Install SSSD first on the machines that can support it:
+					</div><div class="para">
+						<code class="command"># yum install sssd</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure SSSD with the LDAP back end and point it to the existing DS deployment.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				Install IPA and migrate the existing DS data as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section C.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Start moving clients that have SSSD installed from the LDAP back end to the IPA back end, and enroll them with IPA. This will download the required keys and certificates.
+					</div></li><li class="listitem"><div class="para">
+						Instruct users to use (that is, to log in at least once) the machines with SSSD and IPA back end, or go to the web page and authenticate.
+					</div></li><li class="listitem"><div class="para">
+						Monitor the user migration process using the following LDAP query. This query detects the state of the migration by determining which users do not have a Kerberos principal key but do have a password.
+					</div><div class="para">
+						This query will prompt for the Directory Manager password. 
+<pre class="screen"><code class="command">$ ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'cn=users,cn=accounts,dc=example,dc=com' \</code>
+<code class="command">'(&amp;(!(krbprincipalkey=*))(userpassword=*))' uid</code></pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							It is important to include the quotes around the filter so that it is not interpreted by the shell.
+						</div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						As the user population is migrated (the Kerberos keys are generated), you can start reconfiguring other (non‐SSSD) clients as required. The clients can be set up in any state shown on the diagram above.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of the clients is complete, decommission the DS.
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong>C.2. Performing a Server-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong>Glossary</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
new file mode 100644
index 0000000..0401940
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>C.2. Performing a Server-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="prev" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="C.3. Performing a Client-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Conte
 nt/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Each phase of the migration should be performed as a single step.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				The first phase of the migration consists of setting up IPA and migrating data from the existing DS to that used by IPA. This involves the use of the <code class="command">ipa migrate-ds</code> command, which dumps the user data from the original DS, converts it into a format suitable for use by IPA, and then loads the converted data into IPA.
+			</div><div class="para">
+				The <code class="command">ipa migrate-ds</code> command connects to the DS and binds as the <code class="systemitem">Directory Manager</code>, and then extracts all objectClass=person objects from ou=People. This can be changed using the <code class="option">--user-container</code> option. It also extracts all objects from ou=Groups. This can be changed using the <code class="option">--group-container</code> option. It adds all object classes and attributes required by IPA (if they are missing) and coverts DNs in attributes to match the IPA Directory Information Tree (DIT). The command returns an error if migration is not enabled.
+			</div><div class="para">
+				Refer to the <code class="command">ipa migrate-ds</code> help page for more details about this command (<code class="command">ipa help migrate-ds</code>).
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure C.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
+						Install IPA, including any custom DS schema, on a different machine from the existing DS. Refer to 
+					</div></li><li class="step"><div class="para">
+						Use the following command to enable IPA migration mode:
+					</div><div class="para">
+						<code class="command"># ipa config-mod --enable-migration=TRUE</code>
+					</div></li><li class="step"><div class="para">
+						To migrate users and groups from an existing Directory Server using a default configuration, reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						To migrate users and groups from an existing IPAv1 installation using a default configuration, whose DS is reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds --user-container=cn=users,cn=accounts \</code> <code class="command">--group-container=cn=groups,cn=accounts <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						In this example, <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code> is the LDAP-URI and port number of the existing directory server from which you want to migrate your data. Update this URI to suit your own environment.
+					</div><div class="para">
+						Enter the <code class="systemitem">Directory Manager</code> password for the DS when prompted.
+					</div></li><li class="step"><div class="para">
+						Check the log file for errors and instructions on how to address them. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								The migration log file is currently not implemented. Instead, any error messages are printed to standard output.
+							</div></div></div>
+
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure C.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
+						Update the client configuration to use PAM_LDAP and NSS_LDAP to connect to IPA instead of connecting to DS, NIS, or using local files. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									If the intention is to automatically generate the Kerberos keys when a user authenticates, the configuration should use startTLS and simple bind authentication. For this to occur, the IT department needs to ensure the IPA server certificate is copied to the client.
+								</div></li><li class="listitem"><div class="para">
+									If the intention is to install SSSD on a client at a later date, the startTLS and certificate requirements do not apply.
+								</div></li></ul></div>
+
+					</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+					You should not update your client configuration to use PAM_KRB5 and NSS_LDAP (that is, the equivalent of IPA v1) at this stage unless absolutely necessary. This is because the Kerberos keys will not yet exist in the IPA user entries, and consequently users will not be able to log in. If such a configuration is required, users can be directed to a specific web page on the IPA server after the data has been loaded into the IPA server. This page will prompt the user for their password and perform an LDAP bind. The DS password plug-in will capture these passwords and generate the Kerberos keys.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Install SSSD on the machines that can support it:
+							</div><div class="para">
+								<code class="command"># yum install sssd</code>
+							</div></li><li class="listitem"><div class="para">
+								Configure SSSD to use IPA as a back end (Kerberos and LDAP). Installing SSSD and enrolling the client with IPA will ensure delivery of the machine Kerberos key and server certificate to the client. Refer to 
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section C.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
+							</div></li><li class="listitem"><div class="para">
+								As the migration of the user population progresses (that is, as the Kerberos keys are generated on the IPA server), you can begin to configure other, non-SSSD clients to suit your requirements.
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of all clients and users is complete, decommission the DS.
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong>Appendix C. Migrating from a Directory Server to ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong>C.3. Performing a Client-based Migration</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
new file mode 100644
index 0000000..2e6396f
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. Setting up Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="next" href="configuring-active-directory.html" title="10.3. Configuring Active Directory Synchronization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
 <a accesskey="p" href="active-directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-active-directory.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">10.2. Setting up Active Directory</h2></div></div></div><div class="para">
+			The Windows Sync utility requires TLS/SSL to synchronize password changes. Therefore, you need to set up Active Directory as an SSL server. The easiest way to achieve this is to install Microsoft Certificate System in Enterprise Root Mode; Active Directory will then automatically enroll to retrieve its SSL server certificate.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You need to install both the <code class="command">winsync</code> and <code class="command">passsync</code> utilities to synchronize User IDs and attributes as well as passwords.
+			</div><div class="para">
+				You need to install the <code class="command">passsync</code> utility on all AD domain controllers to enable password synchronization from AD to IPA.
+			</div></div></div><div class="para">
+			Refer to the <a href="http://directory.fedoraproject.org/wiki/Howto:WindowsSync">Fedora Project Windows Sync Howto</a> for information on setting up Active Directory as an SSL server.
+		</div><div class="para">
+			After you have installed Microsoft Certificate System, you need to save the CA certificate in ASCII (PEM) format. This CA Certificate is required to create the synchronization agreement.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-To_save_the_CA_certificate_in_ASCII_format"><h6>Procedure 10.1. To save the CA certificate in ASCII format:</h6><ol class="1"><li class="step"><div class="para">
+					Navigate to My Network Places and drill down to the CA distribution point. On Windows 2003 Server this is typically <code class="filename">C:\WINDOWS\system32\certsrv\CertEnroll\</code>
+				</div></li><li class="step"><div class="para">
+					Double-click the security certificate file (<code class="filename">.crt</code> file) to display the <span class="guilabel"><strong>Certificate</strong></span> dialog box.
+				</div></li><li class="step"><div class="para">
+					On the <span class="guilabel"><strong>Details</strong></span> tab, click <span class="guibutton"><strong>Copy to File</strong></span> to start the <span class="application"><strong>Certificate Export Wizard</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>Next</strong></span>, select <span class="guilabel"><strong>Base-64 encoded X.509 (.CER)</strong></span> and then click <span class="guibutton"><strong>Next</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Specify a suitable directory and file name for the exported file. The file name is not important. Click <span class="guibutton"><strong>Next</strong></span> to export the certificate, and then click <span class="guibutton"><strong>Finish</strong></span>. You should receive a message stating that the export was successful.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>OK</strong></span> to exit the wizard.
+				</div></li></ol></div><div class="para">
+			Refer to <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">Section 10.4, “Creating Synchronization Agreements”</a> for information on how to use the CA Certificate to create the synchronization agreement.
+		</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-Select_Base_64_encoded_X.509_to_export_the_security_certificate_as_ASCII"><div class="figure-contents"><div class="mediaobject" align="center"><img src="images/ASCII_Cert_Export.png" align="middle" width="444" alt="Select Base-64 encoded X.509 to export the security certificate as ASCII" /></div></div><h6>Figure 10.1. Select Base-64 encoded X.509 to export the security certificate as ASCII</h6></div><br class="figure-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="active-directory.html"><strong>Prev</strong>Chapter 10. Identity: Integrating with Microsoft ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-active-directory.html"><strong>Next</strong>10.3. Configuring Active Direct
 ory Synchronization</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
new file mode 100644
index 0000000..6ac2ecf
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. Creating Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="configuring-active-directory.html" title="10.3. Configuring Active Directory Synchronization" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html" title="10.5. Modifying Synchronization Agreements" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/i
 mages/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-active-directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">10.4. Creating Synchronization Agreements</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa-replica-manage connect</code> command to create synchronization agreements. The following command-line arguments apply to creating synchronization agreements:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<code class="option">--winsync</code> — specifies that this is a Windows Sync agreement. Winsync replication occurs every five minutes.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--binddn</code> — the full DN of the user to use. The DS will bind to Active Directory as this user to read and write changes. This user requires read, search, and write permissions on the Active Directory subtree, including password changes, as well as permission to use the DirSync control (that is, it must be able to use replication).
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--bindpw</code> — the password for the user specified by the <code class="option">--binddn</code> argument.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--passsync</code> — the password for the Windows PassSync user, and a required argument to <code class="command">ipa-replica-manage</code> when creating winsync agreements.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--cacert</code> — the full path and file name of the ASCII/PEM-encoded Windows Active Directory CA certificate. This certificate will be installed in the Directory Server certificate database as "Imported CA".
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--win-subtree</code> — the DN of the Windows subtree containing the users you want to synchronize. The default value is <em class="parameter"><code>cn=Users,$SUFFIX</code></em> — this is what Windows AD typically uses as the default value.
+				</div></li></ul></div><div class="para">
+			The following example illustrates adding a new WinSync agreement:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Creating_Synchronization_Agreements-Adding_a_WinSync_agreement_between_an_IPA_server_and_an_AD_server."><h6>Example 10.1. Adding a WinSync agreement between an IPA server and an AD server.</h6><div class="example-contents"><pre class="screen"><code class="command">ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=example,dc=com \</code>
+<code class="command">--bindpw password --passsync password --cacert /path/to/certfile.cer adserver.example.com -v</code></pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-active-directory.html"><strong>Prev</strong>10.3. Configuring Active Directory Synchronization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Next</strong>10.5. Modifying Synchronization Agreements</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
new file mode 100644
index 0000000..599aa64
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.6. Deleting Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html" title="10.5. Modifying Synchronization Agreements" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html" title="10.7. Winsync Agreement Failures" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="
 http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">10.6. Deleting Synchronization Agreements</h2></div></div></div><div class="para">
+			You can use the IPA administration tools to delete existing synchronization agreements. For example, to delete an agreement with the AD server <code class="systemitem">adserver.example.com</code>, run the following command:
+		</div><div class="para">
+			<code class="command"># ipa-replica-manage disconnect adserver.example.com</code>
+		</div><div class="para">
+			This removes the replication agreement between the IPA and AD servers. To complete the operation, you need to remove the AD certificate from the IPA server. Run the following command to remove the AD certificate:
+		</div><div class="para">
+			<code class="command"># certutil -D -d /etc/dirsrv/slapd-$REALM/ -n "Imported CA"</code>
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Prev</strong>10.5. Modifying Synchronization Agreements</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Next</strong>10.7. Winsync Agreement Failures</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
new file mode 100644
index 0000000..6d4d063
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.5. Modifying Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html" title="10.4. Creating Synchronization Agreements" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html" title="10.6. Deleting Synchronization Agreements" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" 
 alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">10.5. Modifying 
 Synchronization Agreements</h2></div></div></div><div class="para">
+			You can change the behavior of the synchronization agreement to suit the changing needs of your organization. You can modify a number of attributes related to the synchronization agreement using default tools provided with IPA.
+		</div><div class="para">
+			The following example illustrates changing the synchronization behavior of account lock status. By default, account lock status is synchronized between IPA and AD. This means that accounts that are locked in IPA are also locked (disabled) in AD, and vice versa. You can change this synchronization behavior as follows:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Configuring_the_IPA_WinSync_agreement_to_not_synchronize_account_lock_status_information."><h6>Example 10.2. Configuring the IPA WinSync agreement to not synchronize account lock status information.</h6><div class="example-contents"><pre class="screen"><code class="command">$ ldapmodify -x -D "cn=directory manager" -w password</code>
+dn: cn=ipa-winsync,cn=plugins,cn=config
+changetype: modify
+replace: ipaWinSyncAcctDisable
+ipaWinSyncAcctDisable: none
+
+modifying entry "cn=ipa-winsync,cn=plugins,cn=config"
+</pre></div></div><br class="example-break" /><div class="para">
+			The default value of the <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> attribute is <code class="literal">both</code>. If you change this value to <code class="literal">none</code>, as described in the example, account lock status synchronization is completely disabled. Valid values for <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> are <code class="literal">both</code>, <code class="literal">to_ad</code>, <code class="literal">to_ds</code>, and <code class="literal">none</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">10.5.1. Changing the Default Synchronization Subtree</h3></div></div></div><div class="para">
+				When you create synchronization agreements, two default containers are used as the source of the user accounts to synchronize between IPA and Windows Active Directory. IPA uses the <em class="parameter"><code>cn=users,cn=accounts,$SUFFIX</code></em> subtree as the default container, and Windows uses the <em class="parameter"><code>CN=Users,$SUFFIX</code></em> subtree. You can use the <em class="parameter"><code>--win-subtree</code></em> argument to the <code class="command">ipa-replica-manage connect</code> command to override the default Windows subtree.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					If you pass such arguments to the bash or other shell, ensure that you quote spaces and other shell metacharacters. For example, the argument <em class="parameter"><code>--win-subtree=cn=users, dc=example, dc=com</code></em> will fail. The argument <em class="parameter"><code>--win-subtree="cn=users, dc=example, dc=com"</code></em> will succeed.
+				</div></div></div><div class="para">
+				IPA does not currently support modifying the default synchronization container while you are creating the synchronization agreement. You can, however, change the container after the agreement has been established. To do so, you can either modify the <code class="filename">dse.ldif</code> file directly (ensure that you stop the directory server before editing this file), or use <code class="command">ldapmodify</code> to change <em class="parameter"><code>nsds7WindowsReplicaSubtree</code></em>.
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Prev</strong>10.4. Creating Synchronization Agreements</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Next</strong>10.6. Deleting Synchronization Agreements</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
new file mode 100644
index 0000000..aa0c95c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.7. Winsync Agreement Failures</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="active-directory.html" title="Chapter 10. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html" title="10.6. Deleting Synchronization Agreements" /><link rel="next" href="nis.html" title="Chapter 11. Identity: Integrating with NIS Domains and Netgroups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_
 right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="nis.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">10.7. Winsync Agreement Failures</h2></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Symptom"><h5 class="formalpara">Symptom</h5>
+				If the creation of a winsync agreement fails, you may see an error message similar to the following: 
+<pre class="screen">"Update failed! Status: [81  - LDAP error: Can't contact LDAP server]
+</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Cause"><h5 class="formalpara">Cause</h5>
+				One example of this error occurring is if you use an invalid Windows Server Certificate when creating the winsync agreement. This can result in the wrong certificates being created in the certificate database in the <code class="filename">/etc/dirsrv/slapd-DOMAIN-NAME/</code> directory, and with same name, for example "Imported CA". The following is an example of a corrupt certificate database after such a failure (note the duplicate "Imported CA" entries): 
+<pre class="screen"><code class="command">$ certutil -L -d /etc/dirsrv/slapd-DOMAIN-NAME/</code>
+
+Certificate Nickname                                         Trust Attributes
+SSL,S/MIME,JAR/XPI
+
+CA certificate                                               CTu,u,Cu
+Imported CA                                                  CT,,C
+Server-Cert                                                  u,u,u
+Imported CA                                                  CT,,C</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Solution"><h5 class="formalpara">Solution</h5>
+				To resolve this issue, you need to clear the certificate database, as follows: 
+<pre class="screen"><code class="command"># certutil -d /etc/dirsrv/slapd-DOMAIN-NAME -D -n "Imported CA"</code></pre>
+
+			</div><div class="para">
+			This will delete the CA from the AD server ("Imported CA"). You need to do this after each failed invocation.
+		</div><div class="para">
+			You may also see the following message:
+		</div><pre class="screen">"Windows PassSync entry exists, not resetting password"
+</pre><div class="para">
+			This is not an error, but rather a notification that IPA is not re-adding the <code class="systemitem">passync</code> user, and neither is it changing the original password. The <code class="systemitem">passync</code> user is a special user entry that can change passwords in IPA.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Prev</strong>10.6. Deleting Synchronization Agreements</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="nis.html"><strong>Next</strong>Chapter 11. Identity: Integrating with NIS Domain...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html
new file mode 100644
index 0000000..11fc6d9
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.11. Creating DNS Entries for IPA Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="ipa-cluster.html" title="14.10. Using IPA in a Cluster" /><link rel="next" href="promoting-replica.html" title="14.12. Promoting a Read-Only Replica to an IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</strong></a></li><li class
 ="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">14.11. Creating DNS Entries for IPA Replicas</h2></div></div></div><div class="para">
+			You can use the <code class="option">--ip-address</code> option with the <code class="command">ipa-replica-prepare</code> command to pre-create DNS entries for a replica. If you include this option, IPA will add the A and PTR records for the replica to the DNS. For example: 
+<pre class="screen"><code class="command">$ ipa-replica-prepare master2.example.com --ip-address 192.168.1.2</code></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</strong>14.10. Using IPA in a Cluster</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong>14.12. Promoting a Read-Only Replica to an IPA Se...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html
new file mode 100644
index 0000000..5a0b0d9
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.2. Using certmonger</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html" title="B.3. Using certmonger with NSS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Conten
 t/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger">B.2. Using certmonger</h2></div></div></div><div class="para">
+			Probably the simplest use case is to generate a certificate which is signed by the subject itself. These are not typically used in production, but are suitable for demonstration and testing purposes. Consider the following command:
+		</div><pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/server.crt -k /tmp/server.key</code></pre><div class="para">
+			This informs <code class="systemitem">certmonger</code> that we want a key to be stored in the file <code class="filename">/tmp/server.key</code>, to generate a corresponding certificate, and to store that certificate in the file <code class="filename">/tmp/server.crt</code>. Using <code class="command">selfsign-getcert</code> also implicitly tells <code class="systemitem">certmonger</code> to <span class="emphasis"><em>self-sign</em></span> the CSR, which it generates and uses internally, with the subject's own key. During this process, certmonger:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					checked for the existence of a key in the specified location
+				</div></li><li class="listitem"><div class="para">
+					having determined that no such key existed, proceeded to create one
+				</div></li><li class="listitem"><div class="para">
+					created the CSR
+				</div></li><li class="listitem"><div class="para">
+					used the same key to produce a signed certificate.
+				</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Prev</strong>Appendix B. Services: Working with certmonger</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Next</strong>B.3. Using certmonger with NSS</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html
new file mode 100644
index 0000000..fbf4805
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.4. Using certmonger with IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html" title="B.3. Using certmonger with NSS" /><link rel="next" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_rig
 ht.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA">B.4. Using certmonger with IPA</h2></div></div></div><div class="para">
+			The only difference between using <code class="systemitem">certmonger</code> with the IPA CA and producing a self-signed certificate is changing the command prefix. Instead of using <code class="command">selfsign-getcert</code>, use the <code class="command">ipa-getcert</code> command. For example: 
+<pre class="screen"><code class="command">ipa-getcert request -r \</code>
+  <code class="command">-f /etc/httpd/conf/ssl.crt/server.crt \</code>
+  <code class="command">-k /etc/httpd/conf/ssl.key/server.key \</code>
+  <code class="command">-N CN=`hostname --fqdn` \</code>
+  <code class="command">-D `hostname --fqdn` \</code>
+  <code class="command">-U id-kp-serverAuth</code></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Prev</strong>B.3. Using certmonger with NSS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong>Appendix C. Migrating from a Directory Server to ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html
new file mode 100644
index 0000000..83c7e8a
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.3. Using certmonger with NSS</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html" title="B.2. Using certmonger" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html" title="B.4. Using certmonger with IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images
 /image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS">B.3. Using certmonger with NSS</h2></div></div></div><div class="para">
+			The previous example used plain files for holding the key and the certificate, but certmonger can also take advantage of NSS database storage. In this scenario, you need to pass the database's location and a nickname for the certificate to certmonger. Consider the following example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -d /tmp -n Test-Certificate</code></pre>
+
+		</div><div class="para">
+			You can specify a number of options on the command line for the CSR, such as the subject name and different types of SAN values, or you can accept the default values. For example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/babs.crt -k /tmp/babs.key \</code>
+<code class="command">-N "CN=Bob Diddley" -K bdiddley at EXAMPLE.COM -E bob at example.com</code></pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">getcert</code> man page for more information about the available command options.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Prev</strong>B.2. Using certmonger</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Next</strong>B.4. Using certmonger with IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html
new file mode 100644
index 0000000..50c0b70
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix B. Services: Working with certmonger</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html" title="B.2. Using certmonger" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
 evious"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Services: Working with certmonger</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</h2></div></div></div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon, together with its command line clients, attempts to simplify the process of generating public/private key pairs and Certificate Signing Requests (CSRs), and submitting CSRs to Certificate Authorities (CAs) for signing.
+		</div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon also monitors certificates for imminent expiration and, with the help of a CA, can optionally refresh certificates that are about to expire. It can also drive the entire IPA enrollment process, from key generation through to enrollment itself and refreshing certificates.
+		</div><div class="para">
+			The set of certificates that <code class="systemitem">certmonger</code> monitors is tracked in files stored in a user-configurable directory. The default location is <code class="filename">/var/lib/certmonger/requests</code>.
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong>Appendix A. Frequently Asked Questions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Next</strong>B.2. Using certmonger</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/self-service.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/self-service.html
new file mode 100644
index 0000000..d8177c8
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/self-service.html
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.3. Defining Self-Service Settings</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="server-config.html" title="Chapter 14. Configuring the IPA Server" /><link rel="prev" href="creating-roles.html" title="14.2. Creating Roles" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html" title="14.4. Specifying Default User Settings" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href=
 "creating-roles.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Next</strong></a></li></ul><div class="section" id="self-service"><div class="titlepage"><div><div><h2 class="title" id="self-service">14.3. Defining Self-Service Settings</h2></div></div></div><div class="para">
+			Self-service access control rules define the operations that an entity can perform on itself. These rules are attribute based; that is, they define what attributes can be modified for any particular entity. You can create self-service rules so that users can manage their own addresses, keep their contact details current, change their passwords, etc.
+		</div><div class="para">
+			Self-service rules are defined and managed by a number of sub-commands. Use the <code class="command">ipa help selfservice</code> command to display the list of available commands.
+		</div><div class="para">
+			The following example demonstrates how to add a new self-service rule that allows users to maintain their own name details. Note that access control rules whose names contain spaces or other special characters need to be quoted. 
+<pre class="screen"><code class="command">$ ipa selfservice-add "Users can manage their own name details" --permissions=write \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials</code>
+-----------------------------------------------------------
+Added selfservice "Users can manage their own name details"
+-----------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials</pre>
+
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-show</code> command to display the newly-created rule.
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-mod</code> command to manage your self-service rules. For example, you can add or remove various attributes from any of the defined rules, or change the permissions. For example, you can add telephone contact details to the rule we created in the previous example: 
+<pre class="screen"><code class="command">$ ipa selfservice-mod "Users can manage their own name details" \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials,homephone,mobile,telephonenumber</code>
+--------------------------------------------------------------
+Modified selfservice "Users can manage their own name details"
+--------------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials, homephone, mobile, telephonenumber</pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to include all of the required attributes when you modify a self-service rule, including existing ones.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="creating-roles.html"><strong>Prev</strong>14.2. Creating Roles</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Next</strong>14.4. Specifying Default User Settings</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/server-config.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/server-config.html
new file mode 100644
index 0000000..19533f3
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/server-config.html
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 14. Configuring the IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="configuring-sudo.html" title="13.2. Configuring sudo" /><link rel="next" href="creating-roles.html" title="14.2. Creating Roles" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-sudo.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="creating-roles
 .html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. Configuring the IPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">14.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">14.1.1. Server-side Access Control</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">14.1.1.1. Types of Access Control</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="creating-roles.html">14.2. Creating Roles</a></span></dt><dt><span class="section"><a href="self-service.html">14.3. Defining Self-Service Settings</a></span></dt><d
 t><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html">14.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="search-limits.html">14.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="disabling-anon-binds.html">14.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html">14.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">14.7.1. Assigning UIDs and GIDs</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management
 _Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">14.7.1.1. Selecting ID Ranges</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">14.7.1.2. Adding New Ranges</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html">14.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">14.8.1. Installing You
 r Own Certificate</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">14.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#Using_OCSP">14.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">14.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">14.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">14.1
 0.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">14.10.1.1. Service-specific Configuration</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">14.10.1.2. SSL Server Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">14.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas
 .html">14.11. Creating DNS Entries for IPA Replicas</a></span></dt><dt><span class="section"><a href="promoting-replica.html">14.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="logging.html">14.13. IPA Server Logging</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">14.1. Defining Access Controls within IPA</h2></div></div></div><div class="para">
+			Access control is a mechanism which defines user access. That is, it defines the rights that users and other objects have been granted in order to perform operations on other users or objects. When the IPA directory server receives a request, it uses the authentication information provided by the user in the bind operation together with <em class="firstterm">access control instructions (ACIs)</em> defined in the server to allow or deny access to directory information. The server can allow or deny permissions for actions, such as read, write, search, and compare, on directory server entries. The permission level granted to a user may depend on the authentication information provided.
+		</div><div class="para">
+			IPA implements a number of different methods for controlling access to the various objects, commands and processes that exist within an IPA domain. This includes a Kerberos Ticket Policy, a Password Policy, Host-based Access Control and SUDO Command Policies for controlling client access to services and commands; that is, outside of the IPA server, and a separate Access Control Model for controlling server-side objects; that is, LDAP entries within the IPA server.
+		</div><div class="para">
+			IPA relies on three separate types of access control rules:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Role-based rules: specify what operations an entity can perform based on its IPA Role.
+				</div></li><li class="listitem"><div class="para">
+					Self-service rules: specify what an entity can change within its own entry.
+				</div></li><li class="listitem"><div class="para">
+					Delegation rules: specify which groups can modify members of another group.
+				</div></li></ul></div><div class="para">
+			These three types of access control complement each other, and allow IPA administrators to create a very flexible set of access control permissions and restrictions.
+		</div><div class="para">
+			Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Users, groups, hosts, and host groups can be added to different IPA Roles. These roles provide the necessary permissions for access. You can create as many roles as you need to suit the requirements of your deployment.
+		</div><div class="para">
+			There are several aspects to working with roles. Because it is a hierarchical system, to create a fully operational role you need to create the role itself, add privileges to this role to establish what tasks it can and cannot perform, and finally add members to the role, such as users, groups, etc. The reverse is also true; if you remove a role, then any users or groups who relied on this role to perform certain tasks will no longer be able to do so.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot create nested roles. That is, a role cannot contain another role.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">14.1.1. Server-side Access Control</h3></div></div></div><div class="para">
+				The IPA Access Control Model is based on the underlying 389 Directory Server access control model, which uses access control instructions (ACIs) to define user access within the system. An ACI is a construct that can express a complex set of access control information.
+			</div><div class="para">
+				As explained in the directory server documentation, the three main parts of an ACI statement are: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Target
+						</div></li><li class="listitem"><div class="para">
+							Permission
+						</div></li><li class="listitem"><div class="para">
+							Bind Rule
+						</div></li></ul></div>
+
+			</div><div class="para">
+				The ACI structure itself is very flexible, but can also be confusing. IPA attempts to structure these ACIs in order to provide a formalized input and output that can be expressed on the command line and in the WebUI, while at the same time maintaining sufficient flexibility to create complex access control rules. In order to achieve this, IPA implements three types of access control. These are discussed in the following sections.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">14.1.1.1. Types of Access Control</h4></div></div></div><div class="para">
+					IPA relies on three separate types of access control rules: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Role-based
+							</div></li><li class="listitem"><div class="para">
+								Self-service
+							</div></li><li class="listitem"><div class="para">
+								Delegation
+							</div></li></ul></div>
+					 These three types of access control complement each other, allowing IPA administrators to create a very flexible set of access control permissions and restrictions.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Role_based_Access_Control"><h5 class="formalpara">Role-based Access Control</h5>
+						Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Different users who perform the same tasks within an organization are typically combined into a group, and this group is made a member of an IPA <em class="firstterm">Role</em>. This Role provides the member groups and users the necessary permissions to perform their assigned tasks.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Self_service_Access_Control"><h5 class="formalpara">Self-service Access Control</h5>
+						Self-service access control defines what operations an entity can perform on itself. This method of control is attribute based; that is, it defines what attributes can be modified for any particular entity. The ability of a user to update their own password is an example of self-service access control. Self-service access control applies to any authenticated entity performing an operation, not only to users. This method of access control should also be used with caution, to avoid the possibility that it lead to the elevation of an entity's privileges.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Delegation_Access_Control"><h5 class="formalpara">Delegation Access Control</h5>
+						Delegation access control defines what operations one group of users or entries can perform on another group of users or entries. In each case, the group of users or entries may be identified by a provided filter. The core difference between delegation access control rules and other rules is that the target—the object of the access control rule—is not a class of entries but rather a set of specific entries that are members of a group or retrieved by a specific filter. The delegation rules allow targeted management of specific user entries.
+					</div><div class="para">
+					In each case, the access control rule resolves the constituents of the IPA access control expression: "<em class="firstterm">Who</em> can do <em class="firstterm">What</em> to <em class="firstterm">Whom</em>". The following section explains these constituents in more detail.
+				</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression">14.1.1.1.1. The IPA Access Control Expression</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Who_of_Access_Control"><h5 class="formalpara">The "Who" of Access Control</h5>
+							In simple grammatical terms, the "who" of an IPA <em class="firstterm">access control instruction (ACI)</em>, or expression, is the subject. It specifies the entity that interacts with the system and tries to perform an administrative task. This task could be an administrator adding a user, a user changing his home address, or a host requesting a certificate for a service running on the host.
+						</div><div class="para">
+						It is important to understand that the "who" is not necessarily a person; it can be any entity that has successfully authenticated against IPA. In order to authenticate against the IPA server, this entity, the "who", needs to have a Kerberos principal. After the entity has authenticated, it can connect to the IPA server and try to issue administrative commands. The system will either allow or deny the requested operation based on this entity's permissions.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_What_of_Access_Control"><h5 class="formalpara">The "What" of Access Control</h5>
+							To continue the analogy with grammatical terms, the "what" of an IPA ACI is the verb. This specifies the actual administrative operation that the subject, the "who", is trying to perform. Such operations can target actual entries, such as adding or deleting users, or they can target specific attributes of entries, such as changing phone numbers for a user entry, or changing the member attributes of a group entry.
+						</div><div class="para">
+						Most entry attributes are optional, and the operations against attributes can be any of the following: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">Add</code> — allows the creation of a new attribute, or new values for multi-valued attributes.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Delete</code> — allows the removal of an attribute.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Read</code> — makes attributes accessible.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Write</code> — allows modification of existing attributes.
+								</div></li></ul></div>
+
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Whom_of_Access_Control"><h5 class="formalpara">The "Whom" of Access Control</h5>
+							The "whom" of an IPA ACI is the object, or <em class="firstterm">target</em>, upon which the ACI acts. Targets can be expressed in different ways: 
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										As a class of entries, for example: <code class="classname">user</code>; <code class="classname">group</code>; <code class="classname">host</code>.
+									</div></li><li class="listitem"><div class="para">
+										As a location in a specific part of the directory tree, for example: everything under <em class="parameter"><code>cn=accounts</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a specific attribute potentially used in many types of entries, for example: the <em class="parameter"><code>cn</code></em> attribute.
+									</div></li><li class="listitem"><div class="para">
+										As a specific entry, for example: <em class="parameter"><code>fqdn=mycomp.mywork.com</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a set of entries selected by filter, for example: <em class="parameter"><code>cn="filter"</code></em>.
+									</div></li></ul></div>
+
+						</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types">14.1.1.1.2. Directory Server ACIs and IPA Access Control Types</h5></div></div></div><div class="para">
+						The following table summarizes the relationship between the different Directory Server ACI components and the IPA access control types.
+					</div><div class="table" id="tabl-Enterprise_Identity_Management_Guide-Directory_Server_ACIs_and_IPA_Access_Control_Types-Summary_mapping_table_of_Directory_Server_ACI_component_types_to_IPA_access_control_types."><h6>Table 14.1. Summary mapping table of Directory Server ACI component types to IPA access control types.</h6><div class="table-contents"><table summary="Summary mapping table of Directory Server ACI component types to IPA access control types." border="1"><colgroup><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /></colgroup><thead><tr><th align="left">
+										Type of Access Control
+									</th><th align="left">
+										Target
+									</th><th align="left">
+										Permission
+									</th><th align="left">
+										Bind Rule
+									</th></tr></thead><tbody><tr><td align="left">
+										Role-based
+									</td><td align="left">
+										An entry as a whole (for add and delete), or a set of attributes of an entry.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										<div class="para">
+											Taskgroup.
+										</div>
+										 <div class="para">
+											(A taskgroup is a special internal entry developed as part of IPA to construct the access control hierarchy. A taskgroup is a "container" that is granted permission to perform specific tasks.)
+										</div>
+
+									</td></tr><tr><td align="left">
+										Self-service
+									</td><td align="left">
+										Attributes within the entity's own entry.
+									</td><td align="left">
+										Write permission for specific attributes. All attributes are readable unless globally hidden.
+									</td><td align="left">
+										The entity who authenticated.
+									</td></tr><tr><td align="left">
+										Delegation
+									</td><td align="left">
+										A group of users or a set of entries selected by a filter.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										A group of users, usually a group of administrative users.
+									</td></tr></tbody></table></div></div><br class="table-break" /></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-sudo.html"><strong>Prev</strong>13.2. Configuring sudo</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="creating-roles.html"><strong>Next</strong>14.2. Creating Roles</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/setting-up-clients.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/setting-up-clients.html
new file mode 100644
index 0000000..0571d9f
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/setting-up-clients.html
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. Setting up Systems as IPA Clients</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="Uninstalling_IPA_Servers.html" title="2.6. Uninstalling IPA Servers and Replicas" /><link rel="next" href="Using_Microsoft_Windows.html" title="3.2. Configuring a Microsoft Windows System as an IPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Uninstalling_IPA_Servers.html"
 ><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Using_Microsoft_Windows.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Setting up Systems as IPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux">3.1. Configuring a Red Hat Enterprise Linux System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#rhel-pkgs">3.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">3.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="setting-up-
 clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos">3.1.3. Configuring NFS v4 with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="Using_Microsoft_Windows.html">3.2. Configuring a Microsoft Windows System as an IPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">3.3. Configuring a Solaris System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">3.3.1. Configuring Solaris 10</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">3.3.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SS
 H_Access">3.3.1.2. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">3.3.1.3. Configuring NFS v4</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">3.3.2. Configuring Solaris 9</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">3.3.2.1. Configuring PAM on Solaris 9</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">3.4. Configuring an HP-UX System as an IPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">3.4.1. Configuring LDAP A
 uthentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">3.4.2. Configuring Kerberos and PAM</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Kerberos">3.4.2.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_PAM">3.4.2.2. Configuring PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Access_Control">3.4.2.3. Configuring Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">3.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.h
 tml#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">3.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">3.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">3.5. Configuring an AIX System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">3.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">3.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">3.5.3. Configuring Client SSH Access</a></
 span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">3.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">3.6. Configuring a Macintosh OS X System as an IPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">3.6.1. Configuring Kerberos Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_Kerberos_Authentication-Configuring_Kerberos">3.6.1.1. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">3.6.1.2. Enabling Kerberos Authentication</a></span></dt></d
 l></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">3.6.2. Configuring LDAP Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">3.6.2.1. Creating the LDAP Configuration</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">3.6.2.2. Setting up the LDAP Service Configuration Options</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">3.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macint
 osh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">3.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">3.6.5. Accessing the IPA Server Using SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Macintosh_OS_X-Configuring_System_Login">3.6.6. Configuring System Login</a></span></dt></dl></dd></dl></div><div class="para">
+		A <span class="emphasis"><em>client</em></span> is any system which is a member of the Enterprise IPA domain. While this is frequently a Red Hat Enterprise Linux system (and IPA has special tools to make configuring Red Hat Enterprise Linux clients very simple), machines with other operating systems can also be added to the IPA domain.
+	</div><div class="para">
+		One important aspect of an IPA client is that <span class="emphasis"><em>only</em></span> the system configuration determines whether the system is part of the domain. (The configuration includes things like belonging to the Kerberos domain, DNS domain, and having the proper authentication and certificate setup.) IPA does not require any sort of agent or daemon running on a client.
+	</div><div class="para">
+		This chapter explains how to configure a system to join an IPA domain.
+	</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+			Clients can only be configured after at least one IPA server has been installed.
+		</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Installing_the_IPA_Client_on_Red_Hat_Enterprise_Linux">3.1. Configuring a Red Hat Enterprise Linux System as an IPA Client</h2></div></div></div><div class="section" id="rhel-pkgs"><div class="titlepage"><div><div><h3 class="title" id="rhel-pkgs">3.1.1. Installing the Client Configuration Packages and Setup Script</h3></div></div></div><div class="para">
+				Before starting the IPA installation, update your system with all the latest packages.
+			</div><div class="para">
+				The most efficient way to install the required client packages is to use your IPA master as a yum repository. You can then install the client packages directly from the IPA master.
+			</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					To Red Hat Enterprise Linux systems as IPA clients, you need either an enrollment Kerberos principal (for example, admin), or the host must be pre-created on the server with a one-time password to do the enrollment.
+				</div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					If you are installing the IPA client in an environment that uses an Active Directory DNS, you may need to manually provide the IPA server details. This is because Active Directory has its own SRV records for Kerberos and LDAP, and the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the client packages. These packages are used only as a simple way to configure the system; they do <span class="emphasis"><em>not</em></span> install an agent or daemon on the client machine.
+					</div><div class="para">
+						For a regular user system, this requires only <code class="filename">ipa-client</code>:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-client</span></pre><div class="para">
+						For an administrator workstation, also install the IPA tools package:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install ipa-client ipa-admintools</span></pre></li><li class="listitem"><div class="para">
+						If the IPA server is also configured as the DNS server, and is in the same domain as the client, add the server's IP address as the first entry in the client's <code class="filename">/etc/resolv.conf</code> file.
+					</div></li><li class="listitem"><div class="para">
+						After the packages are installed, run the client setup command to configure the system as a client.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install</span></pre></li></ol></div><div class="para">
+				The <code class="command">ipa-client-install</code> command runs through a series of configuration changes on the system to set it up as a client in the IPA domain: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							If DNS Discovery is configured correctly, the command sets up the client domain and realm without prompting for any further information. If DNS Discovery is not configured, or if the IPA server and client are not in the same domain, the script will prompt you for the information it requires.
+						</div></li><li class="listitem"><div class="para">
+							Retrieves the CA certificate
+						</div></li><li class="listitem"><div class="para">
+							Creates a separate Kerberos configuration in order to test the provided credentials. This enables the <code class="command">ipa-client-install</code> command to perform a Kerberos connection to the IPA XML-RPC server, necessary to join the IPA client to the IPA domain. Irrespective of whether or not this connection is successful, this Kerberos configuration is ultimately discarded.
+						</div></li><li class="listitem"><div class="para">
+							Calls the <code class="command">ipa-join</code> command to perform the actual join
+						</div></li><li class="listitem"><div class="para">
+							Obtains a service principal for the host service and installs it into <code class="filename">/etc/krb5.keytab</code>, for example, (host/ipa.example.com at EXAMPLE.COM)
+						</div></li><li class="listitem"><div class="para">
+							Enables certmonger and retrieves an SSL server certificate, and installs it into <code class="filename">/etc/pki/nssdb</code>
+						</div></li><li class="listitem"><div class="para">
+							Disables the nscd daemon
+						</div></li><li class="listitem"><div class="para">
+							Configures SSSD or LDAP/KRB5, including NSS and PAM configuration files
+						</div></li><li class="listitem"><div class="para">
+							Configures NTP
+						</div></li></ul></div>
+
+			</div><div class="para">
+				At the end of this process, the command displays information about the realm, DNS domain, IPA server, and other related information, similar to the following:
+			</div><pre class="screen">
+Discovery was successful!
+Realm: IPADOCS.ORG
+DNS Domain: ipadocs.org
+IPA Server: ipaserver.ipadocs.org
+BaseDN: dc=ipadocs,dc=org
+
+Continue to configure the system with these values? [no]: yes
+Enrollment principal: admin
+Password for admin at IPADOCS.ORG:
+Enrolled in IPA realm IPADOCS.ORG
+Created /etc/ipa/default.conf
+Configured /etc/sssd/sssd.conf
+Configured /etc/krb5.conf for IPA realm IPADOCS.ORG
+SSSD enabled
+Kerberos 5 enabled
+NTP enabled
+Client configuration complete.
+</pre></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">3.1.2. Configuring Kerberos</h3></div></div></div><div class="para">
+				The <code class="command">ipa-client-install</code> command performs the Kerberos configuration automatically. This includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="para">
+				The following is an example of a Kerberos configuration file for IPA:
+			</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = false
+dns_lookup_kdc = false
+rdns = false
+forwardable = yes
+ticket_lifetime = 24h
+
+[realms]
+EXAMPLE.COM = {
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      }
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+</pre><div class="para">
+				Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the system console, log in as an IPA user. After you have logged in, open a shell and run the following commands:
+					</div><div class="para">
+						<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+					</div><div class="para">
+						<code class="command">$ getent passwd &lt;userid&gt;</code>
+					</div><div class="para">
+						<code class="command">$ getent group ipausers</code>
+					</div></li></ul></div></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_NFS_v4_with_Kerberos">3.1.3. Configuring NFS v4 with Kerberos</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Add an NFS service principal on the client.
+					</div><div class="para">
+						<code class="command"># ipa service-add nfs/ipaclient.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Obtain a keytab for the NFS service principal.
+					</div><div class="para">
+						<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaclient.example.com -k /etc/krb5.keytab</code>
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Red Hat Enterprise Linux 6.1, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Add the following line to the <code class="filename">/etc/sysconfig/nfs</code> file:
+					</div><pre class="programlisting">SECURE_NFS=yes
+</pre></li><li class="listitem"><div class="para">
+						Start the rpcgssd daemon.
+					</div><div class="para">
+						<code class="command"># service rpcgssd start</code>
+					</div></li></ol></div><div class="para">
+				The IPA client should now be fully configured to mount NFS shares using Kerberos credentials. Use the following command to test the configuration:
+			</div><div class="para">
+				<code class="command"># mount -v -t nfs4 -o sec=krb5 ipaserver.example.com:/ /mnt</code>
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Uninstalling_IPA_Servers.html"><strong>Prev</strong>2.6. Uninstalling IPA Servers and Replicas</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Using_Microsoft_Windows.html"><strong>Next</strong>3.2. Configuring a Microsoft Windows System as an...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sudo.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sudo.html
new file mode 100644
index 0000000..a5eb03e
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/sudo.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Policy: Using sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html" title="12.3. HBAC Services" /><link rel="next" href="configuring-sudo.html" title="13.2. Configuring sudo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Managem
 ent_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-sudo.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sudo" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Policy: Using sudo</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="sudo.html#about-sudo">13.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">13.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">13.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Sch
 ema">13.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">13.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-sudo.html">13.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">13.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">13.2.2. Client Configuration for Sudo Rules</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules
 -NIS_Configuration_Notes">13.2.2.1. NIS Configuration Notes</a></span></dt></dl></dd></dl></dd></dl></div><div class="section" id="about-sudo"><div class="titlepage"><div><div><h2 class="title" id="about-sudo">13.1. About sudo and IPA</h2></div></div></div><div class="para">
+			The <code class="command">sudo</code> command allows a system administrator to delegate authority, allowing certain users (or groups of users) the ability to run one or more commands as root or as another user, and at the same time providing an audit trail of the commands and their arguments. For more information, including coverage of the options available for use with <code class="command">sudo</code>, refer to the <code class="command">sudo</code> and <code class="command">sudoers</code> man pages.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">13.1.1. Sudo with LDAP</h3></div></div></div><div class="para">
+				In the past, <code class="command">sudo</code> used a single, local, configuration file, <code class="filename">/etc/sudoers</code>. It is possible to share the same <code class="filename">sudoers</code> file among machines, but there is no built-in mechanism to distribute it. Some have attempted to work around this by synchronizing changes using CVS, RSYNC, RDIST, RCP, SCP, and even NFS. By using LDAP for <code class="filename">sudoers</code>, IPA provides a centrally-administered, globally-available configuration source for <code class="command">sudo</code>.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">13.1.2. Limitations of the Existing Sudo LDAP Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					The current schema relies on LDAP-stored POSIX groups for its groups of users. The limitation here is that you cannot use a group of users for <code class="command">sudo</code> without the users inheriting potential POSIX rights.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Hosts"><h5 class="formalpara">Groups of Hosts</h5>
+					The current schema does not have a concept of host groups. Instead, it relies on the legacy LDAP nisNetgroupTriple to manage groups of hosts.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					The current schema does not have a concept of command groups. This requires that individual commands be present in each Sudo rule. It also limits the ability to reuse a group of commands for multiple Sudo rules.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">13.1.3. Benefits of the IPA Alternative Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					Groups of users can be either POSIX or non-POSIX groups within IPA. This provides the flexibility to group users without assigning POSIX rights or GID information to the group.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Computers"><h5 class="formalpara">Groups of Computers</h5>
+					The IPA alternative schema also addresses the issue of host groups and netgroups for the purpose of sudo. The <code class="command">sudo</code> utility itself does not support host groups—a better and cleaner host grouping mechanism—but instead expects netgroups. To resolve this issue, IPA automatically creates a "shadow netgroup" with the same name as every host group that you create. This means that you can create host groups but still use netgroups with <code class="command">sudo</code> without encountering any problems.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					Command groups are a new concept introduced by IPA. These objects allow administrators the ability to create groups of <code class="command">sudo</code> commands that can be reused for multiple rules without the need of assigning individual commands throughout.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">13.1.4. Compatibility and Managed Entry Plug-in Configuration</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Compatibility_Translation_for_Native_Sudo"><h5 class="formalpara">Compatibility Translation for Native Sudo</h5>
+					The native <code class="command">sudo</code> binary does not yet support SSSD or the IPA Sudo Schema. As an interim solution, IPA has implemented a compatibility plug-in which transparently translates IPA Sudo rules into those supported by the current <code class="command">sudo</code> binary.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Managed_Entries_for_NIS_Netgroups"><h5 class="formalpara">Managed Entries for NIS Netgroups</h5>
+					In order to seamlessly support the current implementation of sudo, IPA provides a managed entry plug-in for NIS netgroups. Whenever an IPA host group is created, a translated nisNetgroupTriple is also created.
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Prev</strong>12.3. HBAC Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-sudo.html"><strong>Next</strong>13.2. Configuring sudo</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/switching-users.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/switching-users.html
new file mode 100644
index 0000000..69f5246
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/switching-users.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.3. Switching Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="basic-usage.html" title="Chapter 4. Basic Usage" /><link rel="prev" href="logging-in.html" title="4.2. Logging into the IPA UI" /><link rel="next" href="ipa-files.html" title="4.4. A Summary of IPA Server Configuration Files and Directories" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="logging-in.html"><strong>Prev</strong></a></li><li class="next"><a accessk
 ey="n" href="ipa-files.html"><strong>Next</strong></a></li></ul><div class="section" id="switching-users"><div class="titlepage"><div><div><h2 class="title" id="switching-users">4.3. Switching Users</h2></div></div></div><div class="para">
+			One of the main advantages of IPA is that it uses <code class="systemitem">Kerberos</code> for authentication. This means that if the machine is configured to use IPA as an authentication server and you have an IPA account, then once you have logged in to the machine and authenticated, you can reuse your <code class="systemitem">Kerberos</code> credentials to access other services in the IPA domain. This avoids the need to constantly re-enter your password to access different services.
+		</div><div class="para">
+			For example, to connect to the IPA web interface, you can enter the server's address in your browser and it will use your <code class="systemitem">Kerberos</code> ticket to authenticate against IPA. Similar functionality is available if you try to access a file share, a wiki or any other application that is configured to be a <code class="systemitem">Kerberos</code> service in the IPA domain.
+		</div><div class="para">
+			If you log in to a machine using an account different from your IPA account, use the <code class="command">kinit</code> command to establish your <code class="systemitem">Kerberos</code> credentials. Similarly, if you need to log in to IPA as a different user, perhaps in another user role or as the administrator, you need to replace your existing credentials with those of the new user. Currently you can only store one set of tickets per logged-in user, and they are the credentials that will be used when you log in to IPA.
+		</div><div class="para">
+			For example, if your local account name is <code class="systemitem">localUser</code> but your IPA account name is <code class="systemitem">ipaUser</code>, run the following command, and enter your password when prompted:
+		</div><pre class="screen">$ kinit ipaUser
+Password for ipaUser at EXAMPLE.COM:
+</pre><div class="para">
+			This establishes your <code class="systemitem">Kerberos</code> credentials on the local machine. You can use the <code class="command">klist</code> command to verify that you received a <em class="firstterm">ticket granting ticket (TGT)</em> from the server. This should return output similar to the following:
+		</div><pre class="screen">$ klist
+Ticket cache: FILE:/tmp/krb5cc_500
+Default principal: ipaUser at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+11/10/08 15:35:45  11/11/08 15:35:45  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+
+Kerberos 4 ticket cache: /tmp/tkt500
+klist: You have no tickets cached
+</pre><div class="para">
+			You should now be able to connect to the IPA web interface. If you were already connected to the web interface as another user, refresh the browser to display the updated details for the new user.
+		</div><div class="para">
+			If you configured <code class="systemitem">SSSD</code> or <code class="systemitem">pam_krb5</code> on the machine with IPA, then the ticket is created for you when you log in to the machine requires authentication (for example, <code class="command">sudo</code>).
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="logging-in.html"><strong>Prev</strong>4.2. Logging into the IPA UI</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-files.html"><strong>Next</strong>4.4. A Summary of IPA Server Configuration Files ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/uninstalling-clients.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/uninstalling-clients.html
new file mode 100644
index 0000000..e5a5b4d
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/uninstalling-clients.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.7. Uninstalling an IPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html" title="5.6. Client Problems" /><link rel="next" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" 
 href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="users.html"><strong>Next</strong></a></li></ul><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">5.7. Uninstalling an IPA Client</h2></div></div></div><div class="para">
+			For Red Hat Enterprise Linux clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the IPA domaine. To remove the client, use the <code class="option">--uninstall</code> option.
+		</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --uninstall</span></pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				There is an uninstall option with the <code class="command">ipa-join</code> command. This is called by <code class="command">ipa-client-install --uninstall</code> as part of the uninstallation process. However, while the <code class="command">ipa-join</code> option removes the client from the domain, it does not actually uninstall the client or properly remove all of the IPA-related configuration. Do not run <code class="command">ipa-join -u</code> to attempt to uninstall the IPA client. The only way to uninstall a client completely is to use <code class="command">ipa-client-install --uninstall</code>.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Prev</strong>5.6. Client Problems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="users.html"><strong>Next</strong>Chapter 6. Identity: Managing Users and User Grou...</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/user-groups.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/user-groups.html
new file mode 100644
index 0000000..408b521
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/user-groups.html
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.6. Creating User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html" title="6.5. Deleting IPA Users" /><link rel="next" href="user-pwdpolicy.html" title="6.7. Setting an Individual Password Policy" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
 ect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="user-pwdpolicy.html"><strong>Next</strong></a></li></ul><div class="section" id="user-groups"><div class="titlepage"><div><div><h2 class="title" id="user-groups">6.6. Creating User Groups</h2></div></div></div><div class="para">
+			IPA uses groups to facilitate the management and administration of all types of objects, such as users, hosts, tasks, roles, and others. This section introduces <code class="systemitem">User Groups</code> and how they are used within IPA. Other object groups behave and are used in similar ways; these are discussed elsewhere.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-User_Groups"><h5 class="formalpara">User Groups</h5>
+				Three groups are created during the installation process: <code class="systemitem">ipausers</code>, <code class="systemitem">admins</code>, and <code class="systemitem">editors</code>. All of these groups are required for IPA operation.
+			</div><div class="para">
+			The IPA Administrator is a member of the <code class="systemitem">admins</code> group. All other users belong to the global group <code class="systemitem">ipausers</code>, and you can create as many additional groups as you require.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Some operating systems limit the number of groups that you can create. For example, <code class="systemitem">Solaris</code> and <code class="systemitem">AIX</code> allow only 16 groups per user. IPA Administrators need to be aware of this limitation, especially when using nested groups.
+			</div></div></div><div class="para">
+			The <code class="systemitem">editors</code> group is a special group used by the web interface. Members of this group have at least one delegation, which means they can edit records apart from their own.
+		</div><div class="para">
+			You can create groups based on the departments within your organization, for example, Development, Finance, and HR. You can also create groups based on the permissions, or roles, required to manage your departmental or other groups.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Nested_Groups"><h5 class="formalpara">Nested Groups</h5>
+				You can also create nested groups. For example, you can create a group called "Documentation", and then create sub-groups such as "Writers", "Translators", and "Editors". You can add users to each of the sub-groups to suit the needs of your organization. Any users that you add to a sub-group automatically become members of the parent group.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Avoid the creation of cyclic groups; that is, groups that contain groups that in turn contain their own ancestors, and avoid creating group names that contain spaces. Either of these conditions can lead to unexpected behavior.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">6.6.1. Creating IPA Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">6.6.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-add</code> command to add groups. You can include attributes on the command line or use the command interactively. For example:
+				</div><div class="para">
+					To create a group called "Engineering" using the command line:
+				</div><pre class="screen">$ ipa group-add
+Group name: Engineering
+Description: All members of the engineering group
+-------------------------
+Added group "engineering"
+-------------------------
+  Group name: Engineering
+  Description: All members of the engineering group
+  GID: 387115842
+</pre><div class="para">
+					Alternatively, include all of the required attributes on the command line:
+				</div><pre class="screen">$ ipa group-add --desc='All authors, editors, and translators' Documentation
+---------------------------
+Added group "documentation"
+---------------------------
+  Group name: documentation
+  Description: All authors, editors, and translators
+  GID: 387115845</pre><div class="para">
+					The group name and description are mandatory fields. If either of these are not included on the command line, you will be prompted to include them.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_the_Command_Line-Adding_members_to_a_new_group"><h5 class="formalpara">Adding members to a new group</h5>
+						You cannot add members to a newly-created group using the <code class="command">ipa group-add</code> command. First you need to create the group, and then use the <code class="command">ipa group-add-member</code> command to add members. For example:
+					</div><pre class="screen">$ ipa group-add-member --users=user01,user02,user03 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member users: user01,user02,user03
+-------------------------
+Number of members added 3
+-------------------------
+</pre><div class="para">
+					You can use the same process to create nested groups:
+				</div><pre class="screen">$ ipa group-add-member --groups=group01,group02 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member groups: group01,group02
+  -------------------------
+  Number of members added 2
+  -------------------------
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">6.6.2. Editing IPA Groups</h3></div></div></div><div class="para">
+				You can edit many of the attributes that define a group, as well as add or remove members. Some attributes are read-only by default, however you can edit these attributes if required.
+			</div><div class="para">
+				You cannot edit the group name. The group name is the primary key, so changing it is the equivalent of deleting the group and creating a new one.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">6.6.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-mod</code> command to modify specific attributes of IPA groups. IPA provides numerous commands for working with groups, such as <code class="command">ipa group-add-member</code> and <code class="command">ipa group-detach</code>; run the <code class="command">ipa help group</code> command to access the IPA group help page for more information.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">6.6.3. Deleting IPA Groups</h3></div></div></div><div class="para">
+				When you delete an IPA group, only the immediate group is removed; members of the group are not affected.
+			</div><div class="para">
+				When you delete an IPA group, any delegations that apply to that group are also removed. For example, suppose you added an "EngineeringManager" group specifically to set up delegations for the Engineering Manager. If you delete the EngineeringManager group, then those delegations are also lost. These delegations cannot be retrieved. If you need this group and delegation again, you need to recreate them.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">6.6.3.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-del</code> command to delete groups. For example:
+				</div><div class="para">
+					To delete the Engineering group:
+				</div><div class="para">
+					<code class="command">$ ipa group-del Engineering</code>
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Prev</strong>6.5. Deleting IPA Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="user-pwdpolicy.html"><strong>Next</strong>6.7. Setting an Individual Password Policy</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/user-pwdpolicy.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/user-pwdpolicy.html
new file mode 100644
index 0000000..1e11f1c
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/user-pwdpolicy.html
@@ -0,0 +1,244 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.7. Setting an Individual Password Policy</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="users.html" title="Chapter 6. Identity: Managing Users and User Groups" /><link rel="prev" href="user-groups.html" title="6.6. Creating User Groups" /><link rel="next" href="searching.html" title="6.8. Searching for Users and Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="user-groups.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" 
 href="searching.html"><strong>Next</strong></a></li></ul><div class="section" id="user-pwdpolicy"><div class="titlepage"><div><div><h2 class="title" id="user-pwdpolicy">6.7. Setting an Individual Password Policy</h2></div></div></div><div class="para">
+			IPA has a default policy of never exposing passwords, even hashed passwords, to clients, in the interests of system security. This policy applies even if you still rely on NIS server functionality to some degree, for example, as a result of a full or partial migration from NIS to IPA. IPA normally expects a switch to Kerberos for authentication, but this may not always be possible.
+		</div><div class="para">
+			The IPA password policy supports the specification of various password attributes that help to ensure the security of your system, and also that of individual user accounts. You can specify the password lifetime, length, and the types of characters required, all as part of the IPA password policy.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						In Red Hat Enterprise Linux 6.1, the IPA password policy is enforced by the <abbr class="abbrev">KDC</abbr>. Only a limited number of attributes are currently supported, but this will be extended in later versions.
+					</div></li><li class="listitem"><div class="para">
+						Because the password policy is enforced by the <abbr class="abbrev">KDC</abbr>, any further policy specifications that you implement as part of the Directory Server password policy will not be visible in IPA, and neither will they be enforced.
+					</div></li><li class="listitem"><div class="para">
+						Different rules apply to changing passwords, depending on your login credentials.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">6.7.1. Changing Passwords as the Directory Manager</h3></div></div></div><div class="para">
+				If you reset a password using <em class="parameter entry"><code>cn=Directory Manager</code></em> credentials (only possible if you manually perform an <code class="systemitem">LDAP</code> password change operation) then you override any checks and the password is set to whatever you specify. The IPA password policy is ignored.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">6.7.2. Changing Passwords as the IPA Administrator</h3></div></div></div><div class="para">
+				If you reset a password using <code class="systemitem">admin</code> credentials (that is, as part of the <code class="systemitem">admins</code> group), the IPA password policy is ignored, but the expiration date is set to "now". This means that the user is forced to change the password at login time, and the password policy is then enforced. This is also true for users who have had password changing rights delegated to them.
+			</div><div class="para">
+				Consequently, the IPA Administrator can easily create users with "default" passwords and reset user's passwords, but will not know the actual, final password entered by the user. Further, any password that is transmitted from the IPA Administrator to the user, even over insecure channels, is a temporary password. Consequently, it is not critical if it is accidentally disclosed, provided that the user promptly resets it.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">6.7.3. Changing Passwords as a Regular User</h3></div></div></div><div class="para">
+				If you are logged in as a regular user (that is, you are not part of the <code class="systemitem">admins</code> group, or possessed of any elevated privileges), then you can only change your own password, and these changes are always subject to the IPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">6.7.4. Editing the Password Policy</h3></div></div></div><div class="para">
+				You can use either the web interface or the command line to edit the IPA password policy. However, you can only edit those attributes supported by IPA.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">6.7.4.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa pwpolicy-*</code> commands to create and modify IPA password policies. These commands are provided as part of the <code class="command">ipa pwpolicy</code> plug-in functionality. The <code class="command">ipa help pwpolicy</code> command displays the help page and some examples of using this plug-in.
+				</div><div class="para">
+					For example, use the following command to update the minimum global password length to 10 characters, and to specify that no history of passwords be kept:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-mod --minlength=10 --history=0</code>
+				</div><div class="para">
+					To display the global password policy:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-show</code>
+				</div><div class="para">
+					Refer to <a class="xref" href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">Section 6.7.6, “Password Policy Attributes”</a> for information on password policy attributes.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">6.7.5. Setting Different Password Policies for Different User Groups</h3></div></div></div><div class="para">
+				The IPA password policy plug-in (<code class="command">ipa pwpolicy</code>) manages both global and per-group password policies. You can use this plug-in to display or modify existing password policies to suit the needs of your environment.
+			</div><div class="para">
+				The following examples demonstrate how to display and modify existing password policies.
+			</div><div class="para">
+				To display the password policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="para">
+				To add a new policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					When adding or modifying the password policy for a group, that group needs to already exist but does not need to contain any members.
+				</div></div></div><div class="para">
+				To remove an attribute from a password policy, use the <code class="command">ipa pwpolicy-mod</code> command to set an empty value for the required attribute to delete it.
+			</div><div class="para">
+				The following example illustrates adding a password policy with three specific attributes to an existing group:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-add --minlife=1 --maxlife=5 --priority=1 g1</code>
+Group: g1
+Max lifetime (days): 5
+Min lifetime (hours): 1
+Priority: 1
+</pre><div class="para">
+				The following command uses the <code class="command">ipa pwdpolicy-mod</code> command to set an empty value to the <em class="parameter"><code>minlife</code></em> attribute:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-mod --minlife= g1</code>
+Group: g1
+Max lifetime (days): 5</pre><div class="para">
+				To display the policy for a given user:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --user=tuser1</code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Password policies are not cumulative. That is, you cannot override a single setting in a policy and let it fall back to the global policy on all the others; it is all or nothing.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">6.7.5.1. Setting the Priority of Password Policies</h4></div></div></div><div class="para">
+					The following example demonstrates the use of password priority, where a user and two groups are created, with a separate password policy for each group. Each policy has a different priority, and the user is added to both groups.
+				</div><div class="procedure"><ol class="1"><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_a_user"><h5 class="formalpara">Adding a user</h5>
+								Use the <code class="command">ipa user-add</code> command to add a new user:
+							</div><pre class="screen">
+<code class="command"># ipa user-add --first=Tim --last=User tuser1</code>
+---------
+Added user "tuser1"
+---------
+  User login: tuser1
+  First name: Tim
+  Last name: User
+  Home directory: /home/tuser1
+  GECOS field: tuser1
+  Login shell: /bin/sh
+  Kerberos principal: tuser1 at IPANETWORK.ORG
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_groups"><h5 class="formalpara">Adding the user groups</h5>
+								Use the <code class="command">ipa group-add</code> command to add two new groups:
+							</div><pre class="screen">
+<code class="command"># ipa group-add --desc=Group1 g1</code>
+----------
+Added group "g1"
+----------
+  Group name: g1
+  Description: Group1
+
+# ipa group-add --desc=Group2 g2
+----------
+Added group "g2"
+----------
+Group name: g2
+Description: Group2
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Specifying_the_password_policies"><h5 class="formalpara">Specifying the password policies</h5>
+								Use the <code class="command">ipa pwpolicy-add</code> command to specify different policies for each group:
+							</div><pre class="screen">
+<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=g1</code>
+---------------------------
+Added policy for group "g1"
+---------------------------
+  Group: g1
+  Minimum lifetime (in hours): 10
+
+# ipa pwpolicy-add --minlife=20 --priority=20 --group=g2
+---------------------------
+Added policy for group "g2"
+---------------------------
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_to_the_groups"><h5 class="formalpara">Adding the user to the groups</h5>
+								Use the <code class="command">ipa group-add-member</code> command to add the user that you previously created to each group. You can then use the <code class="command">ipa pwpolicy-show</code> command to display the policy that is in effect for the user.
+							</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g1</code> group and then check the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g1</code>
+  Group name: g1
+  Description: Group1
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+$ ipa pwpolicy-show --user=tuser1
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre></li><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g2</code> group and recheck the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g2</code>
+  Group name: g2
+  Description: Group2
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre><div class="para">
+									Notice that the password policy that is in effect for the user <code class="systemitem">tuser1</code> is taken from the <code class="systemitem">g1</code> group, because it has a higher priority.
+								</div></li></ol></div></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Removing_the_user_from_a_single_group"><h5 class="formalpara">Removing the user from a single group</h5>
+								Finally, use the <code class="command">ipa group-remove-member</code> command to remove the user from the <code class="systemitem">g1</code> group to demonstrate that they still have a custom policy.
+							</div><pre class="screen">
+<code class="command">$ ipa group-remove-member --users=tuser1 g1</code>
+---------------------------
+Number of members removed 1
+---------------------------
+    Users:
+    Groups:
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="command">ipa help &lt;topic&gt;</code> command to display a list of the commands available for working with various topics.
+					</div></div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">6.7.6. Password Policy Attributes</h3></div></div></div><div class="para">
+				The password policy is enforced by the <code class="systemitem module">pwd_extop</code> SLAPI plug-in. IPA 2.0 supports the following password policy attributes:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Password Lifetime</strong></span> (<span class="property">krbMinPwdLife</span>): The minimum period of time, in hours, that a user's password must be in effect before the user can change it. The default value is one hour.
+					</div><div class="para">
+						You can use this attribute to prevent users from changing their password to a "temporary" value and then immediately changing it back to the original value.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Password Lifetime</strong></span> (<span class="property">krbMaxPwdLife</span>): The maximum period of time, in days, that a user's password can be in effect before it must be changed. The default value is 90 days.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Number of Character Classes</strong></span> (<span class="property">krbPwdMinDiffChars</span>): The minimum number of different classes, or types, of character that must exist in a password before it is considered valid. The default value is 0 (zero).
+					</div><div class="para">
+						For example, setting <span class="property">krbPwdMinDiffChars</span> = 3 requires that passwords contain at least one character from three of the supported classes.
+					</div><div class="para">
+						The following character classes are supported:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Upper-case characters
+							</div></li><li class="listitem"><div class="para">
+								Lower-case characters
+							</div></li><li class="listitem"><div class="para">
+								Digits
+							</div></li><li class="listitem"><div class="para">
+								Special characters (for example, punctuation)
+							</div></li><li class="listitem"><div class="para">
+								8-bit characters (characters whose decimal code starts at 128 or below, for example, Â, Ã, and Ä)
+							</div></li></ul></div><div class="para">
+						The following special classes also exist:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Number of repeated characters
+							</div><div class="para">
+								This weights in the opposite direction, so that if you have too many repeated characters you will not meet the quorum to satisfy the "level" expressed by <span class="property">krbPwdMinDiffChars</span>.
+							</div></li></ul></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Length of Password</strong></span> (<span class="property">krbPwdMinLength</span>): The minimum number of characters that must exist in a password before it is considered valid. The default value is eight characters.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Password History Size</strong></span> (<span class="property">krbPwdHistoryLength</span>): The number of previous passwords that IPA stores, and which a user is prevented from using. For example, if you set this value to 10, IPA prevents a user from reusing any of their previous 10 passwords. The default value is 0 (zero) (disable password history).
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							If password history checking is enabled, and a user attempts to use one of the passwords in the history list, the error message returned by the system may be misleading. For example, you may see the following error:
+						</div><pre class="screen">A database error occurred: Constraint violation: Password fails to meet minimum strength criteria
+</pre><div class="para">
+							This is because <span class="package">python-ldap</span> prevents the retrieval of extended information on password policy failures over <code class="systemitem">LDAP</code>.
+						</div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Even with <span class="property">krbPwdHistoryLength</span> set to zero, users cannot reuse their existing password.
+						</div></div></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Priority</strong></span> (<span class="property">priority</span>): The priority determines which policy is in effect. The lower the number the higher priority. This is important if a user is in several groups, each with a password policy set.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Consecutive Failures</strong></span> (<span class="property">maxfail</span>): Specifies the maximum number of consecutive failures to input the correct password before the user's account is locked.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Fail Interval</strong></span> (<span class="property">failinterval</span>): Specifies the period (in seconds) after which the failure count will be reset.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Lockout Time</strong></span> (<span class="property">lockouttime</span>): Specifies the period (in seconds) for which a lockout is enforced.
+					</div></li></ul></div><div class="para">
+				Refer to the <code class="command">ipa help pwpolicy-add</code> help page for more information on configuring the IPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">6.7.7. Notifying Users of Password Expiration</h3></div></div></div><div class="para">
+				If it is installed and configured, SSSD can use the PAM module to send messages to users, warning them about imminent password expiration. Red Hat Enterprise Linux has a <code class="option">pam_pwd_expiration_warning</code> option to fine tune this feature. You can also manually search for passwords that are due to expire by a specified date. For example, to retrieve all user entries whose passwords are due to expire before March 1st, 2011, run the following command:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command">$ ldapsearch -Y GSSAPI -b "cn=users,cn=accounts,dc=example,dc=com"</code> <code class="command">'(krbPasswordExpiration&lt;=20110301000000Z)'</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">6.7.8. Using SSH for Password Authentication</h3></div></div></div><div class="para">
+				If you use password authentication (no GSSAPI authentication, and no ticket on the client) with a new user, or with a user whose password has expired, you need to enable Challenge-Response authentication. Otherwise, the password changing dialog box will not display.
+			</div><div class="para">
+				This is not enabled by default because some older <code class="systemitem">SSL</code> clients may not support Challenge-Response authentication, and it is needed only if the password has expired.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_SSH_for_Password_Authentication-To_enable_Challenge_Response_authentication"><h5 class="formalpara">To enable Challenge-Response authentication:</h5>
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Set <em class="parameter"><code>ChallengeResponseAuthentication</code></em> to <code class="literal">yes</code> in the <code class="filename">/etc/ssh/sshd_config</code> file.
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">6.7.9. Using Local Logins</h3></div></div></div><div class="para">
+				User identity and authentication is managed by SSSD in recent versions of Red Hat Enterprise Linux. The default settings specified by the IPA installation script include timeout settings that still allow local logins to succeed if the client cannot access the IPA server. These settings are specified in the <code class="filename">/etc/sssd/sssd.conf</code> file, and can be tuned to suit your particular deployment. Further, if SSSD's password caching feature is enabled, a user can log in even if the IPA server is down. A typical deployment would normally include two or more servers for redundancy, and so this would not normally be a problem.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+					These timeout settings are only set on operating systems that support the IPA installation script, meaning Red Hat Enterprise Linux 6.1 and later. On other versions, specify these values manually or it may be impossible to log into the host if no IPA servers are available.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="user-groups.html"><strong>Prev</strong>6.6. Creating User Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="searching.html"><strong>Next</strong>6.8. Searching for Users and Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/users.html b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/users.html
new file mode 100644
index 0000000..57fb690
--- /dev/null
+++ b/public_html/en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/users.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. Identity: Managing Users and User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="uninstalling-clients.html" title="5.7. Uninstalling an IPA Client" /><link rel="next" href="adding-users.html" title="6.2. Adding Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ad
 ding-users.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="users" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Managing Users and User Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="users.html#home-directories">6.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="adding-users.html">6.2. Adding Users</a></span></dt><dt><span class="section"><a href="editing-users.html">6.3. Editing Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html">6.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_Use
 r_Accounts-Using_the_Command_Line">6.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html">6.5. Deleting IPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">6.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html">6.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">6.6.1. Creating IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">6.6.1.1. Using the Command Line</a></
 span></dt></dl></dd><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">6.6.2. Editing IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">6.6.2.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">6.6.3. Deleting IPA Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">6.6.3.1. Using the Command Line</a></span></dt></dl></dd></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html">6.7. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Ide
 ntity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">6.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">6.7.2. Changing Passwords as the IPA Administrator</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">6.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">6.7.4. Editing the Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">6.7.4.1. Using the Comma
 nd Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">6.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">6.7.5.1. Setting the Priority of Password Policies</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">6.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">6.7.7. Notifying Users of Password Expirati
 on</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">6.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">6.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html">6.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">6.8.1. Searching for Users</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">6.8.1.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html#sect-Enterpr
 ise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">6.8.2. Searching for Groups</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">6.8.2.1. Using the Command Line</a></span></dt></dl></dd></dl></dd></dl></div><div class="section" id="home-directories"><div class="titlepage"><div><div><h2 class="title" id="home-directories">6.1. Managing User Home Directories</h2></div></div></div><div class="para">
+			IPA, as part of managing users, can manage user home directories. However, the IPA server has expectations about 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The default prefix for users' home directories is <code class="filename">/home</code>.
+					</div></li><li class="listitem"><div class="para">
+						IPA does not automatically create home directories when users log in.
+					</div><div class="para">
+						To automatically create home directories, you can use the <code class="systemitem module">pam_mkhomedir</code> module. IPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+					</div><div class="para">
+						Pass the <code class="option">--mkhomedir</code> option to the <code class="command">ipa-client-install</code> command to enable the <code class="systemitem">pam_mkhomedir</code> module.
+					</div></li><li class="listitem"><div class="para">
+						It is possible to use an NFS file server that provides <code class="filename">/home</code> that can be made available to all client machines.
+					</div></li><li class="listitem"><div class="para">
+						If a suitable directory and mechanism are not available for the creation of home directories, users may not be able to log in.
+					</div></li></ul></div>
+
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong>5.7. Uninstalling an IPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="adding-users.html"><strong>Next</strong>6.2. Adding Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf b/public_html/en-US/Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf
new file mode 100644
index 0000000..3ea6aa7
Binary files /dev/null and b/public_html/en-US/Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf differ
diff --git a/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub b/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub
new file mode 100644
index 0000000..7575a68
Binary files /dev/null and b/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/common.css b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..e0090e2
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/common.css
@@ -0,0 +1,1504 @@
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+	line-height: 1.29em;
+}
+
+body {
+	background-color: white;
+	margin:0 auto;
+	font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size:12px;
+	max-width:55em;
+	color:black;
+}
+
+body.toc_embeded {
+	/*for web hosting system only*/
+	margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+	/*for web hosting system only*/
+	border-style:none;
+	position:fixed;
+	width:290px;
+	height:99.99%;
+	top:0;
+	left:0;
+	z-index: 100;
+	border-style:none;
+	border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+	margin-left: 3em;
+}
+
+iframe.notoc {
+	border-style:none;
+	border: none;
+	padding: 0em;
+	position:fixed;
+	width: 21px;
+	height: 29px;
+	top: 0px;
+	left:0;
+	overflow: hidden;
+	margin: 0em;
+	margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+	margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+	display:block;
+	width:24em;
+	height:99%;
+	position:fixed;
+	overflow:auto;
+	top:0px;
+	left:0px;
+	padding-left:1em;
+	background-color:#EEEEEE;
+}
+
+.toc {
+	line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+	margin-top:1em;
+}
+
+.toc .part {
+	margin-top:1em;
+	display:block;
+}
+
+span.glossary,
+span.appendix {
+	display:block;
+	margin-top:0.5em;
+}
+
+div {
+	padding-top:0px;
+}
+
+div.section {
+	padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+	padding-top:0px;
+	margin-top:0.3em;
+	padding-bottom:0px;
+	margin-bottom:1em;
+}
+
+/*Links*/
+a {
+	outline: none;
+}
+
+a:link {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#3366cc;
+}
+
+a:visited {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#003366;
+}
+
+div.longdesc-link {
+	float:right;
+	color:#999;
+}
+
+.toc a, .qandaset a {
+	font-weight:normal;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+	color: #336699;
+	margin-top: 0em;
+	margin-bottom: 0em;
+	background-color: transparent;
+}
+
+h1 {
+	font-size:2.0em;
+}
+
+.titlepage h1.title {
+	font-size: 3.0em;
+	padding-top: 1em;
+	text-align:left;
+}
+
+.book > .titlepage h1.title {
+	text-align:center;
+}
+
+.article > .titlepage h1.title {
+	text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+	text-align:center;
+}
+
+.producttitle {
+	margin-top: 0em;
+	margin-bottom: 0em;
+	font-size: 3.0em;
+	font-weight: bold;
+	background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+	color: white;
+	text-align: center;
+	padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+	margin-top: 1em;
+	text-align: center;
+}
+
+.section h1.title {
+	font-size: 1.6em;
+	padding: 0em;
+	color: #336699;
+	text-align: left;
+	background: white;
+}
+
+h2 {
+	font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+.appendix h2 {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+
+
+h3 {
+	font-size:1.3em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+h4 {
+	font-size:1.1em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+
+h5 {
+	font-size:1em;
+}
+
+h6 {
+	font-size:1em;
+}
+
+h5.formalpara {
+	font-size:1em;
+	margin-top:2em;
+	margin-bottom:.8em;
+}
+
+.abstract h6 {
+	margin-top:1em;
+	margin-bottom:.5em;
+	font-size:2em;
+}
+
+/*element rules*/
+hr {
+	border-collapse: collapse;
+	border-style:none;
+	border-top: 1px dotted #ccc;
+	width:100%;
+	margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+	display:inline;
+	padding:0em;
+}
+
+.languages li a {
+	padding:0em .5em;
+	text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+	display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+	color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+	color:black;
+}
+
+ul.languages {
+	display:block;
+	background-color:#eee;
+	padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+	position:relative;
+}
+
+.versions li {
+	width:100%;
+	clear:both;
+	display:block;
+}
+
+a.version {
+	font-size:2em;
+	text-decoration:none;
+	width:100%;
+	display:block;
+	padding:1em 0em .2em 0em;
+	clear:both;
+}
+
+a.version:before {
+	content:"Version";
+	font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+	color:#666;
+}
+
+a.version:focus, a.version:hover {
+	color:black;
+}
+
+.books {
+	display:block;
+	position:relative;
+	clear:both;
+	width:100%;
+}
+
+.books li {
+	display:block;
+	width:200px;
+	float:left;
+	position:relative;
+	clear: none ;
+}
+
+.books .html {
+	width:170px;
+	display:block;
+}
+
+.books .pdf {
+	position:absolute;
+	left:170px;
+	top:0px;
+	font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+	color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+	color:#000;
+}
+
+.books li a {
+	text-decoration:none;
+}
+
+.books li a:hover {
+	color:black;
+}
+
+/*products*/
+.products li {
+	display: block;
+	width:300px;
+	float:left;
+}
+
+.products li a {
+	width:300px;
+	padding:.5em 0em;
+}
+
+.products ul {
+	clear:both;
+}
+
+/*revision history*/
+.revhistory {
+	display:block;
+}
+
+.revhistory table {
+	background-color:transparent;
+	border-color:#fff; 
+	padding:0em;
+	margin: 0;
+	border-collapse:collapse;
+	border-style:none; 
+}
+
+.revhistory td {
+	text-align :left;
+	padding:0em;
+	border: none; 
+	border-top: 1px solid #fff;
+	font-weight: bold;
+}
+
+.revhistory .itemizedlist {
+	font-weight: normal;
+}
+
+.revhistory ul {
+	margin-top: 0;
+	margin-left: 1em;
+}
+
+.revhistory .simplelist td {
+	font-weight: normal;
+}
+
+.revhistory .simplelist {
+	margin-bottom: 0em;
+	margin-left: 1em;
+}
+
+.revhistory table th {
+	display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+	clear:both;
+	text-align: center;
+}
+
+h3.author {
+	margin: 0em;
+	padding: 0em;
+	padding-top: 1em;
+}
+
+.authorgroup h4 {
+	padding: 0em;
+	margin: 0em;
+	padding-top: 1em;
+	margin-top: 1em;
+}
+
+.author, 
+.editor, 
+.translator, 
+.othercredit,
+.contrib {
+	display: block;
+}
+
+.revhistory .author {
+	display: inline;
+}
+
+.othercredit h3 {
+	padding-top: 1em;
+}
+
+
+.othercredit {
+	margin:0em;
+	padding:0em;
+}
+
+.releaseinfo {
+	clear: both;
+}
+
+.copyright {
+	margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+	margin-bottom:1em;
+	border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+	border-bottom:1px dotted #ccc;
+}
+
+.question {
+	font-weight:bold;
+}
+
+.answer .data, .question .data {
+	padding-left: 2.6em;
+}
+
+.answer label, .question label {
+	float:left;
+	font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+	color: #0000ff;
+}
+
+.perl_BaseN {
+	color: #007f00;
+}
+
+.perl_BString {
+	color: #5C3566;
+}
+
+.perl_Char {
+	color: #ff00ff;
+}
+
+.perl_Comment {
+	color: #FF00FF;
+}
+
+
+.perl_DataType {
+	color: #0000ff;
+}
+
+
+.perl_DecVal {
+	color: #00007f;
+}
+
+
+.perl_Error {
+	color: #ff0000;
+}
+
+
+.perl_Float {
+	color: #00007f;
+}
+
+
+.perl_Function {
+	color: #007f00;
+}
+
+
+.perl_IString {
+	color: #5C3566;
+}
+
+
+.perl_Keyword {
+	color: #002F5D;
+}
+
+
+.perl_Operator {
+	color: #ffa500;
+}
+
+
+.perl_Others {
+	color: #b03060;
+}
+
+
+.perl_RegionMarker {
+	color: #96b9ff;
+}
+
+
+.perl_Reserved {
+	color: #9b30ff;
+}
+
+
+.perl_String {
+	color: #5C3566;
+}
+
+
+.perl_Variable {
+	color: #0000ff;
+}
+
+
+.perl_Warning {
+	color: #0000ff;
+}
+
+/*Lists*/
+ul {
+	padding-left:1.6em;
+	list-style-image:url(../images/dot.png);
+	list-style-type: circle;
+}
+
+ul ul {
+	list-style-image:url(../images/dot2.png);
+	list-style-type: circle;
+}
+
+ol {
+	list-style-image:none;
+	list-style-type: decimal;
+}
+
+ol ol {
+	list-style-type: lower-alpha;
+}
+
+ol.arabic {
+	list-style-type: decimal;
+}
+
+ol.loweralpha {
+	list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+	list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+	list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+	list-style-type: upper-roman;
+}
+
+dt {
+	font-weight:bold;
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+dd {
+	margin:0em;
+	margin-left:2em;
+	padding-top:0em;
+	padding-bottom: 1em;
+}
+
+li {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.4em;
+}
+
+li p, li div.para {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+	display:block;
+	margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+	display:inline;
+	margin:0em;
+}
+
+.figure img {
+	display:block;
+	margin:0;
+}
+
+.figure .title {
+	margin:0em;
+	margin-bottom:2em;
+	padding:0px;
+}
+
+/*document modes*/
+.confidential {
+	background-color:#900;
+	color:White;
+	padding:.5em .5em;
+	text-transform:uppercase;
+	text-align:center;
+}
+
+.longdesc-link {
+	display:none;
+}
+
+.longdesc {
+	display:none;
+}
+
+.prompt {
+	padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+	font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight: bold;
+	white-space: nowrap;
+}
+
+.example {
+	background-color: #ffffff;
+	border-left: 3px solid #aaaaaa;
+	padding-top: 1em;
+	padding-bottom: 0.1em;
+}
+
+.example h6 {
+	padding-left: 10px;
+}
+
+.example-contents {
+	padding-left: 10px;
+	background-color: #ffffff;
+}
+
+.example-contents .para {
+/*	 padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput, 
+.option {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+.replaceable {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+	font-weight: inherit;
+}
+
+pre {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	display:block;
+	background-color: #f5f5f5;
+	color: #000000;
+	border: 1px solid #aaaaaa;
+	margin-bottom: 0.3em;
+	padding:.5em 1em;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+	font-size: 0.9em;
+}
+
+pre .replaceable, 
+pre .keycap {
+}
+
+code {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	white-space: nowrap;
+	font-weight:bold;
+}
+
+.parameter code {
+	display: inline;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+	content:url(../images/warning.png);
+	padding-left: 5px;
+}
+
+div.note:before {
+	content:url(../images/note.png);
+	padding-left: 5px;
+}
+
+div.important:before {
+	content:url(../images/important.png);
+	padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+	color: black;
+	margin: 0em;
+	padding: 0em;
+	background: none;
+	background-color: white;
+	margin-bottom: 1em;
+	border-bottom: 1px solid #aaaaaa;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+	margin: 0em;
+	padding: 0em;
+	color: #eeeeec;
+	padding-top: 0px;
+	padding-bottom: 0px;
+	height: 1.4em;
+	line-height: 1.4em;
+	font-size: 1.4em;
+	display:inline;
+}
+
+div.admonition_header {
+	clear: both;
+	margin: 0em;
+	padding: 0em;
+	margin-top: -3.3em;
+	padding-left: 58px;
+	line-height: 1.0em;
+	font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+	background: url(../images/red.png) top left repeat-x;
+	background-color: #590000;
+}
+
+div.note div.admonition_header {
+	background: url(../images/green.png) top right repeat-x;
+	background-color: #597800;
+}
+
+div.important div.admonition_header {
+	background: url(../images/yellow.png) top right repeat-x;
+	background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+	padding: 0em;
+	margin: 0em;
+}
+
+div.admonition {
+	border: none;
+	border-left: 1px solid #aaaaaa;
+	border-right: 1px solid #aaaaaa;
+	padding:0em;
+	margin:0em;
+	padding-top: 1.5em;
+	padding-bottom: 1em;
+	padding-left: 2em;
+	padding-right: 1em;
+	background-color: #eeeeec;
+	-moz-border-radius: 0px;
+	-webkit-border-radius: 0px;
+	border-radius: 0px;
+}
+
+/*Page Title*/
+#title  {
+	display:block;
+	height:45px;
+	padding-bottom:1em;
+	margin:0em;
+}
+
+#title a.left{
+	display:inline;
+	border:none;
+}
+
+#title a.left img{
+	border:none;
+	float:left;
+	margin:0em;
+	margin-top:.7em;
+}
+
+#title a.right {
+	padding-bottom:1em;
+}
+
+#title a.right img {
+	border:none;
+	float:right;
+	margin:0em;
+	margin-top:.7em;
+}
+
+/*Table*/
+table {
+	border:1px solid #6c614b;
+	width:100%;
+	border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+	border-style: none;
+}
+
+table th {
+	text-align:left;
+	background-color:#6699cc;
+	padding:.3em .5em;
+	color:white;
+}
+
+table td {
+	padding:.15em .5em;
+}
+
+table tr.even td {
+	background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table  li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table  li div.para:first-child {
+	margin-top:0em;
+	padding-top:0em;
+	display:inline;
+}
+
+th, td {
+	border-style:none;
+	vertical-align: top;
+	border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+	border: none;
+}
+
+table table td {
+	border-bottom:1px dotted #aaa;
+	background-color:white;
+	padding:.6em 0em;
+}
+
+table table {
+	border:1px solid white;
+}
+
+td.remarkval {
+	color:#444;
+}
+
+td.fieldval {
+	font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+	color:white;
+	font-weight:bold;
+	background-color:#999;
+	width:120px;
+}
+
+td.remarkval {
+	width:230px;
+}
+
+td.tname {
+	font-weight:bold;
+}
+
+th.dbfield {
+	width:120px;
+}
+
+th.dbtype {
+	width:70px;
+}
+
+th.dbdefault {
+	width:70px;
+}
+
+th.dbnul {
+	width:70px;
+}
+
+th.dbkey {
+	width:70px;
+}
+
+span.book {
+	margin-top:4em;
+	display:block;
+}
+
+span.chapter {
+	display:block;
+	margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+	border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+	content:" ";
+}
+
+#breadcrumbs {
+	color:#900;
+	padding:3px;
+	margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+	margin-left:0;
+	padding-left:0;
+	display:inline;
+	border:none;
+}
+
+#breadcrumbs ul li {
+	margin-left:0;
+	padding-left:2px;
+	border:none;
+	list-style:none;
+	display:inline;
+}
+
+#breadcrumbs ul li:before {
+	content:"\0020 \0020 \0020 \00BB \0020";
+	color:#333;
+}
+
+/*index*/
+.glossary h3, 
+.index h3 {
+	font-size: 2em;
+	color:#aaa;
+	margin:0em;
+}
+
+.indexdiv {
+	margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+	color:#444;
+	padding-top:.5em;
+}
+
+.glossary dl dl dt, 
+.index dl dl dt {
+	color:#777;
+	font-weight:normal;
+	padding-top:0em;
+}
+
+.index dl dl dt:before {
+	content:"- ";
+	color:#ccc;
+}
+
+/*changes*/
+.footnote {
+	font-size: .7em;
+	margin:0em;
+	color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+	color:#999;
+	margin:0em;
+	padding:0em;
+	line-height: .4em;
+	font-size: 1em;
+	padding-left:0em;
+}
+
+.footnote {
+	position:relative;
+}
+
+.footnote sup  {
+	color:#e3dcc0;
+	position:absolute;
+	left: .4em;
+}
+
+.footnote sup a:link, 
+.footnote sup a:visited {
+	color:#92917d;
+	text-decoration:none;
+}
+
+.footnote:hover sup a {
+	text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+	padding-left:2em;
+}
+
+.footnote a:link, 
+.footnote a:visited {
+	color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+	margin-top:3em;
+}
+
+div.section {
+	margin-top:1em;
+}
+
+div.note .replaceable, 
+div.important .replaceable, 
+div.warning .replaceable, 
+div.note .keycap, 
+div.important .keycap, 
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+	border:none;
+	text-decoration:none;
+	font-weight:normal;
+}
+
+.docnav {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	position:relative;
+	width:100%;
+	padding-bottom:2em;
+	padding-top:1em;
+	border-top:1px dotted #ccc;
+}
+
+.docnav li {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	display:inline;
+	font-size:.8em;
+}
+
+.docnav li:before {
+	content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+	position:absolute;
+	top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+	margin:0em 1.5em;
+}
+
+.docnav li.previous {
+	left:0px;
+	text-align:left;
+}
+
+.docnav li.next {
+	right:0px;
+	text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+	height:22px;
+	display:block;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+.docnav li.next a strong {
+	background:  url(../images/stock-go-forward.png) top right no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-right:28px;
+	font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+	background: url(../images/stock-go-back.png) top left no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-left:28px;
+	padding-right:0.5em;
+	font-size:1.2em;
+}
+
+.docnav li.home a strong {
+	background: url(../images/stock-home.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav li.up a strong {
+	background: url(../images/stock-go-up.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+	color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+	color:black;
+}
+
+.docnav a {
+	max-width: 10em;
+	overflow:hidden;
+}
+
+.docnav a:link strong {
+	text-decoration:none;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+ul.docnav {
+	margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.reports li{
+	margin:0em;
+	padding:0em;
+}
+
+.reports li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.reports dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.reports div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+	max-width:57em ;
+	padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+	display:block;
+	float:left;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	height:1em;
+}
+
+div.progress span {
+	height:1em;
+	float:left;
+}
+
+div.progress span.translated {
+	background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+	background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.results li{
+	margin:0em;
+	padding:0em;
+}
+
+.results li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.results dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.results dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.results dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.results h2, .results h3 {
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.results div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+	-moz-border-radius:11px;
+	-webkit-border-radius:11px;
+	border-radius: 11px;
+}
+
+.example {
+	-moz-border-radius:0px;
+	-webkit-border-radius:0px;
+	border-radius: 0px;
+}
+
+.package, .citetitle {
+	font-style: italic;
+}
+
+.titlepage .edition {
+	color: #336699;
+	background-color: transparent;
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	font-weight: bold;
+	text-align: center;
+}
+
+span.remark {
+	background-color: #ff00ff;
+}
+
+.draft {
+	background-image: url(../images/watermark-draft.png);
+	background-repeat: repeat-y;
+        background-position: center;
+}
+
+.foreignphrase {
+	font-style: inherit;
+}
+
+dt {
+	clear:both;
+}
+
+dt img {
+	border-style: none;
+	max-width: 112px;
+}
+
+dt object {
+	max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+	display: inline;
+	float: left;
+	margin-bottom: 1em;
+	padding-right: 1em;
+	width: 112px;
+}
+
+dl:after {
+	display: block;
+	clear: both;
+	content: "";
+}
+
+.toc dd {
+	padding-bottom: 0em;
+	margin-bottom: 1em;
+	padding-left: 1.3em;
+	margin-left: 0em;
+}
+
+div.toc > dl > dt {
+	padding-bottom: 0em;
+	margin-bottom: 0em;
+	margin-top: 1em;
+}
+
+
+.strikethrough {
+	text-decoration: line-through;
+}
+
+.underline {
+	text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+	padding: 0em;
+	margin: 0em;
+	width: 12pt;
+	display: inline;
+	vertical-align: middle;
+}
+
+.stepalternatives {
+	list-style-image: none;
+	list-style-type: none;
+}
+
+
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/default.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/default.css
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/lang.css b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/overrides.css b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/overrides.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/overrides.css
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/overrides.css
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/print.css
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/css/print.css
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/1.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/1.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/1.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/1.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/10.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/10.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/10.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/10.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/11.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/11.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/11.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/11.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/12.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/12.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/12.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/12.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/13.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/13.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/13.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/13.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/14.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/14.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/14.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/14.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/15.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/15.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/15.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/15.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/16.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/16.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/16.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/16.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/17.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/17.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/17.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/17.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/18.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/18.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/18.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/18.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/19.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/19.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/19.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/19.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/2.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/2.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/2.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/2.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/20.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/20.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/20.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/20.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/21.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/21.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/21.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/21.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/22.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/22.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/22.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/22.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/23.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/23.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/23.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/23.svg
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/24.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..863ce3b
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/24.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/24.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..27e1d39
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/25.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..cc23b9b
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/25.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/25.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..114e1a2
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/26.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..583fe34
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/26.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/26.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..e9b5d23
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/27.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..d1c3dfa
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/27.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/27.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..4a80177
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/28.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..f5db747
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/28.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/28.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..d453f29
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/29.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..9a3141e
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/29.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/29.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..04b5c50
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/3.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/3.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/3.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/3.svg
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/30.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..9d3db24
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/30.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/30.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..5cdcf65
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/31.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..9e2675d
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/31.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/31.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..f0fdb29
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/32.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..20f1bb2
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/32.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/32.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..9382928
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/33.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..01407e6
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/33.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/33.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..f46815f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/34.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..ba44352
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/34.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/34.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..7bbdf5b
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/35.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..21d4575
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/35.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/35.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..8e19553
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/36.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..b5402b5
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/36.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/36.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..d364dbf
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/37.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..9fd99d2
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/37.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/37.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..771fa4d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/38.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..3ce6027
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/38.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/38.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..487e0ef
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/39.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..d689450
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/39.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/39.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..cea69f7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/4.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/4.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/4.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/4.svg
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/40.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..0d3532e
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/40.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/40.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..bb4e1d7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/5.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/5.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/5.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/5.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/6.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/6.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/6.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/6.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/7.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/7.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/7.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/7.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/8.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/8.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/8.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/8.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/9.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/9.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/9.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/9.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/bkgrnd_greydots.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/bkgrnd_greydots.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/bullet_arrowblue.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/bullet_arrowblue.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/documentation.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/documentation.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/documentation.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/documentation.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/dot.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/dot.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/dot2.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/dot2.png
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/green.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/green.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/h1-bg.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/h1-bg.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/h1-bg.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/h1-bg.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_left.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/image_left.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_left.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/image_left.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_right.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/image_right.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_right.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/image_right.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/important.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/important.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/important.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/important.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/logo.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/logo.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/logo.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/logo.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/note.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/note.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/note.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/note.svg
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/red.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/red.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/redhat-logo.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/redhat-logo.svg
new file mode 100644
index 0000000..1001776
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/redhat-logo.svg
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="140"
+   id="svg2812"
+   sodipodi:version="0.32"
+   inkscape:version="0.45+devel"
+   version="1.0"
+   sodipodi:docname="redhat-logo.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     inkscape:document-units="mm"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="174.26394"
+     inkscape:cy="40.358463"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="722"
+     inkscape:window-height="523"
+     inkscape:window-x="71"
+     inkscape:window-y="636"
+     width="300px"
+     height="140px" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-13.714282,-252.57246)">
+    <g
+       transform="matrix(2.1166666,0,0,2.1166666,-32.193429,187.76029)"
+       id="shadowman">
+      <path
+         d="M 55.68466,68.503937 C 55.68466,79.688581 46.617715,88.755526 35.433071,88.755526 C 24.248427,88.755526 15.181482,79.688581 15.181482,68.503937 C 15.181482,57.319293 24.248427,48.252348 35.433071,48.252348 C 46.617715,48.252348 55.68466,57.319293 55.68466,68.503937 z"
+         transform="matrix(1.10693,0,0,1.10693,5.005761,-12.00975)"
+         style="fill:#ffffff"
+         id="path4548" />
+      <path
+         d="M 147.81332,72.126073 C 147.81332,73.329962 147.86057,74.57586 148.03519,75.740362 L 146.64882,75.740362 L 146.42826,73.559712 L 146.35605,73.559712 C 145.61822,74.733404 143.92333,76.086957 141.50635,76.086957 C 138.4461,76.086957 137.02164,73.933874 137.02164,71.904202 C 137.02164,68.394942 140.11998,66.27862 146.30878,66.34295 L 146.30878,65.937278 C 146.30878,64.432747 146.01471,61.431561 142.41879,61.45388 C 141.08756,61.45388 139.70118,61.810976 138.5997,62.588186 L 138.1205,61.494579 C 139.51083,60.551948 141.20703,60.180411 142.58291,60.180411 C 146.97178,60.180411 147.81201,63.475677 147.81201,66.194597 L 147.81201,72.126073 L 147.81332,72.126073 z M 146.30878,67.609855 C 142.99645,67.514016 138.62333,68.015527 138.62333,71.667888 C 138.62333,73.853791 140.06616,74.835806 141.65077,74.835806 C 144.1859,74.835806 145.62742,73.266945 146.15124,71.786044 C 146.26152,71.460456 146.3101,71.134869 146.3101,70.874924 L 146.3101,67.609855 L 146.30878,67.609855 z
  M 153.80387,57.175286 L 153.80387,60.527004 L 158.13891,60.527004 L 158.13891,61.747959 L 153.80387,61.747959 L 153.80387,71.635066 C 153.80387,73.568902 154.40385,74.780665 156.03835,74.780665 C 156.82343,74.780665 157.37877,74.676951 157.76606,74.541727 L 157.94856,75.707542 C 157.45754,75.912347 156.76567,76.072514 155.84798,76.072514 C 154.73862,76.072514 153.81831,75.723296 153.22358,74.994662 C 152.53566,74.195133 152.29934,72.917726 152.29934,71.365932 L 152.29934,61.746646 L 149.7314,61.746646 L 149.7314,60.525692 L 152.29934,60.525692 L 152.29934,57.729312 L 153.80387,57.175286 z M 129.02767,60.179099 C 127.87105,60.179099 126.8339,60.512563 125.96348,61.052146 C 125.05891,61.581226 124.3224,62.399135 123.88522,63.247239 L 123.8222,63.247239 L 123.8222,55.719331 L 122.31767,55.309721 L 122.31767,75.740362 L 123.8222,75.740362 L 123.8222,66.437475 C 123.8222,65.819121 123.86947,65.39113 124.02832,64.938196 C 124.67818,63.046372 126.45974,61.493265 128.61545,61.49326
 5 C 131.72953,61.493265 132.80739,63.990315 132.80739,66.730242 L 132.80739,75.73905 L 134.31191,75.73905 L 134.31191,66.564822 C 134.31191,60.899855 130.4692,60.179099 129.02767,60.179099 z"
+         id="path620" />
+      <path
+         d="M 78.208384,65.270348 C 78.208384,63.205228 78.16506,61.686255 78.08235,60.311696 L 81.460325,60.311696 L 81.604739,63.240675 L 81.713705,63.240675 C 82.473849,61.069213 84.273772,59.961164 85.938472,59.961164 C 86.319199,59.961164 86.541071,59.976918 86.853532,60.045187 L 86.853532,63.719867 C 86.488557,63.648972 86.147215,63.609587 85.677213,63.609587 C 83.819525,63.609587 82.528988,64.792469 82.181081,66.560884 C 82.115438,66.904852 82.079992,67.318401 82.079992,67.738514 L 82.079992,75.73905 L 78.176875,75.73905 L 78.208384,65.270348 z M 91.56274,69.076313 C 91.666455,71.871381 93.83004,73.093647 96.328402,73.093647 C 98.123074,73.093647 99.405732,72.814009 100.58599,72.379455 L 101.16365,75.064243 C 99.842914,75.623519 98.010169,76.042319 95.771752,76.042319 C 90.763211,76.042319 87.82767,72.949234 87.82767,68.220332 C 87.82767,63.961432 90.411366,59.933594 95.372644,59.933594 C 100.38906,59.933594 102.02225,64.059896 102.02225,67.436558 C 102.02225,68.16256
 6 101.95792,68.744161 101.88309,69.103883 L 91.56274,69.076313 z M 98.348885,66.358704 C 98.365952,64.929006 97.743659,62.59869 95.129766,62.59869 C 92.728556,62.59869 91.730785,64.778027 91.554863,66.358704 L 98.348885,66.358704 z M 118.82942,54.363153 L 114.93024,53.307617 L 114.93024,61.97377 L 114.8659,61.97377 C 114.17665,60.834212 112.65375,59.962477 110.54268,59.962477 C 106.83386,59.962477 103.60162,63.033244 103.62656,68.201952 C 103.62656,72.945296 106.54372,76.086957 110.22759,76.086957 C 112.45288,76.086957 114.31582,75.024857 115.23745,73.297141 L 115.30703,73.297141 L 115.48164,75.73905 L 118.95675,75.73905 C 118.88586,74.690078 118.82809,72.991246 118.82809,71.411881 L 118.82809,54.363153 L 118.82942,54.363153 z M 114.92893,69.050056 C 114.92893,69.459667 114.90136,69.840395 114.81077,70.189614 C 114.41823,71.877945 113.0371,72.966301 111.44198,72.966301 C 108.98563,72.966301 107.57957,70.894617 107.57957,68.060164 C 107.57957,65.198141 108.97382,62.983355 111
 .48662,62.983355 C 113.2406,62.983355 114.49568,64.220064 114.84228,65.72197 C 114.90922,66.038368 114.92893,66.428286 114.92893,66.738119 L 114.92893,69.050056 L 114.92893,69.050056 z"
+         id="path616" />
+      <path
+         d="M 161.80517,73.528501 C 160.90479,73.528501 160.18937,74.243893 160.18939,75.144292 C 160.18939,76.044668 160.90478,76.760094 161.80517,76.760081 C 162.70554,76.760081 163.42095,76.041202 163.42097,75.144292 C 163.42097,74.24046 162.70554,73.528501 161.80517,73.528501 z M 161.80517,73.803529 C 162.54687,73.803529 163.14594,74.402585 163.14593,75.144292 C 163.14593,75.882533 162.54342,76.485053 161.80517,76.485053 C 161.06348,76.485053 160.46441,75.882523 160.46441,75.144292 C 160.46441,74.402596 161.06346,73.80354 161.80517,73.803529 z M 161.25512,74.319207 L 161.25512,75.969376 L 161.49577,75.969376 L 161.49577,75.247426 L 161.80517,75.247426 L 162.2521,75.969376 L 162.52712,75.969376 L 162.04582,75.247426 C 162.29078,75.216382 162.49274,75.06625 162.49274,74.766128 C 162.49273,74.438393 162.30159,74.319207 161.90832,74.319207 L 161.25512,74.319207 z M 161.49577,74.525479 L 161.83955,74.525479 C 162.0155,74.525467 162.21771,74.562596 162.21771,74.766128 C 162.21
 773,75.02142 162.01906,75.041156 161.80517,75.041156 L 161.49577,75.041156 L 161.49577,74.525479 z"
+         id="path650" />
+      <path
+         d="M 63.115808,76.090895 C 60.810796,75.504093 58.522203,75.797079 56.285026,76.486064 C 56.010655,76.526189 56.159301,76.830359 56.114355,76.953441 C 56.240389,77.319727 56.032958,77.717522 54.998429,77.944646 C 53.465014,78.282048 52.496128,79.864039 51.942103,80.389181 C 51.290927,81.007536 49.45293,81.388262 49.729943,81.01935 C 49.946565,80.730522 50.773662,79.83253 51.276485,78.861018 C 51.726795,77.99322 52.127215,77.746405 52.678614,76.919305 C 52.841408,76.676428 53.46764,75.824385 53.650127,75.149578 C 53.854932,74.490525 53.786663,73.663427 53.865435,73.323398 C 53.97834,72.83239 54.440465,71.767665 54.477226,71.166377 C 54.496918,70.825035 53.056716,71.650821 52.372719,71.650821 C 51.688722,71.650821 51.024417,71.242523 50.412627,71.21364 C 49.657736,71.17688 49.17198,71.795235 48.489295,71.68758 C 48.098065,71.625877 47.769852,71.281909 47.087167,71.255652 C 46.115654,71.220205 44.928834,71.795235 42.698294,71.724341 C 40.507139,71.653447 38.480092,68.9
 52905 38.204394,68.523601 C 37.880118,68.019465 37.484949,68.019465 37.054333,68.414634 C 36.622404,68.809804 36.090697,68.498657 35.939718,68.234773 C 35.652203,67.73195 34.882871,66.258927 33.692111,65.951719 C 32.044479,65.523729 31.210817,66.864153 31.31847,67.928878 C 31.427438,69.010669 32.127189,69.31394 32.451465,69.887656 C 32.77574,70.462687 32.94116,70.834225 33.54901,71.088919 C 33.980939,71.267467 34.142421,71.53529 34.013762,71.888448 C 33.900856,72.198281 33.451859,72.269175 33.156467,72.282304 C 31.933813,72.291845 31.468231,71.67907 30.76576,70.807968 C 30.388969,70.188301 29.79556,69.919166 29.103685,69.919166 C 28.774159,69.919166 28.465638,70.005814 28.191252,70.147603 C 27.106833,70.710817 25.817611,71.045595 24.429922,71.045595 L 22.863688,71.045595 C 22.102232,68.784859 21.688683,66.365268 21.688683,63.847213 C 21.688683,51.409229 31.770093,41.32782 44.208077,41.32782 C 56.646061,41.32782 66.72747,51.410542 66.72747,63.847213 C 66.730097,68.36212 65.40
 1488,72.565881 63.115808,76.090895 z M 49.170707,74.025807 C 49.286239,74.138712 49.485793,74.518127 49.241602,75.001258 C 49.105065,75.257265 48.956712,75.437126 48.694141,75.647183 C 48.37643,75.900564 47.758075,76.194643 46.908658,75.65506 C 46.451785,75.364919 46.424215,75.267768 45.794044,75.349165 C 45.343735,75.408243 45.163874,74.953995 45.326668,74.575893 C 45.488149,74.199104 46.152454,73.893208 46.980865,74.378965 C 47.353716,74.598211 47.932685,75.059024 48.44076,74.649413 C 48.65213,74.481367 48.778164,74.368462 49.069618,74.031058 C 49.082746,74.015304 49.101126,74.007427 49.122132,74.007427 C 49.140512,74.007427 49.157579,74.013991 49.170707,74.025807 z"
+         id="path632" />
+      <path
+         d="M 63.115853,76.089615 C 65.401534,72.564599 66.72883,68.36215 66.72883,63.849868 C 66.72883,51.411879 56.647417,41.330466 44.209428,41.330466 C 31.77144,41.330466 21.690027,51.413192 21.690027,63.849868 C 21.690027,66.367923 22.103576,68.787515 22.865032,71.046939 C 25.868844,79.95466 34.290809,86.367957 44.209428,86.367957 C 52.133821,86.367957 59.101143,82.275788 63.115853,76.089615 z"
+         style="fill:none"
+         id="path646" />
+      <path
+         d="M 56.917822,57.857972 C 56.694636,58.606299 56.378238,59.562056 54.970858,60.285439 C 54.766053,60.390468 54.687282,60.218483 54.781807,60.057003 C 55.313513,59.151133 55.409352,58.925322 55.562956,58.568226 C 55.779577,58.047022 55.892482,57.303946 55.463179,55.754779 C 54.615075,52.707643 52.849285,48.633855 51.564001,47.31181 C 50.32598,46.037029 48.079686,45.677306 46.050011,46.19851 C 45.302998,46.390186 43.839164,47.151642 41.126807,46.539852 C 36.433353,45.483004 35.738853,47.833013 35.468405,48.857041 C 35.197956,49.881066 34.552032,52.791666 34.552032,52.791666 C 34.33541,53.977174 34.05446,56.038354 41.342116,57.426043 C 44.737158,58.071966 44.910455,58.950266 45.060119,59.58175 C 45.329254,60.712117 45.761183,61.360667 46.245627,61.682316 C 46.731383,62.006591 46.245627,62.274414 45.707356,62.329554 C 44.260592,62.480532 38.917273,60.947118 35.754607,59.151133 C 33.168283,57.570457 33.124958,56.147322 33.717056,54.939495 C 29.808689,54.516756 26.877084
 ,55.304469 26.345378,57.155594 C 25.431631,60.330077 33.324513,65.752165 42.311003,68.473712 C 51.741236,71.329172 61.440606,69.336258 62.519772,63.40872 C 63.012093,60.71343 60.74348,58.721829 56.917822,57.857972 z M 42.458041,52.053841 C 39.857276,52.241579 39.586829,52.52253 39.099759,53.041108 C 38.411824,53.772368 37.507268,52.090601 37.507268,52.090601 C 36.965059,51.976382 36.306006,51.100708 36.661789,50.2828 C 37.012321,49.474082 37.658246,49.71696 37.860425,49.969029 C 38.107242,50.274923 38.633697,50.777747 39.315068,50.759366 C 39.997753,50.7423 40.785465,50.597886 41.884324,50.597886 C 42.998938,50.597886 43.745953,51.014061 43.789276,51.371156 C 43.823411,51.675739 43.698689,51.964567 42.458041,52.053841 z M 45.191406,47.754243 C 45.187466,47.754243 45.183528,47.755556 45.179589,47.755556 C 45.138891,47.755556 45.107383,47.72536 45.107383,47.687287 C 45.107383,47.659717 45.123137,47.636085 45.14808,47.625583 C 45.652218,47.359073 46.404482,47.147704 47.265715,4
 7.059743 C 47.524347,47.032172 47.776416,47.019045 48.019294,47.016418 C 48.062617,47.016418 48.103316,47.016418 48.147954,47.017731 C 49.592094,47.04924 50.746092,47.622957 50.729025,48.299078 C 50.711958,48.973884 49.527763,49.495088 48.084936,49.46358 C 47.617561,49.453076 47.179067,49.384807 46.800965,49.275842 C 46.756328,49.264025 46.723506,49.225952 46.723506,49.181315 C 46.723506,49.135365 46.756328,49.097292 46.802278,49.08679 C 47.702895,48.878046 48.310747,48.538016 48.268737,48.215055 C 48.212283,47.788376 47.03334,47.557315 45.637776,47.696476 C 45.484171,47.713544 45.334507,47.733237 45.191406,47.754243 z"
+         style="fill:#cc0000"
+         id="path648" />
+      <use
+         transform="translate(-94.61853,1.913321)"
+         id="use4312"
+         x="0"
+         y="0"
+         width="744.09448"
+         height="1052.3622"
+         xlink:href="#path650" />
+    </g>
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/rhlogo.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/rhlogo.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/rhlogo.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/shade.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/shade.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/shine.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/shine.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-back.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-go-back.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-back.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-go-back.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-forward.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-go-forward.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-forward.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-go-forward.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-up.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-go-up.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-up.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-go-up.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-home.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-home.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-home.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/stock-home.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/title_logo.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/title_logo.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/title_logo.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/title_logo.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/warning.png
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.png
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/warning.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/warning.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/warning.svg
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/watermark-draft.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..e3a9852
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/yellow.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/ASCII_Cert_Export.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/ASCII_Cert_Export.png
new file mode 100644
index 0000000..6f6b16c
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/ASCII_Cert_Export.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/Accept_CA_No_Exception.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/Accept_CA_No_Exception.png
new file mode 100644
index 0000000..63758d3
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/Accept_CA_No_Exception.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_Migration_Final_State.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_Migration_Final_State.png
new file mode 100755
index 0000000..fe8b961
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_Migration_Final_State.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_Migration_Initial_State.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_Migration_Initial_State.png
new file mode 100644
index 0000000..c0aaaf3
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_Migration_Initial_State.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_arch.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_arch.png
new file mode 100644
index 0000000..7fc4bc1
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/IPA_arch.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/Select_User_WebUI.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/Select_User_WebUI.png
new file mode 100644
index 0000000..101c9c9
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/Select_User_WebUI.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/add_user.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/add_user.png
new file mode 100644
index 0000000..e7bda97
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/add_user.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/finalstate.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/finalstate.svg
new file mode 100755
index 0000000..85be850
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/finalstate.svg
@@ -0,0 +1,3241 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="444"
+   height="471.94431"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.48.0 r9654"
+   sodipodi:docname="finalstate.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape"
+   version="1.0"
+   inkscape:export-filename="C:\Users\elladeon\Desktop\finalstate.png"
+   inkscape:export-xdpi="90"
+   inkscape:export-ydpi="90">
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="124.79082"
+     inkscape:cy="133.55533"
+     inkscape:document-units="px"
+     inkscape:current-layer="g51234"
+     showgrid="false"
+     inkscape:window-width="1274"
+     inkscape:window-height="996"
+     inkscape:window-x="-39"
+     inkscape:window-y="80"
+     inkscape:window-maximized="0"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     showguides="false"
+     inkscape:guide-bbox="true">
+    <sodipodi:guide
+       id="guide6372"
+       position="301,506"
+       orientation="1,0" />
+  </sodipodi:namedview>
+  <defs
+     id="defs4">
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3987"
+       id="radialGradient51340"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.886887,0,0,1.602074,-235.025,-437.5826)"
+       cx="265"
+       cy="789.56696"
+       fx="265"
+       fy="789.56696"
+       r="265" />
+    <linearGradient
+       id="linearGradient3987">
+      <stop
+         id="stop3989"
+         offset="0"
+         style="stop-color:#e3dcc0;stop-opacity:0;" />
+      <stop
+         id="stop3991"
+         offset="1"
+         style="stop-color:#e3dcc0;stop-opacity:1;" />
+    </linearGradient>
+    <pattern
+       patternTransform="matrix(0.375,0,0,0.375,379,437.7952)"
+       id="pattern4015"
+       xlink:href="#white-spots"
+       inkscape:collect="always" />
+    <pattern
+       patternTransform="matrix(0.593284,0,0,0.6723114,298.46193,1419.2297)"
+       id="pattern4062"
+       xlink:href="#pattern4015"
+       inkscape:collect="always" />
+    <pattern
+       patternUnits="userSpaceOnUse"
+       width="32"
+       height="32"
+       id="white-spots"
+       patternTransform="matrix(0.375,0,0,0.375,71.51384,20.36167)">
+      <g
+         inkscape:label="#g3035"
+         id="white-spot"
+         transform="translate(-484.3997,-513.505)">
+        <path
+           sodipodi:nodetypes="czzzz"
+           d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+           id="path3033"
+           style="opacity:0.25;fill:white" />
+      </g>
+    </pattern>
+    <mask
+       id="mask4631">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-1) #000000;fill-opacity:1"
+         id="path4633" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1"
+       xlink:href="#linearGradient4584-7"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4" />
+    </linearGradient>
+    <mask
+       id="mask4631-7">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-8) #000000;fill-opacity:1"
+         id="path4633-8" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8"
+       xlink:href="#linearGradient4584-70"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-70">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0" />
+    </linearGradient>
+    <pattern
+       inkscape:collect="always"
+       xlink:href="#pattern4062"
+       id="pattern51338"
+       patternTransform="matrix(0.44763582,0,0,0.35756317,1367.612,792.51535)" />
+    <mask
+       id="mask7729">
+      <rect
+         style="fill:url(#linearGradient7733) #000000;fill-opacity:1"
+         id="rect7731"
+         y="71.481766"
+         x="483.75613"
+         height="123.26292"
+         width="103.35121" />
+    </mask>
+    <linearGradient
+       gradientTransform="matrix(0.948176,0,0,0.948176,560.558,-440.533)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient7584"
+       id="linearGradient7733"
+       y2="595.06226"
+       x2="20.999998"
+       y1="539.95715"
+       x1="20.999998" />
+    <linearGradient
+       id="linearGradient7584">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7586" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7588" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.4388067"
+       y="-0.21940336"
+       width="1.2520971"
+       x="-0.12604854"
+       id="filter9847">
+      <feGaussianBlur
+         id="feGaussianBlur9849"
+         stdDeviation="1.7113675"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5805">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5807" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5809" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.3127669"
+       y="-0.15638345"
+       width="1.1948662"
+       x="-0.09743309"
+       id="filter5917">
+      <feGaussianBlur
+         id="feGaussianBlur5919"
+         stdDeviation="0.60257196"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.233731"
+       y="-0.11686549"
+       width="1.2466146"
+       x="-0.12330729"
+       id="filter9827">
+      <feGaussianBlur
+         id="feGaussianBlur9829"
+         stdDeviation="13.567379"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient8317-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop8319-5" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8321-8" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5557">
+      <stop
+         offset="0"
+         style="stop-color: rgb(0, 147, 217); stop-opacity: 1;"
+         id="stop5559" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5561" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5541">
+      <stop
+         offset="0"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5543" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 0;"
+         id="stop5545" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10494">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0.754902;"
+         id="stop10496" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop10498" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10668">
+      <feGaussianBlur
+         id="feGaussianBlur10670"
+         stdDeviation="0.40041338"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5797">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5799" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5801" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8391">
+      <feGaussianBlur
+         id="feGaussianBlur8393"
+         stdDeviation="0.23516584"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5813">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5815" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(238, 238, 238); stop-opacity: 1;"
+         id="stop5817" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5931">
+      <stop
+         offset="0"
+         style="stop-color: rgb(162, 162, 162); stop-opacity: 1;"
+         id="stop5933" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5935" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter7106">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="0.51373373"
+         id="feGaussianBlur7108" />
+    </filter>
+    <linearGradient
+       id="linearGradient7359-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7361-9" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7363-3" />
+    </linearGradient>
+    <mask
+       id="mask7570-2">
+      <rect
+         style="fill:url(#linearGradient7574-6) #000000;fill-opacity:1"
+         id="rect7572-2"
+         y="60.362179"
+         x="536"
+         height="111"
+         width="86" />
+    </mask>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3"
+       id="linearGradient7574-6"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <linearGradient
+       id="linearGradient8481-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7576-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(137, 137, 137); stop-opacity: 1;"
+         id="stop7578-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7580-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5573-77">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5575-4" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5577-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5565-0">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5567-1" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5569-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5677-53">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5679-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5681-1" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8351-5">
+      <feGaussianBlur
+         id="feGaussianBlur8353-2"
+         stdDeviation="0.21855907"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5669-6">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5671-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5673-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.0124482"
+       y="-0.0062240968"
+       width="1.3332899"
+       x="-0.16664496"
+       id="filter8323-5">
+      <feGaussianBlur
+         id="feGaussianBlur8325-5"
+         stdDeviation="0.15442502"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10486-9">
+      <feGaussianBlur
+         id="feGaussianBlur10488-0"
+         stdDeviation="0.36649474"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient10566-93">
+      <stop
+         offset="0"
+         style="stop-color: rgb(102, 102, 102); stop-opacity: 1;"
+         id="stop10568-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop10570-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5685-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5687-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5689-7" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6414-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop6416-21" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop6418-9" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6398-9">
+      <stop
+         offset="0"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 1;"
+         id="stop6400-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop6402-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6478-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop6480-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(211, 215, 207); stop-opacity: 0;"
+         id="stop6482-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7808-7">
+      <stop
+         offset="0"
+         style="stop-color: rgb(171, 171, 171); stop-opacity: 1;"
+         id="stop7810-7" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7812-0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10554-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(168, 168, 168); stop-opacity: 1;"
+         id="stop10556-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop10558-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10534-4">
+      <feGaussianBlur
+         id="feGaussianBlur10536-7"
+         stdDeviation="0.50670758"
+         inkscape:collect="always" />
+    </filter>
+    <mask
+       id="mask4631-8">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 z"
+         style="fill:url(#linearGradient4635) #000000;fill-opacity:1"
+         id="path4633-3" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635"
+       xlink:href="#linearGradient4584"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588" />
+    </linearGradient>
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4708"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4710"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4712"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4714"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4716"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4718"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4720"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4722"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4724"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4726"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4728"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4730"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4732"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4734"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4736"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4738"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4740"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4742"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4744"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5142"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5144"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5146"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5148"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5150"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5152"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5154"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5156"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5158"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5160"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5162"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5164"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5166"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5168"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5170"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5172"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5174"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5176"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5178"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5370"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5372"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5374"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5376"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5378"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5380"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5382"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5384"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5386"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5388"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5390"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5392"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5394"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5396"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5398"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5400"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5402"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5404"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5406"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5451"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5453"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5455"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5457"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5459"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5461"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5463"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5465"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5467"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5469"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5471"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5473"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5475"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5477"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5479"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5481"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5483"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5485"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5487"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       id="linearGradient4584-70-8-6">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3-8-9" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0-3-2" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8-1-4"
+       xlink:href="#linearGradient4584-70-8-6"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7-8-5">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0-9-4" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4-6-0" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1-4-2"
+       xlink:href="#linearGradient4584-7-8-5"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient8481-3-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3-7" />
+    </linearGradient>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3-1"
+       id="linearGradient7574-6-7"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <marker
+       style="overflow:visible"
+       id="TriangleInSQ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSQ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9776" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS7"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS7">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9779" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSg"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSg">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9782" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSG"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSG">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9785" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSE"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSE">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9788" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSf"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSf">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9791" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSJ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSJ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9794" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS2"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS2">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9797" />
+    </marker>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7576-1"
+       id="linearGradient12740"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.585274"
+       y1="39.151588"
+       x2="29.061579"
+       y2="21.046715" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12742"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="21.322929"
+       y1="44.46735"
+       x2="34.585835"
+       y2="30.312105" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12744"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.246363"
+       y1="51.641129"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12746"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12748"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12750"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12752"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5685-1"
+       id="linearGradient12754"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,59.2801)"
+       x1="42.074207"
+       y1="42.648251"
+       x2="42.382099"
+       y2="30.0221" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12756"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12758"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6398-9"
+       id="linearGradient12760"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12762"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,-29)"
+       x1="603.48352"
+       y1="145.48944"
+       x2="603.48352"
+       y2="141.11491" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12764"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,55.7801)"
+       x1="41.126476"
+       y1="36.09766"
+       x2="44.599358"
+       y2="35.376236" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12766"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,64.6801)"
+       x1="53.072731"
+       y1="36.17104"
+       x2="35.096169"
+       y2="33.830193" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12768"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12770"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7808-7"
+       id="linearGradient12772"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="37.260498"
+       y1="27.37009"
+       x2="17.47529"
+       y2="37.98819" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12774"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="27.247866"
+       y1="46.597134"
+       x2="20.776503"
+       y2="33.722939" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12776"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="16.030468"
+       y1="50.84045"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12778"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12780"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12782"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12784"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10554-1"
+       id="linearGradient12786"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="48.126881"
+       y1="35.527008"
+       x2="35.096169"
+       y2="33.830193" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12788"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12790"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12792"
+       gradientUnits="userSpaceOnUse"
+       x1="603.25"
+       y1="140.36218"
+       x2="603.7171"
+       y2="144.12111" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12794"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="45.470558"
+       y1="35.187798"
+       x2="40.255276"
+       y2="36.286098" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12796"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,90.1801)"
+       x1="55.874207"
+       y1="35.072224"
+       x2="37.686401"
+       y2="33.083126" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12798"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12800"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12802"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12804"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+  </defs>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="translate(-33.785574,76.85193)"
+     id="layer1"
+     inkscape:groupmode="layer"
+     inkscape:label="Layer 1">
+    <g
+       transform="translate(20.785574,15.148096)"
+       id="g1758">
+      <g
+         inkscape:label="Layer 1"
+         id="layer1-8"
+         style="display:inline"
+         transform="translate(-204.5471,-8.3623809)">
+        <g
+           id="g51234">
+          <g
+             inkscape:label="#g4018"
+             id="background"
+             transform="matrix(0.83773585,0,0,1.0487651,217.5471,-715.37408)">
+            <rect
+               style="fill:#e3dcc0"
+               id="rect1933"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+            <rect
+               ry="19.070024"
+               rx="23.873896"
+               y="602.36218"
+               x="0"
+               height="450"
+               width="530"
+               id="rect3092"
+               style="fill:url(#pattern51338);fill-opacity:1" />
+            <rect
+               style="fill:url(#radialGradient51340);fill-opacity:1"
+               id="rect3985"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+          </g>
+          <g
+             inkscape:label="Layer 1"
+             id="layer1-0"
+             transform="matrix(0,1,-1,0,-569.42108,5708.5683)">
+            <rect
+               width="0"
+               height="24.171429"
+               rx="60.428574"
+               ry="24.171429"
+               x="-788.32996"
+               y="3808.3428"
+               id="rect5314-36"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="translate(511.139,-788.394)"
+               id="g8484" />
+            <g
+               transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+               id="g6374"
+               style="fill:#ffffff" />
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="420.08853"
+               y="-763.33875"
+               id="rect5314-1-2"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+               style="opacity:0.30729232"
+               mask="url(#mask4631)"
+               id="g4596" />
+            <g
+               transform="translate(235.628,616.018)"
+               id="g3002" />
+            <g
+               transform="translate(71.1162,-7.34373)"
+               id="g4898">
+              <g
+                 id="g4900-4">
+                <g
+                   id="g4902-3" />
+              </g>
+            </g>
+            <g
+               transform="translate(979.728,-180.625)"
+               id="g3002-4-7" />
+            <g
+               transform="translate(815.216,-803.987)"
+               id="g4898-9-7">
+              <g
+                 id="g4900-9-8">
+                <g
+                   id="g4902-1-1" />
+              </g>
+            </g>
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text19594-4"
+               y="276.983"
+               x="500.69299"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan19596-6"
+                 y="276.983"
+                 x="500.69299" /></text>
+            <g
+               transform="translate(916.728,50.3749)"
+               id="g3002-3-2" />
+            <g
+               transform="translate(752.216,-572.987)"
+               id="g4898-2-2">
+              <g
+                 id="g4900-7-1">
+                <g
+                   id="g4902-8-8" />
+              </g>
+            </g>
+            <g
+               transform="translate(-218.272,-381.625)"
+               id="g21694-0">
+              <text
+                 sodipodi:linespacing="125%"
+                 x="321.965"
+                 y="658.60797"
+                 id="text21702-5"
+                 xml:space="preserve"
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                   x="321.965"
+                   y="658.60797"
+                   id="tspan21704-1" /></text>
+            </g>
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="1173.8944"
+               y="303.50519"
+               id="rect5314-3-3"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               inkscape:label="Layer 1"
+               id="layer1-4"
+               transform="translate(212.407,560.774)">
+              <rect
+                 width="0"
+                 height="24.171429"
+                 rx="60.428574"
+                 ry="24.171429"
+                 x="-788.32996"
+                 y="3808.3428"
+                 id="rect5314-14"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="translate(511.139,-788.394)"
+                 id="g8484-7" />
+              <g
+                 transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+                 id="g6374-8"
+                 style="fill:#ffffff" />
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="420.08853"
+                 y="-763.33875"
+                 id="rect5314-1-6"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+                 style="opacity:0.30729232"
+                 mask="url(#mask4631-7)"
+                 id="g4596-06" />
+              <g
+                 transform="translate(235.628,616.018)"
+                 id="g3002-8" />
+              <g
+                 transform="translate(71.1162,-7.34373)"
+                 id="g4898-4">
+                <g
+                   id="g4900-3">
+                  <g
+                     id="g4902-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(979.728,-180.625)"
+                 id="g3002-4-4" />
+              <g
+                 transform="translate(815.216,-803.987)"
+                 id="g4898-9-3">
+                <g
+                   id="g4900-9-9">
+                  <g
+                     id="g4902-1-3" />
+                </g>
+              </g>
+              <text
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+                 xml:space="preserve"
+                 id="text19594-8"
+                 y="276.983"
+                 x="500.69299"
+                 sodipodi:linespacing="125%"><tspan
+                   id="tspan19596-2"
+                   y="276.983"
+                   x="500.69299" /></text>
+              <g
+                 transform="translate(916.728,50.3749)"
+                 id="g3002-3-5" />
+              <g
+                 transform="translate(752.216,-572.987)"
+                 id="g4898-2-0">
+                <g
+                   id="g4900-7-4">
+                  <g
+                     id="g4902-8-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(-218.272,-381.625)"
+                 id="g21694-4">
+                <text
+                   sodipodi:linespacing="125%"
+                   x="321.965"
+                   y="658.60797"
+                   id="text21702-3"
+                   xml:space="preserve"
+                   style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                     x="321.965"
+                     y="658.60797"
+                     id="tspan21704-3" /></text>
+              </g>
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="1173.8944"
+                 y="303.50519"
+                 id="rect5314-3-0"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <text
+                 sodipodi:linespacing="125%"
+                 transform="matrix(0,-1,1,0,0,0)"
+                 xml:space="preserve"
+                 style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;opacity:0.12604998;fill:#000000;fill-opacity:1;stroke:none;font-family:Interstate-Black"
+                 x="1740.2687"
+                 y="-5540.999"
+                 id="text28374"><tspan
+                   style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans Bold"
+                   sodipodi:role="line"
+                   id="tspan28376"
+                   x="1740.2687"
+                   y="-5540.999">#49658</tspan></text>
+            </g>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314"
+             y="5244.3931"
+             x="4432.2417"
+             ry="24.171429"
+             rx="60.428574"
+             height="24.171429"
+             width="0" />
+          <g
+             id="g8484-6"
+             transform="translate(5731.7105,647.6564)" />
+          <g
+             style="fill:#ffffff"
+             id="g6374-4"
+             transform="matrix(0.867051,0,0,0.867051,5533.8055,759.9764)" />
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-1"
+             y="672.71167"
+             x="5640.6602"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             id="g4596-3"
+             mask="url(#mask4631-8)"
+             style="opacity:0.30729232"
+             transform="matrix(1.73,0,0,0.659171,5511.8225,1611.9864)" />
+          <g
+             id="g3002-33"
+             transform="translate(5456.1995,2052.0684)" />
+          <g
+             id="g4898-8"
+             transform="translate(5291.6877,1428.7067)">
+            <g
+               id="g4900">
+              <g
+                 id="g4902" />
+            </g>
+          </g>
+          <g
+             id="g3002-4"
+             transform="translate(6200.2995,1255.4254)" />
+          <g
+             id="g4898-9"
+             transform="translate(6035.7875,632.0634)">
+            <g
+               id="g4900-9">
+              <g
+                 id="g4902-1" />
+            </g>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             x="5721.2646"
+             y="1713.0334"
+             id="text19594"
+             xml:space="preserve"
+             style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+               x="5721.2646"
+               y="1713.0334"
+               id="tspan19596" /></text>
+          <g
+             id="g3002-3"
+             transform="translate(6137.2995,1486.4253)" />
+          <g
+             id="g4898-2"
+             transform="translate(5972.7875,863.0634)">
+            <g
+               id="g4900-7">
+              <g
+                 id="g4902-8" />
+            </g>
+          </g>
+          <g
+             id="g21694"
+             transform="translate(5002.2995,1054.4254)">
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text21702"
+               y="658.60797"
+               x="321.965"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan21704"
+                 y="658.60797"
+                 x="321.965" /></text>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-3"
+             y="1739.5555"
+             x="6394.4658"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             transform="matrix(1.1935043,0,0,1.1935043,-56.738176,6.0556725)"
+             id="g9226">
+            <g
+               id="g17509"
+               transform="matrix(0.95549,0,0,0.95549,-131.63026,-97.114486)">
+              <g
+                 transform="matrix(-0.871732,0,0,0.875699,945.308,163.109)"
+                 mask="url(#mask7570-2)"
+                 id="g7663"
+                 style="opacity:0.53157899">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7667"
+                   style="fill:url(#linearGradient12740);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7669"
+                   style="fill:url(#linearGradient12742);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.24488,-5.533632 14.24488,-5.533632 L 579.37701,66.81781 z"
+                   id="path7671"
+                   style="fill:url(#linearGradient12744);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7673"
+                   style="fill:none;stroke:url(#linearGradient12746);stroke-width:1.57957995;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7675"
+                   style="fill:none;stroke:url(#linearGradient12748);stroke-width:2.10610008;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,41.25)"
+                   id="use7678">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5196"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12750);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5198"
+                     style="fill:url(#linearGradient12752);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,127.61454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7680"
+                   style="opacity:0.759843;fill:none;stroke:url(#linearGradient12754);stroke-width:1.05305004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="translate(0,31)"
+                   id="g7682">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7684"
+                     style="fill:url(#linearGradient12756);fill-opacity:1;stroke:url(#linearGradient12758);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7686"
+                     style="fill:url(#linearGradient12760);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,112.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7688"
+                   style="fill:url(#linearGradient12762);fill-opacity:1;stroke:url(#linearGradient12764);stroke-width:0.63183099;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,126.56345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7690"
+                   style="opacity:0.964567;fill:none;stroke:url(#linearGradient12766);stroke-width:0.95091498;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7692">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7694"
+                     style="opacity:0.680851;fill:url(#radialGradient12768);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7696"
+                     style="fill:url(#radialGradient12770);fill-opacity:1" />
+                </g>
+              </g>
+              <g
+                 transform="matrix(-0.875699,0,0,0.875699,947.549,115.264)"
+                 id="g7698">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7700"
+                   style="fill:url(#linearGradient12772);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7702"
+                   style="fill:url(#linearGradient12774);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.03777,-5.180079 14.03777,-5.180079 L 579.37701,66.81781 z"
+                   id="path7704"
+                   style="fill:url(#linearGradient12776);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7706"
+                   style="fill:none;stroke:url(#linearGradient12778);stroke-width:1.57599998;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7708"
+                   style="fill:none;stroke:url(#linearGradient12780);stroke-width:2.10133004;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,10.25)"
+                   id="use7710">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5186"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12782);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5188"
+                     style="fill:url(#linearGradient12784);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,153.11454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7712"
+                   style="opacity:0.62621304;fill:none;stroke:url(#linearGradient12786);stroke-width:1.05066001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   id="g7714">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7716"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12788);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7718"
+                     style="fill:url(#linearGradient12790);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,141.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7720"
+                   style="fill:url(#linearGradient12792);fill-opacity:1;stroke:url(#linearGradient12794);stroke-width:0.63039899;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,152.06345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7722"
+                   style="fill:none;stroke:url(#linearGradient12796);stroke-width:0.94875801;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10534-4)" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7724">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7726"
+                     style="opacity:0.680851;fill:url(#radialGradient12798);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7728"
+                     style="fill:url(#radialGradient12800);fill-opacity:1" />
+                </g>
+                <g
+                   transform="matrix(1.02462,0,0,1.02462,108.25,-131.553)"
+                   id="use7730">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path5236"
+                     style="opacity:0.680851;fill:url(#radialGradient12802);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path5238"
+                     style="fill:url(#radialGradient12804);fill-opacity:1" />
+                </g>
+              </g>
+            </g>
+          </g>
+          <g
+             transform="translate(271,-329)"
+             id="g5300">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,266.42705,-63.62544)"
+               id="g8866">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g8868"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8870"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8872"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8874"
+                   style="fill:url(#linearGradient4708);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8876"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path8878"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8880"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8882"
+                   style="fill:url(#linearGradient4710)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8884"
+                   style="fill:url(#linearGradient4712);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8886"
+                   style="fill:url(#linearGradient4714);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8888"
+                   style="opacity:0.62254902;fill:url(#radialGradient4716);fill-opacity:1;stroke:url(#radialGradient4718);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8890"
+                   style="fill:url(#linearGradient4720);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g8892">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8894"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8896"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8898"
+                   style="fill:url(#linearGradient4722);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8900"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path8902"
+                   style="fill:url(#linearGradient4724);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8904"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8906"
+                   style="fill:url(#linearGradient4726)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8908"
+                   style="fill:url(#linearGradient4728);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8910"
+                   style="fill:url(#linearGradient4730);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8912"
+                   style="opacity:0.96825406;fill:url(#radialGradient4732);fill-opacity:1;stroke:url(#radialGradient4734);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8914"
+                   style="fill:url(#linearGradient4736);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path8916"
+                   style="opacity:0.71957703;fill:url(#radialGradient4738);fill-opacity:1;stroke:url(#radialGradient4740);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g8918">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path8920"
+                   style="opacity:0.680851;fill:url(#radialGradient4742);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path8922"
+                   style="fill:url(#radialGradient4744);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="283.6499"
+               y="335.79758"
+               id="text3608"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan3610"
+                 x="285.31396"
+                 y="335.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4746"
+                 sodipodi:role="line"
+                 x="283.6499"
+                 y="348.63757"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5410">using </tspan>SSSD with an LDAP backend</tspan></text>
+          </g>
+          <g
+             transform="translate(169,-217.33331)"
+             id="g5335">
+            <g
+               id="g4892"
+               transform="matrix(-0.6631863,0,0,0.67913371,367.88733,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g4894"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4896"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4898"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5370);fill-opacity:1"
+                   id="path4900"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4902"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path4904"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4906"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5372)"
+                   id="path4908"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5374);fill-opacity:1"
+                   id="polygon4910"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5376);fill-opacity:1"
+                   id="path4912"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5378);fill-opacity:1;stroke:url(#radialGradient5380);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4914"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5382);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4916"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g4918"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4920"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4922"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5384);fill-opacity:1"
+                   id="path4924"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4926"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5386);fill-opacity:1"
+                   id="path4928"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4930"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5388)"
+                   id="path4932"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5390);fill-opacity:1"
+                   id="polygon4934"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5392);fill-opacity:1"
+                   id="path4936"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5394);fill-opacity:1;stroke:url(#radialGradient5396);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4938"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5398);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4940"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5400);fill-opacity:1;stroke:url(#radialGradient5402);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path4942"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g4944"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5404);fill-opacity:1"
+                   id="path4946"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5406);fill-opacity:1"
+                   id="path4948"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4427"
+               y="333.29758"
+               x="386.11017"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="387.77423"
+                 id="tspan4429"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4748"
+                 y="346.13757"
+                 x="386.11017"
+                 sodipodi:role="line"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5408">using </tspan>SSSD with an IPA backend</tspan></text>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             id="text4497"
+             y="199.29758"
+             x="284.07538"
+             style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:125%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+             xml:space="preserve"><tspan
+               style="font-size:13px"
+               id="tspan4501"
+               y="199.29758"
+               x="284.07538"
+               sodipodi:role="line">IPA</tspan></text>
+          <g
+             transform="translate(36,-105.66666)"
+             id="g5416">
+            <g
+               id="g5046"
+               transform="matrix(-0.6631863,0,0,0.67913371,501.21208,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g5048"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5050"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5052"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5451);fill-opacity:1"
+                   id="path5054"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5056"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path5058"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5060"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5453)"
+                   id="path5062"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5455);fill-opacity:1"
+                   id="polygon5064"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5457);fill-opacity:1"
+                   id="path5066"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5459);fill-opacity:1;stroke:url(#radialGradient5461);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5068"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5463);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5070"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g5072"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5074"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5076"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5465);fill-opacity:1"
+                   id="path5078"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5080"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5467);fill-opacity:1"
+                   id="path5082"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5084"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5469)"
+                   id="path5086"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5471);fill-opacity:1"
+                   id="polygon5088"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5473);fill-opacity:1"
+                   id="path5090"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5475);fill-opacity:1;stroke:url(#radialGradient5477);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5092"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5479);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5094"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5481);fill-opacity:1;stroke:url(#radialGradient5483);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path5096"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g5098"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5485);fill-opacity:1"
+                   id="path5100"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5487);fill-opacity:1"
+                   id="path5102"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="519.57751"
+               y="332.79758"
+               id="text4433"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan4435"
+                 x="521.13611"
+                 y="332.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4750"
+                 sodipodi:role="line"
+                 x="519.57751"
+                 y="345.63757"><tspan
+   id="tspan5412"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_LDAP/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(-112,6)"
+             id="g5489">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,650.68426,-63.62544)"
+               id="g4988">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g4990"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4992"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path4994"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path4996"
+                   style="fill:url(#linearGradient5142);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4998"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path5000"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5002"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5004"
+                   style="fill:url(#linearGradient5144)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5006"
+                   style="fill:url(#linearGradient5146);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5008"
+                   style="fill:url(#linearGradient5148);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5010"
+                   style="opacity:0.62254902;fill:url(#radialGradient5150);fill-opacity:1;stroke:url(#radialGradient5152);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5012"
+                   style="fill:url(#linearGradient5154);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g5014">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5016"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path5018"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path5020"
+                   style="fill:url(#linearGradient5156);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5022"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path5024"
+                   style="fill:url(#linearGradient5158);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5026"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5028"
+                   style="fill:url(#linearGradient5160)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5030"
+                   style="fill:url(#linearGradient5162);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5032"
+                   style="fill:url(#linearGradient5164);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5034"
+                   style="opacity:0.96825406;fill:url(#radialGradient5166);fill-opacity:1;stroke:url(#radialGradient5168);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5036"
+                   style="fill:url(#linearGradient5170);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path5038"
+                   style="opacity:0.71957703;fill:url(#radialGradient5172);fill-opacity:1;stroke:url(#radialGradient5174);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g5040">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path5042"
+                   style="opacity:0.680851;fill:url(#radialGradient5176);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path5044"
+                   style="fill:url(#radialGradient5178);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4439"
+               y="333.29758"
+               x="669.04968"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="670.60828"
+                 id="tspan4441"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4752"
+                 y="346.13757"
+                 x="669.04968"
+                 sodipodi:role="line"><tspan
+   id="tspan5414"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_KRB5/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(539.98213,665.63497)"
+             id="g3002-35" />
+          <g
+             transform="translate(375.47031,42.27285)"
+             id="g4898-37">
+            <g
+               id="g4900-5">
+              <g
+                 id="g4902-5" />
+            </g>
+          </g>
+          <g
+             transform="translate(321.48515,123.56711)"
+             id="g3002-4-44" />
+          <g
+             transform="translate(156.97333,-499.79501)"
+             id="g4898-3">
+            <g
+               id="g4900-3-7">
+              <g
+                 id="g4902-3-9" />
+            </g>
+          </g>
+          <g
+             transform="translate(4.49242,441.24827)"
+             id="g9694" />
+          <g
+             transform="translate(-160.01938,-182.11385)"
+             id="g9696">
+            <g
+               id="g9698">
+              <g
+                 id="g9700" />
+            </g>
+          </g>
+          <g
+             transform="translate(531.70846,712.31515)"
+             id="g11586" />
+          <g
+             transform="translate(367.19664,88.95298)"
+             id="g11591">
+            <g
+               id="g11593">
+              <g
+                 id="g11595" />
+            </g>
+          </g>
+          <g
+             transform="translate(945.16259,126.17676)"
+             id="g13960" />
+          <g
+             transform="translate(780.65077,-497.18536)"
+             id="g13962">
+            <g
+               id="g13964">
+              <g
+                 id="g13966" />
+            </g>
+          </g>
+          <g
+             id="g6425"
+             transform="matrix(-0.58230043,0,0,1.2021785,341.20931,-1013.0128)"
+             style="fill:#5c3566" />
+          <text
+             xml:space="preserve"
+             style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+             x="902.75421"
+             y="196.70628"
+             id="text13535"><tspan
+               sodipodi:role="line"
+               id="tspan13537"
+               x="902.75421"
+               y="196.70628" /></text>
+          <path
+             id="path18414"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSQ);marker-end:url(#TriangleOutS7);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,-44.15908 -100.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,130.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -72.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,289.61762 -100.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-113.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -72.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSE);marker-end:url(#TriangleOutSf);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6366" />
+          <path
+             id="path6368"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSg);marker-end:url(#TriangleOutSG);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,175.61762 -78.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-15.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -94.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,65.84092 -78.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,36.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -94.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSJ);marker-end:url(#TriangleOutS2);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6370" />
+        </g>
+      </g>
+      <g
+         id="layer2"
+         inkscape:label="sdfsdf"
+         style="display:none"
+         transform="translate(-204.5471,-8.3623809)">
+        <rect
+           style="opacity:0.22325583;fill:#180e00;fill-opacity:1;fill-rule:nonzero;stroke:#211601;stroke-width:2.10500002;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:0.09661835;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+           id="rect26435"
+           width="1620"
+           height="951.42859"
+           x="-308.57144"
+           y="92.362144"
+           ry="26.574863"
+           rx="26.574863" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/icon.svg b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/icon.svg
similarity index 100%
copy from public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/icon.svg
copy to public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/icon.svg
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/kinit_admin.png b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/kinit_admin.png
new file mode 100644
index 0000000..a0b81e1
Binary files /dev/null and b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/images/kinit_admin.png differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html
new file mode 100644
index 0000000..d19d8ef
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html
@@ -0,0 +1,4858 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeIPA: Identity/Policy Management</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and cl
 ients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="id4694641" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">15</span></div><div><h1 id="id4694641" class="title">FreeIPA: Identity/Policy Management</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 0.1</p><div><h3 class="corpauthor">
+		<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
+
+	</h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3215154" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+		Copyright <span class="trademark"></span>© 2011 Red Hat.
+	</div><div class="para">
+		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+	</div><div class="para">
+		Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+	</div><div class="para">
+		Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+	</div><div class="para">
+		For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+	</div><div class="para">
+		<span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+	</div><div class="para">
+		All other trademarks are the property of their respective owners.
+	</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
+			Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.
+		</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="#Document_Conventions">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="#feedback">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="#doc-history">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="#installing-ipa">1. Installing a FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation">1.1. Preparin
 g to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="#Installing_the_IPA_Server_Packages">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="#creating-server">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="#install-command">1.3.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</
 a></span></dt><dt><span class="section"><a href="#install-examples">1.3.3. Examples of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="#chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="#Uninstalling_IPA_Servers">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="#setting-up-clients">2. Setting up Syste
 ms as FreeIPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#fedora-client-setup">2.1. Setting up a Fedora System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#fedora-pkgs">2.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">2.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#fedora-Configuring_NFS_v4_with_Kerberos">2.1.3. Configuring NFS v4 with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="#Using_Microsoft_Windows">2.2. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">2.3. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA
 _Client_on_Solaris_10">2.3.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.3.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">2.4. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">2.4.2. Configuring Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a 
 href="#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">2.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">2.5. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">2.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">2.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">2.6. Configuring a Macintosh OS X System as a FreeIPA Client<
 /a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.6.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.6.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">2.6.5. Accessing the FreeIPA Server Using SSH</a></span></dt><dt><span class="section"><a href="#Macintosh_OS_X-Configuring_System_Login">2.6.6. Configuring System Login</a></span></dt><
 /dl></dd></dl></dd><dt><span class="chapter"><a href="#basic-usage">3. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="#using-the-ui">3.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">3.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="#logging-in">3.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="#switching-users">3.3. Switching Users</a></span></dt></dl></dd><dt><span class="chapter"><a href="#managing-clients">4. Managing Clients in the FreeIPA Domain</a></span></dt><dd><dl><dt><
 span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">4.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">4.1.1. Adding Hosts to a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">4.1.2. Removing Hosts from a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">4.1.3. Managing DNS Zones</a></span></dt></dl></dd><dt><span class="section"><a href="#enrolling-machines">4.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">4.2.1. Manual Host Enrollment with Privileged Admi
 nistrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">4.2.2. Manual Host Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">4.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="#renaming-machines">4.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="#config-virt-machines">4.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="#certs">4.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">4.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="#
 sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">4.6. Client Problems</a></span></dt><dt><span class="section"><a href="#uninstalling-clients">4.7. Uninstalling a FreeIPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="#users">5. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#home-directories">5.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="#adding-users">5.2. Adding Users</a></span></dt><dt><span class="section"><a href="#editing-users">5.3. Editing Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">5.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">5.4.1. 
 Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">5.5. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">5.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#user-groups">5.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">5.6.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">5.6.2. Editing FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">5.6.3. Deleting FreeIPA Groups</a></span
 ></dt></dl></dd><dt><span class="section"><a href="#user-pwdpolicy">5.7. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">5.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">5.7.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">5.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">5.7.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="#sect-Ente
 rprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">5.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">5.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">5.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">5.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">5.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a 
 href="#searching">5.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">5.8.1. Searching for Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">5.8.2. Searching for Groups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#kerberos">6. Identity: Using FreeIPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="sectio
 n"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="#automount">7. Identity: Using Automount</a></span></dt><dd><dl><dt><s
 pan class="section"><a href="#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-automount">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configu
 ring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#active-directory">8. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span cl
 ass="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity
 _Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="#nis">9. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a
  href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="#migrintg-from-nis">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#authz">10. Policy: Configuring Authorization</a></span></dt>
 <dd><dl><dt><span class="section"><a href="#configuring-host-access">10.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">10.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">10.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sudo">11. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#about-sudo">11.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">11.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">11.1.2. Limitations of the Existing Sudo LDAP S
 chema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">11.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">11.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-sudo">11.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">11.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">11.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a h
 ref="#server-config">12. Configuring the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#managing-access-to-ipa">12.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">12.1.1. Server-side Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="#creating-roles">12.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">12.3. Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">12.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="#search-limits">12.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="#disabling-anon-binds">12.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#se
 ct-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">12.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">12.7.1. Assigning UIDs and GIDs</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">12.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">12.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">12.8.2. Usin
 g Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="#Using_OCSP">12.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">12.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="#ipa-cluster">12.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">12.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">12.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_
 DNS-Creating_DNS_Entries_for_IPA_Replicas">12.11. Creating DNS Entries for FreeIPA Replicas</a></span></dt><dt><span class="section"><a href="#promoting-replica">12.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="#logging">12.13. IPA Server Logging</a></span></dt></dl></dd><dt><span class="appendix"><a href="#chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions">A. Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger">B. Services: Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger">B.2. Using certmonger</a></span></dt><dt><span class="section"><
 a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS">B.3. Using certmonger with NSS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA">B.4. Using certmonger with IPA</a></span></dt></dl></dd><dt><span class="appendix"><a href="#Migrating_from_a_Directory_Server_to_IPA">C. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Gu
 ide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IP
 A</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_bas
 ed_Migration">C.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="
 #sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="#Glossary">Glossary</a></span></dt><dt><span class="index"><a href="#id3129987">Index</a></span></dt></dl></div><div xml:lang="en-US" class="preface" id="Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div class="para">
+		FreeIPA is a Fedora-based way to create a security, identity, and authentication domain. The different security and authentication protocols available to Linux and Unix systems (like Kerberos, NIS, DNS, PAM, and sudo) are complex, unrelated, and difficult to manage coherently, especially when combined with different identity stores.
+	</div><div class="para">
+		FreeIPA provides a layer that unifies all of these disparate services and simplifies the administrative tasks for managing users, systems, and security. FreeIPA breaks management down into two categories: <span class="emphasis"><em>identity</em></span> and <span class="emphasis"><em>policy</em></span>. It centralizes the functions of managing the users and entities within your IT environment (identity) and then provides a framework to define authentication and authorization for a global security framework and user-friendly tools like single sign-on (policy).
+	</div><div class="section" id="audience"><div class="titlepage"><div><div><h2 class="title" id="audience">1. Audience and Purpose</h2></div></div></div><div class="para">
+			With FreeIPA, a Fedora system can easily become the center of an identity/authentication domain and even provide access to the domain for clients of other operating systems. FreeIPA is an integrated system, that builds on existing and reliable technologies like LDAP and certificate protocols, with a robust yet straightforward set of tools (including a web-based UI). The key to identity/policy management with FreeIPA is simplicity and flexibility:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Centralized identity stores for authentication and single sign-on using both integrated LDAP services (with 389 Directory Server) and, optionally, NIS services
+				</div></li><li class="listitem"><div class="para">
+					Clear and manageable administrative control over system services like PAM, NTP, and sudo
+				</div></li><li class="listitem"><div class="para">
+					Simplified DNS domains and maintenance
+				</div></li><li class="listitem"><div class="para">
+					Scalable Kerberos realms and cross-realms which clients can easily join
+				</div></li></ul></div><div class="para">
+			This guide is written for systems administrators and IT staff who will manage FreeIPA domains, user systems, and servers. This assumes a moderate knowledge of Linux-based systems administration and familiarity with important concepts like access control, LDAP, and Kerberos.
+		</div><div class="para">
+			This guide covers every aspect of using FreeIPA, including preparation and installation processes, administrative tasks, and the FreeIPA tools. This guide also explains the major concepts behind both identity and policy management, generally, and FreeIPA features specifically. Administrative tasks in this guide are categorized as either <span class="emphasis"><em>Identity</em></span> or <span class="emphasis"><em>Policy</em></span> in the chapter title to help characterize the administrative functions.
+		</div></div><div xml:lang="en-US" class="section" id="Document_Conventions" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Document_Conventions">2. Examples and Formatting</h2></div></div></div><div class="para">
+		Each of the examples used in this guide, such as file locations and commands, have certain defined conventions.
+	</div><div class="section" id="bracketsexamples"><div class="titlepage"><div><div><h3 class="title" id="bracketsexamples">2.1. Brackets</h3></div></div></div><div class="para">
+			Square brackets (<code class="command">[]</code>) are used to indicate an alternative element in a name. For example, if a tool is available in <code class="filename">/usr/lib</code> on 32-bit systems and in <code class="filename">/usr/lib64</code> on 64-bit systems, then the tool location may be represented as <code class="filename">/usr/lib[64]</code>.
+		</div></div><div class="section" id="tool-locations"><div class="titlepage"><div><div><h3 class="title" id="tool-locations">2.2. Client Tool Information</h3></div></div></div><div class="para">
+			The tools for FreeIPA are located in the <code class="filename">/usr/bin</code> and the <code class="filename">/usr/sbin</code> directories.
+		</div><div class="para">
+			The LDAP tools used to edit the FreeIPA directory services, such as <code class="command">ldapmodify</code> and <code class="command">ldapsearch</code>, are from OpenLDAP. OpenLDAP tools use SASL connections by default. To perform a simple bind using a username and password, use the <code class="option">-x</code> argument to disable SASL.
+		</div></div><div class="section" id="guide-formatting"><div class="titlepage"><div><div><h3 class="title" id="guide-formatting">2.3. Text Formatting and Styles</h3></div></div></div><div class="para">
+			Certain words are represented in different fonts, styles, and weights. Different character formatting is used to indicate the function or purpose of the phrase being highlighted.
+		</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr valign="top"><th valign="top">
+							Formatting Style
+						</th><th valign="top">
+							Purpose
+						</th></tr></thead><tbody><tr valign="top"><td valign="top">
+							
+<pre class="screen">Monospace with a background</pre>
+
+						</td><td valign="top">
+							This type of formatting is used for anything entered or returned in a command prompt.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="emphasis"><em>Italicized text</em></span>
+						</td><td valign="top">
+							Any text which is italicized is a variable, such as <span class="emphasis"><em>instance_name</em></span> or <span class="emphasis"><em>hostname</em></span>. Occasionally, this is also used to emphasize a new term or other phrase.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="bold bold"><strong>Bolded text</strong></span>
+						</td><td valign="top">
+							Most phrases which are in bold are application names, such as <span class="application"><strong>Cygwin</strong></span>, or are fields or options in a user interface, such as a <span class="guilabel"><strong>User Name Here:</strong></span> field or <span class="guibutton"><strong>Save</strong></span> button. This can also indicate a file, package, or directory name, such as <code class="filename">/usr/sbin</code>.
+						</td></tr></tbody></table></div><div class="para">
+			Other formatting styles draw attention to important text.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.
+			</div></div></div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+				Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot.
+			</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+				A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.
+			</div></div></div></div></div><div xml:lang="en-US" class="section" id="feedback" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="feedback">3. Giving Feedback</h2></div></div></div><div class="para">
+		If there is any error in this book or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for FreeIPA through Bugzilla, <a href="http://bugzilla.redhat.com/bugzilla">http://bugzilla.redhat.com/bugzilla</a>. Make the bug report as specific as possible, so we can be more effective in correcting any issues:
+	</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+				Select the Other group and the freeIPA product.
+			</div></li><li class="listitem"><div class="para">
+				Set the component to Documentation.
+			</div></li><li class="listitem"><div class="para">
+				Set the version number to 2.1.
+			</div></li><li class="listitem"><div class="para">
+				For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.
+			</div><div class="para">
+				For enhancements, put in what information needs to be added and why.
+			</div></li><li class="listitem"><div class="para">
+				Give a clear title for the bug. For example, <code class="command">"Incorrect command example for setup script options"</code> is better than <code class="command">"Bad example"</code>.
+			</div></li></ol></div><div class="para">
+		We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact the Fedora docs team at <a href="mailto:docs at lists.fedoraproject.org">docs at lists.fedoraproject.org</a>.
+	</div></div><div xml:lang="en-US" class="section" id="doc-history" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="doc-history">4. Document Change History</h2></div></div></div><div class="para">
+		<div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+					<table border="0" summary="Simple list" class="simplelist"><tr><td>Beginning draft for the Fedora docs project.</td></tr></table>
+
+				</td></tr></table></div>
+
+	</div></div></div><div xml:lang="en-US" class="chapter" id="installing-ipa" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Installing a FreeIPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="#Installing_the_IPA_Server_Packages">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a hre
 f="#creating-server">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="#install-command">1.3.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="#install-examples">1.3.3. Examples of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="#chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="#tr
 oubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="#Uninstalling_IPA_Servers">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></div><div class="para">
+		The FreeIPA domain is defined and managed by a FreeIPA <span class="emphasis"><em>server</em></span> which is essentially a domain controller. There can be multiple domain controllers within a domain for load-balancing and failover tolerance. These additional servers are called <span class="emphasis"><em>replicas</em></span> of the master FreeIPA server.
+	</div><div class="para">
+		Both FreeIPA servers and replicas only run on Fedora systems. For both servers and replicas, the necessary packages must be installed and then the FreeIPA server or replica itself is configured through setup scripts, which configure all of the requisite services.
+	</div><div class="section" id="Preparing_for_an_IPA_Installation"><div class="titlepage"><div><div><h2 class="title" id="Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</h2></div></div></div><div class="para">
+			Before you install FreeIPA, ensure that the installation environment is suitably configured. You also need to provide certain information during the installation and configuration procedures, including realm names and certain usernames and passwords. This section describes the information that you need to provide.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</h3></div></div></div><div class="para">
+				A basic user entry is about 1 KB in size, as is a simple host entry with a certificate. The structure of the directory tree and the number of indexes in the Directory Server instance can impact the hardware required for the best performance. <a class="xref" href="#tab.Minimum_hardware_requirements_for_IPA">Table 1.1, “Minimum Hardware Requirements”</a> lists the recommended minimums. For customized systems, additional indexes, or larger user entries, it is more effective to increase the RAM than to increase the disk space because the Directory Server stores much of its data in cache. Add info for disk layout/size recommendations, from https://www.redhat.com/archives/freeipa-users/2011-May/msg00012.html
+			</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+					The Directory Server instance used by the FreeIPA server can be tuned to increase performance. For tuning information, see the Directory Server documentation at <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html</a>.
+				</div></div></div><div class="para">
+				The system requirements for both 32-bit and 64-bit platforms are the same.
+			</div><div class="table" id="tab.Minimum_hardware_requirements_for_IPA"><h6>Table 1.1. Minimum Hardware Requirements</h6><div class="table-contents"><table summary="Minimum Hardware Requirements" border="1"><colgroup><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /></colgroup><thead><tr><th align="center">
+								Minimum Hardware Requirements
+							</th><th align="center">
+								10,000 - 250,000 Entries
+							</th><th align="center">
+								250,000 - 1,000,000 Entries
+							</th><th align="center">
+								Over 1,000,000 Entries
+							</th></tr></thead><tbody><tr><td align="left">
+								CPU
+							</td><td colspan="3" align="center">
+								P3; 500MHz
+							</td></tr><tr><td align="left">
+								RAM
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td></tr><tr><td align="left">
+								Disk Space
+							</td><td align="center">
+								2 GB
+							</td><td align="center">
+								4 GB
+							</td><td align="center">
+								8 GB
+							</td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</h3></div></div></div><div class="para">
+				Most of the packages that a FreeIPA server depends on are installed as dependencies when the FreeIPA packages are installed. There are some packages, however, which are required before installing the FreeIPA packages:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Kerberos 1.9
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">named</span> and <span class="package">bind-dyndb-ldap</span> packages for DNS
+					</div></li></ul></div></div><div class="section" id="prerequisites"><div class="titlepage"><div><div><h3 class="title" id="prerequisites">1.1.3. System Prerequisites</h3></div></div></div><div class="para">
+				The FreeIPA server is set up using a configuration script, and this script makes certain assumption about the host system. If the system does not meet these prerequisites, then server configuration may fail.
+			</div><div class="section" id="prereq-ds"><div class="titlepage"><div><div><h4 class="title" id="prereq-ds">1.1.3.1. Directory Server</h4></div></div></div><div class="para">
+					There must not be any instances of 389 Directory Server installed on the host machine.
+				</div></div><div class="section" id="prereq-system"><div class="titlepage"><div><div><h4 class="title" id="prereq-system">1.1.3.2. System Files </h4></div></div></div><div class="para">
+					The server script overwrites system files to set up the FreeIPA domain. The system should be clean, without custom configuration for services like DNS and Kerberos, before configuring the FreeIPA server.
+				</div></div><div class="section" id="prereq-ports"><div class="titlepage"><div><div><h4 class="title" id="prereq-ports">1.1.3.3. System Ports</h4></div></div></div><div class="para">
+					FreeIPA uses a number of ports to communicate with its services. These ports, listed in <a class="xref" href="#tab.ipa-ports">Table 1.2, “FreeIPA Ports”</a>, must be open and available for FreeIPA to work. They cannot be in use by another service or blocked by a firewall. To make sure that these ports are available, try <code class="command">iptables</code> to list the available ports or <code class="command">nc</code>, <code class="command">telnet</code>, or <code class="command">nmap</code> to connect to a port or run a port scan.
+				</div><div class="table" id="tab.ipa-ports"><h6>Table 1.2. FreeIPA Ports</h6><div class="table-contents"><table summary="FreeIPA Ports" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+									Service
+								</th><th>
+									Ports
+								</th></tr></thead><tbody><tr><td>
+									OCSP responder
+								</td><td>
+									9180
+								</td></tr><tr><td>
+									HTTP/HTTPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>80</td></tr><tr><td>443</td></tr></table>
+
+								</td></tr><tr><td>
+									LDAP/LDAPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>389</td></tr><tr><td>636</td></tr></table>
+
+								</td></tr><tr><td>
+									Kerberos<sup>[<a id="ft.udp-tcp" href="#ftn.ft.udp-tcp" class="footnote">a</a>]</sup>
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>88</td></tr><tr><td>464</td></tr></table>
+
+								</td></tr><tr><td>
+									DNS<sup>[<a href="#ftn.ft.udp-tcp" class="footnoteref">a</a>]</sup>
+								</td><td>
+									53
+								</td></tr><tr><td>
+									NTP<sup>[<a id="id3324632" href="#ftn.id3324632" class="footnote">b</a>]</sup>
+								</td><td>
+									123
+								</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
+										This service uses both TCP adn UDP ports.
+									</p></div><div class="footnote"><p><sup>[<a id="ftn.id3324632" href="#id3324632" class="para">b</a>] </sup>
+										This service uses UDP ports only.
+									</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">1.1.3.4. DNS</h4></div></div></div><div class="para">
+					FreeIPA uses DNS for the FreeIPA clients to find (<span class="emphasis"><em>discover</em></span>) the FreeIPA servers. The DNS service can be managed by FreeIPA itself, or FreeIPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and FreeIPA services like, LDAP, Kerberos, and SSL may fail to work.
+				</div><div class="section" id="dns-requirements"><div class="titlepage"><div><div><h5 class="title" id="dns-requirements">1.1.3.4.1. DNS Requirements</h5></div></div></div><div class="para">
+						Regardless of whether the DNS is within the FreeIPA server or external, the server host must have DNS properly configured:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								The server's machine name must be set and resolve to its public IP address. The fully-qualified domain name cannot resolve to the loopback address. It must resolve to the machine's public IP address, not to <code class="systemitem">127.0.0.1</code>. The output of the <code class="command">hostname</code> command cannot be <code class="systemitem">localhost</code> or <code class="systemitem">localhost6</code>.
+							</div></li><li class="listitem"><div class="para">
+								The hostname must be fully qualified. For example, <code class="systemitem">ipa.example.com</code>.
+							</div></li><li class="listitem"><div class="para">
+								The reverse of the address that the hostname resolves to must match the hostname.
+							</div></li><li class="listitem"><div class="para">
+								The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the FreeIPA server, but it does need to be fully functional.
+							</div><div class="para">
+								If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install FreeIPA to automatically configure a suitable DNS.
+							</div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">1.1.3.4.2. FreeIPA-Generated DNS File</h5></div></div></div><div class="para">
+						To help create and configure a suitable DNS setup, the FreeIPA installation script creates a sample zone file. During the installation, FreeIPA displays a message similar to the following:
+					</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
+</pre><div class="para">
+						You should use this file in your DNS zone file.
+					</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">1.1.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
+						<span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in a FreeIPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+					</div><div class="para">
+						<code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific FreeIPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+					</div><div class="para">
+						To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+					</div><pre class="programlisting">positive-time-to-live   group           3600
+negative-time-to-live   group           60
+positive-time-to-live   hosts           3600
+negative-time-to-live   hosts           20
+</pre></div><div class="section" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos">1.1.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
+						The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+					</div><div class="para">
+						If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example: 
+<pre class="programlisting">10.0.0.1    ipa.example.com  ipa</pre>
+						 The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. FreeIPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
+					</div><div class="para">
+						A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The FreeIPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+					</div><div class="para">
+						The FreeIPA installation process includes checks to ensure that the FreeIPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing a FreeIPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the FreeIPA server will use itself as a DNS from that point forward.
+					</div><div class="para">
+						The FreeIPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								DNS forwarders must be specified as IP addresses, not as hostnames.
+							</div></div></div>
+
+					</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">1.1.3.5. Configuring Networking</h4></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services">1.1.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
+						The default networking service used by Fedora is NetworkManager, and due to the way this service works, it can cause problems with FreeIPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in a FreeIPA environment and disable the NetworkManager service.
+					</div><div class="orderedlist" id="proc-Enterprise_Identity_Management_Guide-Configuring_Networking_Services-To_configure_networking_services_for_IPA"><ol><li class="listitem"><div class="para">
+								Boot the machine into single-user mode and run the following commands:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManager off; service NetworkManager stop</span></pre></li><li class="listitem"><div class="para">
+								If <code class="systemitem">NetworkManagerDispatcher</code> is installed, ensure that it is stopped and disabled:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop</span></pre></li><li class="listitem"><div class="para">
+								Then, make sure that the <code class="systemitem">network</code> service is properly started. 
+<pre class="programlisting"><span class="perl_Comment"># chkconfig network on; service network start</span></pre>
+
+							</div></li><li class="listitem"><div class="para">
+								Ensure that static networking is correctly configured.
+							</div></li><li class="listitem"><div class="para">
+								Restart the system.
+							</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File">1.1.3.5.2. Configuring the /etc/hosts File</h5></div></div></div><div class="para">
+						You need to ensure that your <code class="filename">/etc/hosts</code> file is configured correctly. A misconfigured file can prevent the FreeIPA command-line tools from functioning correctly and can prevent the FreeIPA web interface from connecting to the FreeIPA server.
+					</div><div class="para">
+						Configure the <code class="filename">/etc/hosts</code> file to list the FQDN for the FreeIPA server <span class="emphasis"><em>before</em></span> any aliases. Also ensure that the hostname is not part of the <code class="literal">localhost</code> entry. The following is an example of a valid hosts file:
+					</div><pre class="programlisting">127.0.0.1	localhost.localdomain	localhost
+::1		localhost6.localdomain6	localhost6
+192.168.1.1	ipaserver.example.com	ipaserver
+</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							Do not omit the <code class="systemitem">IPv4</code> entry in the <code class="filename">/etc/hosts</code> file. This entry is required by the FreeIPA web service.
+						</div></div></div></div></div></div></div><div class="section" id="Installing_the_IPA_Server_Packages"><div class="titlepage"><div><div><h2 class="title" id="Installing_the_IPA_Server_Packages">1.2. Installing the FreeIPA Server Packages</h2></div></div></div><div class="para">
+			Installing only the FreeIPA server requires a single package, . If the FreeIPA server will also manage a DNS server, then it requires two additional packages to set up the DNS.
+		</div><div class="para">
+			All of these packages can be installed using the <code class="command">yum</code> command:
+		</div><div class="para">
+			Installing the  also installs a large number of dependencies, such as <span class="package">389-ds-base</span> for the LDAP service and <span class="package">krb5-server</span> for the Kerberos service, along with FreeIPA tools.
+		</div><div class="para">
+			After the packages are installed, the server instance must be created using the <code class="command">ipa-server-install</code> command. The options for configuring the new server instance are described in <a class="xref" href="#creating-server">Section 1.3, “Creating a FreeIPA Server Instance”</a>.
+		</div></div><div class="section" id="creating-server"><div class="titlepage"><div><div><h2 class="title" id="creating-server">1.3. Creating a FreeIPA Server Instance</h2></div></div></div><div class="para">
+			The FreeIPA setup script creates a server instance, which includes configuring all of the required services for the FreeIPA domain:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					The network time daemon (ntpd)
+				</div></li><li class="listitem"><div class="para">
+					A 389 Directory Server instance
+				</div></li><li class="listitem"><div class="para">
+					A Kerberos key distribution center (KDC)
+				</div></li><li class="listitem"><div class="para">
+					Apache (httpd)
+				</div></li><li class="listitem"><div class="para">
+					An updated SELinux targeted policy
+				</div></li><li class="listitem"><div class="para">
+					The Active Directory WinSync plug-in
+				</div></li><li class="listitem"><div class="para">
+					A certificate authority
+				</div></li><li class="listitem"><div class="para">
+					<span class="emphasis"><em>Optional.</em></span> A domain name service (DNS) server
+				</div></li></ul></div><div class="para">
+			The FreeIPA setup process can be minimal, where the administrator only supplies some required information, or it can be very specific, with user-defined settings for many parts of the FreeIPA services. The configuration is passed using arguments with the <code class="command">ipa-install-server</code> script.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				The port numbers and directory locations used by FreeIPA are all defined automatically, as defined in <a class="xref" href="#prereq-ports">Section 1.1.3.3, “System Ports”</a> and . These ports and directories <span class="emphasis"><em>cannot</em></span> be changed or customized.
+			</div></div></div><div class="section" id="install-command"><div class="titlepage"><div><div><h3 class="title" id="install-command">1.3.1. About ipa-server-install</h3></div></div></div><div class="para">
+				A FreeIPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS nad Kerberos, that are used by the FreeIPA instance, or it can supply predefined values for minimal input from the administrator.
+			</div><div class="para">
+				While <code class="command">ipa-server-install</code> can be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
+			</div><div class="para">
+				<a class="xref" href="#tab.ipa-server-install-param">Table 1.3, “ipa-server-install Options”</a> lists the possible arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="#install-examples">Section 1.3.3, “Examples of Creating the FreeIPA Server”</a> has examples of some common installation scenarios. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
+			</div><div class="table" id="tab.ipa-server-install-param"><h6>Table 1.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+								Argument
+							</th><th>
+								Alternate Argument
+							</th><th>
+								Description
+							</th></tr></thead><tbody><tr><td colspan="3">
+								<span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3271783" href="#ftn.id3271783" class="footnote">a</a>]</sup>
+							</td></tr><tr><td>
+								-a <span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								--admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								The password for the FreeIPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
+							</td></tr><tr><td>
+								--hostname=<span class="emphasis"><em>hostname</em></span>
+							</td><td>
+
+							</td><td>
+								The fully-qualified domain name of the FreeIPA server machine.
+							</td></tr><tr><td>
+								-n <span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								--domain=<span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								The name of the LDAP server domain to use for the FreeIPA domain. This is usually based on the FreeIPA server's hostname.
+							</td></tr><tr><td>
+								-p <span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								--ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
+							</td></tr><tr><td>
+								-r <span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								--realm=<span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								The name of the Kerberos realm to create for the FreeIPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Certificate Authority Options</strong></span>
+							</td></tr><tr><td>
+								--external-ca
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the FreeIPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--selfsign
+							</td><td>
+
+							</td><td>
+								Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the FreeIPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
+							</td></tr><tr><td>
+								--subject=<span class="emphasis"><em>subject_DN</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>DNS Options</strong></span>
+							</td></tr><tr><td>
+								--forwarder=<span class="emphasis"><em>forwarder</em></span>
+							</td><td>
+
+							</td><td>
+								Gives a comma-separated list of DNS forwarders to use with the DNS service.
+							</td></tr><tr><td>
+								--no-forwarders
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--no-reverse
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--setup-dns
+							</td><td>
+
+							</td><td>
+								Tells the installation script to set up a DNS service within the FreeIPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
+							</td></tr><tr><td>
+								--zonemgr=<span class="emphasis"><em>email_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Kerberos Options</strong></span>
+							</td></tr><tr><td>
+								--ip-address=<span class="emphasis"><em>ip_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the IP address of the Kerberos master KDC. This can be used if there are multiple FreeIPA servers in the same realm.
+							</td></tr><tr><td>
+								-P <span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								--master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								The password for the KDC account. This is randomly generated if no value is given.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>NTP Options</strong></span>
+							</td></tr><tr><td>
+								-N, --no-ntp
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> configure the NTP service for the FreeIPA server. This is normally done by default. 
+								<div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+										If the FreeIPA server is running as a virtual guest, it should not run an NTP service.
+									</div></div></div>
+
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>FreeIPA Server Configuration Options</strong></span>
+							</td></tr><tr><td>
+								--idmax=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the upper bound for IDs which can be assigned by the FreeIPA server. The default value is the ID start value plus 199999.
+							</td></tr><tr><td>
+								--idstart=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the lower bound (starting value) for IDs which can be assigned by the FreeIPA server. The default value is randomly selected.
+							</td></tr><tr><td>
+								--no_hbac_allow
+							</td><td>
+
+							</td><td>
+								Disables the <code class="command">allow_all</code> rule for host-based access control in the FreeIPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Other Setup Options</strong></span>
+							</td></tr><tr><td>
+								--no-host-dns
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the FreeIPA server machine during the installation process.
+							</td></tr><tr><td>
+								-U
+							</td><td>
+								--unattended
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
+							</td></tr><tr><td>
+								--uninstall
+							</td><td>
+
+							</td><td>
+								Uninstalls an existing FreeIPA server.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>General Tool Options</strong></span>
+							</td></tr><tr><td>
+								-d
+							</td><td>
+								--debug
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
+							</td></tr><tr><td>
+								-h
+							</td><td>
+								--help
+							</td><td>
+								Prints the help information for the <code class="command">ipa-server-install</code> command.
+							</td></tr><tr><td>
+								--version
+							</td><td>
+
+							</td><td>
+								Prints the version number of the <code class="command">ipa-server-install</code> command.
+							</td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3271783" href="#id3271783" class="para">a</a>] </sup>
+									The installation script will prompt for these options if they are not passed with the script.
+								</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
+				All that is required to set up a FreeIPA server is to run the <code class="command">ipa-server-install</code> script. This launchs the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Run the <code class="command">ipa-server-install</code> script.
+					</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install</span></pre></li><li class="listitem"><div class="para">
+						Enter the hostname. This is determined automatically using reverse DNS.
+					</div><pre class="programlisting">Server host name [ipa2.server.example.com]:</pre></li><li class="listitem"><div class="para">
+						Enter the domain name. This is determined automatically based on the hostname.
+					</div><pre class="programlisting">Please confirm the domain name [example.com]:</pre></li><li class="listitem"><div class="para">
+						The script then reprints the hostname, IP address, and domain name.
+					</div><pre class="programlisting">The IPA Master Server will be configured with
+<span class="perl_BString">Hostname</span>:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre></li><li class="listitem"><div class="para">
+						Enter the new Kerberos realm name. This is usually based on the domain name.
+					</div><pre class="programlisting">Please provide a realm name [EXAMPLE.COM]:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the Directory Server superuser, <code class="command">cn=Directory Manager</code>. There are password strength requirements for this password, including a minimum password length.
+					</div><pre class="programlisting">Directory Manager password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the FreeIPA system user account, <code class="command">admin</code>. This user is created on the machine.
+					</div><pre class="programlisting">IPA admin password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						After that, the script configures all of the associated services for FreeIPA, with task counts and progress bars.
+					</div><pre class="programlisting">Configuring ntpd
+  [1/4]: stopping ntpd
+ ...
+<span class="perl_Keyword">done</span> configuring ntpd.
+
+Configuring directory server <span class="perl_Keyword">for</span> the CA: Estimated time 30 seconds
+  [1/3]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring pkids.
+
+Configuring certificate server: Estimated time 6 minutes
+  [1/17]: creating certificate server user
+....
+<span class="perl_Keyword">done</span> configuring pki-cad.
+
+Configuring directory server: Estimated time 1 minute
+  [1/32]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring dirsrv.
+
+Configuring Kerberos KDC: Estimated time 30 seconds
+  [1/14]: setting KDC account password
+...
+<span class="perl_Keyword">done</span> configuring krb5kdc.
+
+Configuring ipa_kpasswd
+  [1/2]: starting ipa_kpasswd
+  [2/2]: configuring ipa_kpasswd to start on boot
+<span class="perl_Keyword">done</span> configuring ipa_kpasswd.
+
+Configuring the web interface: Estimated time 1 minute
+  [1/12]: disabling mod_ssl <span class="perl_Keyword">in</span> httpd
+...
+<span class="perl_Keyword">done</span> configuring httpd.
+Setting the certificate subject base
+restarting certificate server
+Applying LDAP updates
+Restarting the directory server
+Restarting the KDC
+Restarting the web server
+Sample zone <span class="perl_BString">file</span> <span class="perl_Keyword">for</span> <span class="perl_Reserved">bind</span> has been created <span class="perl_Keyword">in</span> /tmp/sample.zone.ygzij5.db
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+						Restart the <code class="systemitem">SSH</code> service to retrive the Kerberos principal and to refresh the name server switch (NSS) configuration file: 
+<pre class="programlisting"><span class="perl_Comment"># service sshd restart</span></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
+					</div><pre class="programlisting">$ kinit admin
+Password <span class="perl_Keyword">for</span> admin at EXAMPLE.COM:</pre></li><li class="listitem"><div class="para">
+						Test the FreeIPA configuration by running a command like <code class="command">ipa user-find</code>. For example:
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa user-find admin</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>  --------------
+  1 user matched
+  --------------
+  User <span class="perl_BString">login</span>: admin
+  <span class="perl_BString">Last</span> name: Administrator
+  Home directory: /home/admin
+  <span class="perl_BString">Login</span> shell: /bin/bash
+  Account disabled: <span class="perl_BString">False</span>
+  Member of <span class="perl_BString">groups</span>: admins
+  ----------------------------
+  Number of entries returned 1
+  ----------------------------</pre></li></ol></div></div><div class="section" id="install-examples"><div class="titlepage"><div><div><h3 class="title" id="install-examples">1.3.3. Examples of Creating the FreeIPA Server</h3></div></div></div><div class="para">
+				The way that a FreeIPA server is installed can be different depending on the network environment, security requirements within the organization, and the desired topology. These example illustrate some common options when installing the server. These examples are not mutually exclusive; it is entirely possible to use CA options, DNS options, and FreeIPA configuration options in the same server invocation. These are called out separately simply to make it more clear what each configuration area requires.
+			</div><div class="section" id="install-normal"><div class="titlepage"><div><div><h4 class="title" id="install-normal">1.3.3.1. Non-Interactive Basic Installation</h4></div></div></div><div class="para">
+					As shown in <a class="xref" href="#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>, only a few pieces of information are required to configured a FreeIPA server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Passwords for the FreeIPA administrative user and the Directory Server super user (Directory Manager)
+						</div></li><li class="listitem"><div class="para">
+							The server hostname
+						</div></li><li class="listitem"><div class="para">
+							The Kerberos realm name
+						</div></li><li class="listitem"><div class="para">
+							The DNS domain name
+						</div></li></ul></div><div class="para">
+					This information can be passed with the <code class="command">ipa-server-install</code>, along with the <code class="option">-U</code> to force it to run without requiring user interaction.
+				</div><div class="example" id="ex.basic-opts"><h6>Example 1.1. Basic Installation without Interaction</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U</span></pre><div class="para">
+						The script then prints the submitted values:
+					</div><pre class="programlisting">To accept the default shown in brackets, press the Enter key.
+
+The IPA Master Server will be configured with
+Hostname:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre><div class="para">
+						Then the script runs through the configuration progress for each FreeIPA service, as in <a class="xref" href="#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>.
+					</div></div></div><br class="example-break" /></div><div class="section" id="install-ca-options"><div class="titlepage"><div><div><h4 class="title" id="install-ca-options">1.3.3.2. Using Different CAs</h4></div></div></div><div class="para">
+					The default installation of FreeIPA uses an integrated Dogtag Certificate System instance as a certificate authority to issue certificates. However, this configuration is not required. FreeIPA only requires <span class="emphasis"><em>a</em></span> certificate authority. This can be an external CA like Verisign or a corporate CA inconjunction with the internal Certificate System, or it can even be the FreeIPA server itself, using a self-signed certificate.
+				</div><div class="para">
+					For the FreeIPA server itself to work as a CA, it uses a self-signed certificate, meaning that it approved and issued its own certificate. This is done by using the <code class="option">--selfsign</code> option with the <code class="command">ipa-server-install</code> command. When the FreeIPA server uses a self-signed certificate, the setup process is exactly the same as a normal installation, except that no Dogtag Certificate System instance is created. There is still a <code class="filename">cacert.p12</code> file created that can be used by replicas and the domain functions exactly the same. The only difference is what CA issues the certificates.
+				</div><div class="example" id="ex.selfsigned"><h6>Example 1.2. Using a Self-Signed Certificate</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U --selfsign</span></pre></div></div><br class="example-break" /><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+						A self-signed certificate should only be used for a testing or development environment. A production environment should use the Dogtag Certificate System instance or an external, public CA.
+					</div></div></div><div class="para">
+					Alternatively, the FreeIPA server can use a certificate issued by an external CA. This can be a corporate CA or a third-party CA like Verisign or Thawte. As with a normal setup process, using an external CA still uses a Dogtag Certificate System instance for the FreeIPA server for issuing all of its client and replica certificates; the initial CA certificate is simply issued by a different CA.
+				</div><div class="para">
+					When using an external CA, there are two additional steps that must be performed: submit the generated certificate request to the external CA and then load the CA certificate and issued server certificate to complete the setup.
+				</div><div class="example" id="ex.externalca"><h6>Example 1.3. Using an External CA</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--external-ca</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --external-ca</span></pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP and Directory Server services as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script completes the CA setup and returns information about where the certificate signing request (CSR) is located, <code class="filename">/root/ipa.csr</code>. This request must be submitted to the external CA.
+							</div><pre class="programlisting">Configuring certificate server: Estimated time 6 minutes
+  [1/4]: creating certificate server user
+  [2/4]: creating pki-ca instance
+  [3/4]: restarting certificate server
+  [4/4]: configuring certificate server instance
+The next step is to get /root/ipa.csr signed by your CA and re-run ipa-server-install.</pre></li><li class="listitem"><div class="para">
+								Submit the request to the CA. The process differs for every service.
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the issued certificate and the CA certificate chain for the issuing CA. Again, the process differs for every certificate service, but there is usually a download link on a web page or in the notification email that allows administrators to download all the required certificates. Be sure to get the full certificate chain for the CA, not just the CA certificate.
+							</div></li><li class="listitem"><div class="para">
+								Rerun <code class="command">ipa-server-install</code>, specifying the locations and names of the certificate and CA chain files. For example:
+							</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install --external_cert_file=/tmp/servercert20110601.p12 --external_ca_file=/tmp/cacert.p12</span></pre></li><li class="listitem"><div class="para">
+								Complete the setup process and verify that everything is working as expected, as in <a class="xref" href="#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /></div><div class="section" id="install-dns"><div class="titlepage"><div><div><h4 class="title" id="install-dns">1.3.3.3. Using DNS</h4></div></div></div><div class="para">
+					FreeIPA can be configured to manage its own DNS, use an existing DNS, or not use DNS services at all (which is the default). Running the setup script alone does not configure DNS; this requires the <code class="option">--setup-dns</code> option.
+				</div><div class="para">
+					As with a basic setup, the DNS setup can either prompt for the required information or the DNS information can be passed with the script to allow an automatic or unattended setup process.
+				</div><div class="example" id="ex.dns-w-prompts"><h6>Example 1.4. Interactive DNS Setup</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--setup-dns</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --setup-dns</span></pre></li><li class="listitem"><div class="para">
+								The script configures the hostname and domain name as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script then prompts for DNS forwarders. If forwarders will be used, enter yes, and then supply the list of DNS servers. If FreeIPA will manage its own DNS service, then enter no.
+							</div><pre class="programlisting">Do you want to configure DNS forwarders? [<span class="perl_BString">yes</span>]: no
+No DNS forwarders configured</pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP, Directory Server, Certificate System, Kerberos, and Apache services.
+							</div></li><li class="listitem"><div class="para">
+								Before completing the configuration, the script prompts to ask whether it should configure reverse DNS services. If you select yes, then it configures the <code class="systemitem">named</code> service.
+							</div><pre class="programlisting">Do you want to configure the reverse zone? [<span class="perl_BString">yes</span>]: <span class="perl_BString">yes</span>
+Configuring named:
+  [1/9]: adding DNS container
+  [2/9]: setting up our zone
+  [3/9]: setting up reverse zone
+  [4/9]: setting up our own record
+  [5/9]: setting up kerberos principal
+  [6/9]: setting up named.conf
+  [7/9]: restarting named
+  [8/9]: configuring named to start on boot
+  [9/9]: changing resolv.conf to point to ourselves
+<span class="perl_Keyword">done</span> configuring named.
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+								Verify that everything is working as expected, as in <a class="xref" href="#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /><div class="para">
+					If DNS is used with FreeIPA, then two pieces of information are required: any DNS forwarders that will be used and using (or not) reverse DNS. To perform a non-interactive setup, this information can be passed using the <code class="option">--forwarder | --no-forwarders</code> option and <code class="option">--no-reverse</code> option.
+				</div><div class="example" id="ex.dns-script"><h6>Example 1.5. Setting up DNS Non-Interactively</h6><div class="example-contents"><div class="para">
+						To use DNS always requires the <code class="option">--setup-dns</code>. To user forwarders, use the <code class="option">--forwarder</code> with a comma-separated list of forwarders.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --forwarder=1.2.3.0,1.2.255.0</span></pre><div class="para">
+						Some kind of forwarder information is required. If no external forwarders will be used with the FreeIPA DNS service, then use the <code class="option">--no-forwarders</code> option to indicate that only root servers will be used.
+					</div><div class="para">
+						The script always assumes that reverse DNS is configured along with DNS, so it is not necessary to use any options to <span class="emphasis"><em>enable</em></span> reverse DNS. To disable reverse DNS, use the <code class="option">--no-reverse</code> option.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">1.3.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id3093099">GSS Failures When Running IPA Commands</h5>
+					Immediately after installation, there can be Kerberos problems when trying to run an <code class="command">ipa-*</code> command. For example:
+				</div><pre class="programlisting">ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may provide more information', 851968)/('Decrypt integrity check failed', -1765328353)</pre><div class="para">
+				There are two potential causes for this:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						DNS is not properly configured.
+					</div></li><li class="listitem"><div class="para">
+						Active Directory is in the same domain as the FreeIPA server.
+					</div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id4355850">named Daemon Fails to Start</h5>
+					If a FreeIPA server is configured to manage DNS and is set up successfully, but the <code class="systemitem">named</code> service fails to start, this can indicate that there is a package conflict. Check the <code class="filename">/var/log/messages</code> file for error messages related to the <code class="command">named</code> service and the <code class="filename">ldap.so</code> library:
+				</div><pre class="screen">ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory</pre><div class="para">
+				This usually means that the <span class="package">bind-chroot</span> package is installed and is preventing the <code class="systemitem">named</code> service from starting. To resolve this issue, remove the <span class="package">bind-chroot</span> package and then restart the FreeIPA server. 
+<pre class="programlisting"><span class="perl_Comment"># yum remove bind-chroot</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+<span class="perl_Comment"># ipactl restart</span></pre>
+
+			</div></div></div><div class="section" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">1.4. Setting up FreeIPA Replicas</h2></div></div></div><div class="para">
+			In the FreeIPA domain, there are three types of machines:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Servers, which manage all of the services used by domain members
+				</div></li><li class="listitem"><div class="para">
+					Replicas, which are essentially read-only clones of servers
+				</div></li><li class="listitem"><div class="para">
+					Clients, which belong to the Kerberos domains, receive certificates and tickets issued by the servers, and use other centralized services for authentication and authorization
+				</div></li></ul></div><div class="para">
+			A replica is a clone of a specific FreeIPA server. The server and replica share the same internal information about users, machines, certificates, and configured policies. These data are copied from the server to the replica in a process called <span class="emphasis"><em>replication</em></span>. The two Directory Server instances used by an FreeIPA server — the Directory Server instance used by the FreeIPA server as a data store and the Directory Server instance used by the Dogtag Certificate System to store certificate information — are replicated over to corresponding consumer Directory Server instances used by the FreeIPA replica.
+		</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+				If you are using the integrated Dogtag Certificate System instance as the CA for the FreeIPA domain, then it is possible to make a replica of a replica. It is <span class="emphasis"><em>not</em></span> possible to make a replica of a replica if you use the <code class="option">--selfsign</code> option for the original FreeIPA server.
+			</div></div></div><div class="section" id="installing-replica"><div class="titlepage"><div><div><h3 class="title" id="installing-replica">1.4.1. Prepping and Installing the Replica Server</h3></div></div></div><div class="para">
+				Replicas are functionally the same as FreeIPA servers, so they have the same installation requirements and packages.
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Make sure that the machine meets all of the prerequisites listed in <a class="xref" href="#Preparing_for_an_IPA_Installation">Section 1.1, “Preparing to Install the FreeIPA Server”</a>.
+					</div></li><li class="listitem"><div class="para">
+						Install the server packages as in <a class="xref" href="#Installing_the_IPA_Server_Packages">Section 1.2, “Installing the FreeIPA Server Packages”</a>. However, do <span class="emphasis"><em>not</em></span> run the <code class="command">ipa-server-install</code> script.
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							The replica and the master server must be running the same version of FreeIPA.
+						</div></div></div></li><li class="listitem"><div class="para">
+						If there is an existing Dogtag Certificate System or Red Hat Certificate System instance on the replica machine, make sure that port <code class="systemitem">7389</code> is free. This port is used by the master FreeIPA server to communicate with the replica.
+					</div></li></ul></div></div><div class="section" id="creating-the-replica"><div class="titlepage"><div><div><h3 class="title" id="creating-the-replica">1.4.2. Creating the Replica</h3></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					Make sure that the replica machine exists in the server's DNS <span class="emphasis"><em>before</em></span> beginning to configure the replica. If the server cannot contact the replica machine during the configuration process, then the replica configuration fails.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						C\On the master server, create a <span class="emphasis"><em>replica information file</em></span>. This contains realm and configuration information taken from the master server which will be used to configure the replica server.
+					</div><div class="para">
+						Run the <code class="command">ipa-replica-repare</code> command <span class="emphasis"><em>on the master FreeIPA server</em></span>. The command requires the fully-qualified domain name of the <span class="emphasis"><em>replica</em></span> machine.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-replica-prepare ipareplica.example.com</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+Determining current realm name
+Getting domain name from LDAP
+Preparing replica <span class="perl_Keyword">for</span> ipareplica.example.com from ipaserver.example.com
+Creating SSL certificate <span class="perl_Keyword">for</span> the Directory Server
+Creating SSL certificate <span class="perl_Keyword">for</span> the Web Server
+Copying additional files
+Finalizing configuration
+Packaging the replica into replica-info-ipareplica.example.com
+</pre><div class="para">
+						Each replica information file is created in the <code class="filename">/var/lib/ipa/</code> directory as a GPG-encrypted file. Each file is named specifically for the replica server for which it is intended, such as <code class="filename">replica-info-ipareplica.example.com.gpg</code>.
+					</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+							A replica information file cannot be used to create multiple replicas. It can only be used for the specific replica and machine for which it was created.
+						</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+							Replica information files contain sensitive information. Take appropriate steps to ensure that they are properly protected.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Copy the replica information file to the replica server:
+					</div><pre class="programlisting"><span class="perl_Comment"># scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root at ipareplica:/var/lib/ipa/</span></pre></li><li class="listitem"><div class="para">
+						On the replica server, run the replica installation script, referencing the replication information file:
+					</div><div class="para">
+						
+<pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre>
+
+					</div><div class="para">
+						The replica installation script runs a test to ensure that the replica file being installed matches the current hostname. If they do not match, the script returns a warning message and asks for confirmation. This could occur on a multi-homed machine, for example, where mismatched hostnames may not be an issue.
+					</div></li><li class="listitem"><div class="para">
+						Enter the Directory Manager password when prompted. The script then configures a Directory Server instance based on information in the replica information file and initiates a replication process to copy over data from the master server to the replica, a process called <span class="emphasis"><em>initialization</em></span>.
+					</div></li><li class="listitem"><div class="para">
+						Once the installation process completes, update the DNS entries so that FreeIPA clients can discover the new server. For example, for a FreeIPA replica with a hostname of <code class="systemitem">ipareplica.example.com</code>:
+					</div><pre class="programlisting">_ldap._tcp             IN SRV 0 100 389	ipareplica.example.com
+_kerberos._tcp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos._udp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._tcp  IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._udp  IN SRV 0 100 88 ipareplica.example.com
+_kpasswd._tcp          IN SRV 0 100 464 ipareplica.example.com
+_kpasswd._udp          IN SRV 0 100 464 ipareplica.example.com
+_ntp._udp              IN SRV 0 100 123 ipareplica.example.com
+</pre></li><li class="listitem"><div class="para">
+						<span class="emphasis"><em>Optional.</em></span> Set up DNS services for the replica. These are not configured by the setup script, even if the master server uses DNS.
+					</div><div class="para">
+						Use the <code class="command">ipa-dns-install</code> command to install the DNS manually, then use the the <code class="command">ipa dnsrecord-add</code> command to add the required DNS records. For example: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-dns-install</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+$ ipa dnsrecord-add example.com @ --ns-rec ipareplica.example.com.</pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							Use the fully-qualified domain name of the replica, including the final period (.), otherwise BIND will treat the hostname as relative to the domain.
+						</div></div></div></li></ol></div></div><div class="section" id="troubleshooting-replica-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</h3></div></div></div><div class="para">
+				If the replica installation fails on step 3 (<span class="bold bold"><strong>[3/11]: configuring certificate server instance</strong></span>), that usually means that the required port is not available. This can be verified by checking the debug logs for the CA, <code class="filename">/var/log/pki-ca/debug</code>, which may show error messages about being unable to find certain entries. For example: 
+<pre class="screen">[04/Feb/2011:22:29:03][http-9445-Processor25]: DatabasePanel
+comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</pre>
+
+			</div><div class="para">
+				The only resolution is to uninstall the replica: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+			</div><div class="para">
+				After uninstalling the replica, ensure that port 7389 on the replica is available, and retry the replica installation.
+			</div></div></div><div class="section" id="Uninstalling_IPA_Servers"><div class="titlepage"><div><div><h2 class="title" id="Uninstalling_IPA_Servers">1.5. Uninstalling FreeIPA Servers and Replicas</h2></div></div></div><div class="para">
+			To uninstall both a FreeIPA server and a FreeIPA replica, pass the <code class="option">--uninstall</code> option to the <code class="command">ipa-server-install</code> command: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+		</div></div></div><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Setting up Systems as FreeIPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#fedora-client-setup">2.1. Setting up a Fedora System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#fedora-pkgs">2.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">2.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#fedora-Configuring_NFS_v4_with_Kerberos">2.1.3. Configuring NFS v4 with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="#Using_Microsoft_Windows">2.2. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring
 _an_IPA_Client_on_Solaris">2.3. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">2.3.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.3.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">2.4. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">2.4.2. Configuring Kerberos and PAM</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.4.3. Configuring S
 SH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">2.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">2.5. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">2.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">
 2.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">2.6. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.6.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.6.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Us
 ing_SSH">2.6.5. Accessing the FreeIPA Server Using SSH</a></span></dt><dt><span class="section"><a href="#Macintosh_OS_X-Configuring_System_Login">2.6.6. Configuring System Login</a></span></dt></dl></dd></dl></div><div class="para">
+		A <span class="emphasis"><em>client</em></span> is any system which is a member of the FreeIPA domain. While this is frequently a Fedora system (and FreeIPA has special tools to make configuring Fedora clients very simple), machines with other operating systems can also be added to the FreeIPA domain.
+	</div><div class="para">
+		One important aspect of a FreeIPA client is that <span class="emphasis"><em>only</em></span> the system configuration determines whether the system is part of the domain. (The configuration includes things like belonging to the Kerberos domain, DNS domain, and having the proper authentication and certificate setup.) FreeIPA does not require any sort of agent or daemon running on a client.
+	</div><div class="para">
+		This chapter explains how to configure a system to join a FreeIPA domain.
+	</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+			Clients can only be configured after at least one FreeIPA server has been installed.
+		</div></div></div><div class="section" id="fedora-client-setup"><div class="titlepage"><div><div><h2 class="title" id="fedora-client-setup">2.1. Setting up a Fedora System as a FreeIPA Client</h2></div></div></div><div class="section" id="fedora-pkgs"><div class="titlepage"><div><div><h3 class="title" id="fedora-pkgs">2.1.1. Installing the Client Configuration Packages and Setup Script</h3></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					To Fedora systems as FreeIPA clients, you need either an enrollment Kerberos principal (for example, admin), or the host must be pre-created on the server with a one-time password to do the enrollment.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the client packages. These packages are used only as a simple way to configure the system; they do <span class="emphasis"><em>not</em></span> install an agent or daemon on the client machine.
+					</div><div class="para">
+						For a regular user system, this requires only <code class="filename">ipa-client</code>:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install freeipa-client</span></pre><div class="para">
+						For an administrator workstation, also install the FreeIPA tools package:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install freeipa-client freeipa-admintools</span></pre></li><li class="listitem"><div class="para">
+						If the FreeIPA server is also configured as the DNS server, and is in the same domain as the client, add the server's IP address as the first entry in the client's <code class="filename">/etc/resolv.conf</code> file.
+					</div></li><li class="listitem"><div class="para">
+						After the packages are installed, run the client setup command to configure the system as a client.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install</span></pre></li></ol></div><div class="para">
+				The <code class="command">ipa-client-install</code> command runs through a series of configuration changes on the system to set it up as a client in the FreeIPA domain: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							If DNS discovery is configured correctly, the command sets up the client domain and realm without prompting for any further information. If DNS Discovery is not configured, or if the FreeIPA server and client are not in the same domain, the script will prompt you for the information it requires.
+						</div></li><li class="listitem"><div class="para">
+							Retrieves the CA certificate.
+						</div></li><li class="listitem"><div class="para">
+							Creates a separate Kerberos configuration in order to test the provided credentials. This enables the <code class="command">ipa-client-install</code> command to perform a Kerberos connection to the FreeIPA XML-RPC server, necessary to join the FreeIPA client to the FreeIPA domain. Irrespective of whether or not this connection is successful, this Kerberos configuration is ultimately discarded.
+						</div></li><li class="listitem"><div class="para">
+							Calls the <code class="command">ipa-join</code> command to perform the actual join
+						</div></li><li class="listitem"><div class="para">
+							Obtains a service principal for the host service and installs it into <code class="filename">/etc/krb5.keytab</code>, for example, (host/ipa.example.com at EXAMPLE.COM)
+						</div></li><li class="listitem"><div class="para">
+							Enables certmonger and retrieves an SSL server certificate, and installs it into <code class="filename">/etc/pki/nssdb</code>
+						</div></li><li class="listitem"><div class="para">
+							Disables the nscd daemon
+						</div></li><li class="listitem"><div class="para">
+							Configures SSSD or LDAP/KRB5, including NSS and PAM configuration files
+						</div></li><li class="listitem"><div class="para">
+							Configures NTP
+						</div></li></ul></div>
+
+			</div><div class="para">
+				At the end of this process, the command displays information about the realm, DNS domain, FreeIPA server, and other related information, similar to the following:
+			</div><pre class="screen">
+Discovery was successful!
+Realm: EXAMPLE.COM
+DNS Domain: example.com
+IPA Server: ipaserver.example.com
+BaseDN: dc=example,dc=com
+
+Continue to configure the system with these values? [no]: yes
+Enrollment principal: admin
+Password for admin at EXAMPLE.COM:
+Enrolled in IPA realm EXAMPLE.COM
+Created /etc/ipa/default.conf
+Configured /etc/sssd/sssd.conf
+Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
+SSSD enabled
+Kerberos 5 enabled
+NTP enabled
+Client configuration complete.
+</pre></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">2.1.2. Configuring Kerberos</h3></div></div></div><div class="para">
+				The <code class="command">ipa-client-install</code> command performs the Kerberos configuration automatically. This includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="para">
+				The following is an example of a Kerberos configuration file for FreeIPA:
+			</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = false
+dns_lookup_kdc = false
+rdns = false
+forwardable = yes
+ticket_lifetime = 24h
+
+[realms]
+EXAMPLE.COM = {
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      }
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+</pre><div class="para">
+				Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the system console, log in as a FreeIPA user. After you have logged in, open a shell and run the following commands:
+					</div><div class="para">
+						<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+					</div><div class="para">
+						<code class="command">$ getent passwd &lt;userid&gt;</code>
+					</div><div class="para">
+						<code class="command">$ getent group ipausers</code>
+					</div></li></ul></div></div><div class="section" id="fedora-Configuring_NFS_v4_with_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="fedora-Configuring_NFS_v4_with_Kerberos">2.1.3. Configuring NFS v4 with Kerberos</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Add an NFS service principal on the client.
+					</div><div class="para">
+						<code class="command"># ipa service-add nfs/ipaclient.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Obtain a keytab for the NFS service principal.
+					</div><div class="para">
+						<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaclient.example.com -k /etc/krb5.keytab</code>
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Fedora 15, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Add the following line to the <code class="filename">/etc/sysconfig/nfs</code> file:
+					</div><pre class="programlisting">SECURE_NFS=yes
+</pre></li><li class="listitem"><div class="para">
+						Start the rpcgssd daemon.
+					</div><div class="para">
+						<code class="command"># service rpcgssd start</code>
+					</div></li></ol></div><div class="para">
+				The FreeIPA client should now be fully configured to mount NFS shares using Kerberos credentials. Use the following command to test the configuration:
+			</div><div class="para">
+				<code class="command"># mount -v -t nfs4 -o sec=krb5 ipaserver.example.com:/ /mnt</code>
+			</div></div></div><div class="section" id="Using_Microsoft_Windows"><div class="titlepage"><div><div><h2 class="title" id="Using_Microsoft_Windows">2.2. Configuring a Microsoft Windows System as a FreeIPA Client</h2></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				FreeIPA does <span class="emphasis"><em>not</em></span> support Microsoft Windows client authentication.
+			</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+					Download the MIT <span class="productname">Kerberos</span>
+					 3.x package for Windows to a known location, and then run the <code class="filename">kfw-3.x-exe</code> file that you downloaded to start the <span class="application"><strong>MIT Kerberos Installation Wizard</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Read the license agreement and then click <span class="guibutton"><strong>I Agree</strong></span> to accept the agreement.
+				</div></li><li class="listitem"><div class="para">
+					Ensure you choose to install KfW Client; the other components are optional.
+				</div></li><li class="listitem"><div class="para">
+					Accept the default destination path.
+				</div></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Download from web path</strong></span>, and enter the following URL:
+				</div><pre class="programlisting">http://&lt;your FreeIPA server's fully-qualified domain name&gt;/ipa/config/
+</pre></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Autostart the Network Identity Manager each time you login to Windows</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Click <span class="guibutton"><strong>Install</strong></span> to begin the installation. When the installation is complete, click <span class="guibutton"><strong>Finish</strong></span> to exit the Wizard.
+				</div></li><li class="listitem"><div class="para">
+					Edit the hosts file and add the FreeIPA server. For example:
+				</div><pre class="programlisting">&lt;numerical IP address&gt;     ipaserver.example.com   ipaserver
+</pre><div class="para">
+					Depending on the version of Windows, the HOSTS file could be located in different directories. For example:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Windows 2000 Pro: <code class="filename">C:\WINNT\system32\drivers\etc\</code>
+						</div></li><li class="listitem"><div class="para">
+							Windows XP Pro: <code class="filename">C:\WINDOWS\system32\drivers\etc\</code>
+						</div></li></ul></div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Solaris">2.3. Configuring a Solaris System as a FreeIPA Client</h2></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">2.3.1. Configuring Solaris 10</h3></div></div></div><div class="para">
+				FreeIPA provides an automated method of configuring Solaris 10 to function as a FreeIPA client. On your Solaris client, run the following command (ensure that you replace the example domain name with your own): 
+<pre class="screen"><code class="command"># ldapclient init ipa.example.com</code></pre>
+
+			</div><div class="para">
+				When FreeIPA is installed it creates a configuration profile that will automatically set up the necessary PAM and <code class="filename">/etc/ldap.conf</code> configuration for Solaris. 
+				<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can add the <code class="option">-v</code> option to this command to display more details about the command operation.
+					</div></div></div>
+
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">2.3.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/krb5/krb5.conf</code> file as follows:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+
+[realms]
+EXAMPLE.COM = {
+kdc = ipaserver.example.com:88
+admin_server = ipaserver.example.com:749
+}
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[logging]
+default = FILE:/var/krb5/kdc.log
+kdc = FILE:/var/krb5/kdc.log
+kdc_rotate = {
+period = 1d
+versions = 10
+}
+
+[appdefaults]
+kinit = {
+renewable = true
+forwardable= true
+}
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">2.3.1.2. Configuring Client SSH Access</h4></div></div></div><div class="para">
+					Use the following procedure to configure the Solaris FreeIPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. Remember to replace the example host and domain names with your own host and domain name.
+				</div><div class="para">
+					The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the FreeIPA server.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Add a host service principal for the Solaris client.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"> # ipa service-add host/solarisipaclient.example.com </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Create the host keytab file.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p host/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Copy this keytab to the Solaris machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/etc/krb5/krb5.keytab </code></pre>
+
+						</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						After you have performed all of the preceding configuration steps, reboot the Solaris machine to ensure that all of the changes take effect.
+					</div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">2.3.1.3. Configuring NFS v4</h4></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The NFS v4 configuration is only supported on Solaris 10.
+					</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Obtain a Kerberos ticket for the admin user. 
+<pre class="screen"><code class="command"># kinit admin </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the FreeIPA server.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Add an NFS service principal for the client. 
+<pre class="screen"><code class="command"># ipa service-add nfs/solarisipaclient.example.com </code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Create the NFS keytab file. 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+								</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+										Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Fedora 15, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+									</div><div class="para">
+										If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+									</div></div></div></li><li class="listitem"><div class="para">
+									Use the <code class="command">klist</code> command to verify that the ticket was created: 
+<pre class="screen"><code class="command"># klist -ket /tmp/krb5.keytab</code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Copy the keytab from the server to the client. 
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/tmp/krb5.keytab </code></pre>
+
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the FreeIPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab. 
+<pre class="screen"><code class="command"># ktutil</code>
+<code class="command">ktutil: read_kt /tmp/krb5.keytab</code>
+<code class="command">ktutil: write_kt /etc/krb5/krb5.keytab</code>
+<code class="command">ktutil: q</code></pre>
+
+						</div></li></ol></div><div class="para">
+					The FreeIPA client should now be fully configured to mount NFS shares using Kerberos credentials.
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.3.2. Configuring Solaris 9</h3></div></div></div><div class="para">
+				The procedures for configuring Solaris 9 as a FreeIPA client are the same as those for Solaris 10, with the exception of the PAM configuration. This is described below.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">2.3.2.1. Configuring PAM on Solaris 9</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/pam.conf</code> file to use PAM Kerberos. The following example shows how to set up PAM Kerberos authentication on Solaris 9 for console login:
+				</div><pre class="programlisting">login auth requisite pam_authtok_get.so.1
+login auth sufficient pam_krb5.so.1 use_first_pass
+login auth sufficient pam_unix.so.1 use_first_pass
+login auth required pam_dhkeys.so.1
+login auth required pam_unix_auth.so.1
+login auth required pam_dial_auth.so.1
+</pre></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_HP_UX">2.4. Configuring an HP-UX System as a FreeIPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure HP-UX as a FreeIPA client. It also includes some verification tests to ensure that the configuration is working correctly.
+		</div><div class="para">
+			Before starting the FreeIPA installation, ensure that you update your system with all the latest packages.
+		</div><div class="para">
+			To install an HP-UX client you need administrator privileges in the form of the Directory Manager password. There is no other way to perform the installation.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The FreeIPA client installation process requires that a FreeIPA server already exist.
+			</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP"><h5 class="formalpara">Configuring NTP</h5>
+				Before proceeding with the following configuration steps, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the FreeIPA server.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.4.1. Configuring LDAP Authentication</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the ldapux client on the HP-UX 11.23 machine.
+					</div><div class="para">
+						<code class="command"> # swinstall -s J4269AA_B.04.15.01_HP-UX_B.11.23_IA_PA.depot </code>
+					</div></li><li class="listitem"><div class="para">
+						Change to the configuration directory and run the setup script.
+					</div><div class="para">
+						<code class="command"># cd /opt/ldapux/config/</code>
+					</div><div class="para">
+						<code class="command"># ./setup</code>
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							You only need to perform this configuration on the first HP-UX client. All further configurations only need to know where the LDAP profile is stored. All clients will then use the same configuration.
+						</div><div class="para">
+							The HP-UX guide for this procedure is located at <a href="http://docs.hp.com/en/J4269-90075/ch02s07.html">http://docs.hp.com/en/J4269-90075/ch02s07.html</a>
+						</div></div></div><div class="para">
+						The following is a sample output from running the above script:
+					</div><pre class="programlisting">Would you like to continue with the setup? [Yes]
+Select which Directory Server you want to connect to ? [RedHat Directory]
+Directory server host ? [ipaserver.example.com]
+Directory Server port number [389]
+Would you like to extend the printer schema in this directory server? [No]
+Would you like to install PublicKey schema in this directory server? [No]
+Would you like to install the new automount schema ? [No]
+Profile Entry DN: [cn=ldapuxprofile,cn=etc,dc=example,dc=com]
+User DN [cn=Directory Manager]
+Password ? [Directory Manager's Password]
+Authentication method ? [ SIMPLE ]
+Enter the number of the hosts you want to specify [1]
+Default Base DN ? [dc=example,dc=com]
+Accept remaining defaults ? [n]
+Client binding [Anonymous]
+Bind time limit [5 seconds]
+Search time limit [no limit]
+Do you want client searches of the directory to follow referrals? [Yes]
+Profile TTL [0 = infinite]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [Yes]
+Specify the service you want to map? [ 3=Group]
+Specify the attribute you want to map [3 for memberuid ]
+Type the name of the attribute memberuid should be mapped to [member]
+Specify the service you want to map? [ 0 = exit ]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [ no this time ]
+Do you want to create custom search descriptors? [ No ]
+</pre></li><li class="listitem"><div class="para">
+						Ensure that the LDAP client daemon is running.
+					</div><div class="para">
+						<code class="command"># ps -ef | grep ldapclientd</code>
+					</div><div class="para">
+						If necessary, use the following command to start the daemon:
+					</div><div class="para">
+						<code class="command"># /opt/ldapux/bin/ldapclientd</code>
+					</div></li><li class="listitem"><div class="para">
+						Run the following commands to ensure that the LDAP client is working:
+					</div><div class="para">
+						<code class="command"># nsquery passwd admin</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group admins</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						Create a new group on the FreeIPA server.
+					</div><div class="para">
+						<code class="command"> # ipa group-add testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Add a test user to the new group created above.
+					</div><div class="para">
+						<code class="command"> # ipa group-add-member -a testuser testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Run the <code class="command">nsquery</code> commands again to validate the new user and group:
+					</div><div class="para">
+						<code class="command"># nsquery passwd testuser</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group testgroup</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						To ensure that the LDAP client daemon starts when the system boots, add the following lines to the <code class="filename">/etc/opt/ldapux/ldapclientd.conf</code> file: 
+<pre class="programlisting">[StartOnBoot]
+enable=yes
+</pre>
+
+					</div></li></ol></div><div class="para">
+				This concludes the LDAP client configuration.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">2.4.2. Configuring Kerberos and PAM</h3></div></div></div><div class="para">
+				The Kerberos and PAM configuration process is completely manual. Sample configuration files are provided for reference, but you need to edit your own system files to reflect your deployment.
+			</div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.4.2.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Edit the <code class="filename">/etc/krb5.conf</code> file to reflect the following example:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+default_tkt_enctypes = DES-CBC-CRC
+default_tgs_enctypes = DES-CBC-CRC
+ccache_type = 2
+
+[realms]
+EXAMPLE.COM = {
+      kpasswd_server = ipaserver.example.com
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      }
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[appdefaults]
+kinit = {
+      forwardable = true
+      }
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_PAM"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_PAM">2.4.2.2. Configuring PAM</h4></div></div></div><div class="para">
+					The PAM configuration differs slightly between different versions of HP-UX. These configurations are described below.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v2"><h5 class="formalpara">HP-UX 11i v2</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+
+#
+#
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with use_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+# #
+# The module pam_hpsec(5) is stacked as mandatory module above #
+# all the modules for making security checks before #
+# authentication. #
+
+################################################################
+#
+#
+
+# Authentication management
+#
+login auth required libpam_hpsec.so.1
+login auth sufficient libpam_krb5.so.1
+login auth required libpam_unix.so.1 try_first_pass
+su auth required libpam_hpsec.so.1
+su auth sufficient libpam_krb5.so.1
+su auth required libpam_unix.so.1 try_first_pass
+dtlogin auth required libpam_hpsec.so.1
+dtlogin auth sufficient libpam_krb5.so.1
+dtlogin auth required libpam_unix.so.1 try_first_pass
+dtaction auth required libpam_hpsec.so.1
+dtaction auth sufficient libpam_krb5.so.1
+dtaction auth required libpam_unix.so.1 try_first_pass
+ftp auth required libpam_hpsec.so.1
+ftp auth sufficient libpam_krb5.so.1
+ftp auth required libpam_unix.so.1 try_first_pass
+sshd auth required libpam_hpsec.so.1
+sshd auth sufficient libpam_krb5.so.1
+sshd auth required libpam_unix.so.1 try_first_pass
+OTHER auth required libpam_unix.so.1
+#
+
+# Account management
+#
+login account required libpam_hpsec.so.1
+login account sufficient libpam_krb5.so.1
+login account required libpam_unix.so.1
+su account required libpam_hpsec.so.1
+su account sufficient libpam_krb5.so.1
+su account required libpam_unix.so.1
+dtlogin account required libpam_hpsec.so.1
+dtlogin account sufficient libpam_krb5.so.1
+dtlogin account required libpam_unix.so.1
+dtaction account required libpam_hpsec.so.1
+dtaction account sufficient libpam_krb5.so.1
+dtaction account required libpam_unix.so.1
+ftp account required libpam_hpsec.so.1
+ftp account sufficient libpam_krb5.so.1
+ftp account required libpam_unix.so.1
+sshd account required libpam_hpsec.so.1
+sshd account sufficient libpam_krb5.so.1
+sshd account required libpam_unix.so.1
+OTHER account required libpam_unix.so.1
+#
+
+# Session management
+#
+login session required libpam_hpsec.so.1
+login session sufficient libpam_krb5.so.1
+login session required libpam_unix.so.1
+dtlogin session required libpam_hpsec.so.1
+dtlogin session sufficient libpam_krb5.so.1
+dtlogin session required libpam_unix.so.1
+dtaction session required libpam_hpsec.so.1
+dtaction session sufficient libpam_krb5.so.1
+dtaction session required libpam_unix.so.1
+sshd session required libpam_hpsec.so.1
+sshd session sufficient libpam_krb5.so.1
+sshd session required libpam_unix.so.1
+OTHER session required libpam_unix.so.1
+#
+
+# Password management
+#
+login password required libpam_hpsec.so.1
+login password sufficient libpam_krb5.so.1
+login password required libpam_unix.so.1
+passwd password required libpam_hpsec.so.1
+passwd password sufficient libpam_krb5.so.1
+passwd password required libpam_unix.so.1
+dtlogin password required libpam_hpsec.so.1
+dtlogin password sufficient libpam_krb5.so.1
+dtlogin password required libpam_unix.so.1
+dtaction password required libpam_hpsec.so.1
+dtaction password sufficient libpam_krb5.so.1
+dtaction password required libpam_unix.so.1
+OTHER password required libpam_unix.so.1
+</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v1"><h5 class="formalpara">HP-UX 11i v1</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+#
+
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with user_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+
+################################################################
+#
+
+# Authentication management
+#
+login auth sufficient /usr/lib/security/libpam_krb5.1
+login auth required /usr/lib/security/libpam_unix.1 try_first_pass
+su auth sufficient /usr/lib/security/libpam_krb5.1
+su auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtlogin auth sufficient /usr/lib/security/libpam_krb5.1
+dtlogin auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtaction auth sufficient /usr/lib/security/libpam_krb5.1
+dtaction auth required /usr/lib/security/libpam_unix.1 try_first_pass
+ftp auth sufficient /usr/lib/security/libpam_krb5.1
+ftp auth required /usr/lib/security/libpam_unix.1 try_first_pass
+OTHER auth required /usr/lib/security/libpam_unix.1
+#
+
+# Account management
+#
+login account sufficient /usr/lib/security/libpam_krb5.1
+login account required /usr/lib/security/libpam_unix.1
+su account sufficient /usr/lib/security/libpam_krb5.1
+su account required /usr/lib/security/libpam_unix.1
+dtlogin account sufficient /usr/lib/security/libpam_krb5.1
+dtlogin account required /usr/lib/security/libpam_unix.1
+dtaction account sufficient /usr/lib/security/libpam_krb5.1
+dtaction account required /usr/lib/security/libpam_unix.1
+ftp account sufficient /usr/lib/security/libpam_krb5.1
+ftp account required /usr/lib/security/libpam_unix.1
+OTHER account required /usr/lib/security/libpam_unix.1
+#
+
+# Session management
+#
+login session sufficient /usr/lib/security/libpam_krb5.1
+login session required /usr/lib/security/libpam_unix.1
+dtlogin session sufficient /usr/lib/security/libpam_krb5.1
+dtlogin session required /usr/lib/security/libpam_unix.1
+dtaction session sufficient /usr/lib/security/libpam_krb5.1
+dtaction session required /usr/lib/security/libpam_unix.1
+OTHER session required /usr/lib/security/libpam_unix.1
+#
+
+# Password management
+#
+login password sufficient /usr/lib/security/libpam_krb5.1
+login password required /usr/lib/security/libpam_unix.1
+passwd password sufficient /usr/lib/security/libpam_krb5.1
+passwd password required /usr/lib/security/libpam_unix.1
+dtlogin password sufficient /usr/lib/security/libpam_krb5.1
+dtlogin password required /usr/lib/security/libpam_unix.1
+dtaction password sufficient /usr/lib/security/libpam_krb5.1
+dtaction password required /usr/lib/security/libpam_unix.1
+OTHER password required /usr/lib/security/libpam_unix.1
+</pre></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control">2.4.2.3. Configuring Access Control</h4></div></div></div><div class="para">
+					On HP-UX systems a PAM module called pam_authz is available which can be used to control login access to the system based on a user's group membership.
+				</div><div class="para">
+					Refer to the HP-UX documentation on pam_authz for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.4.3. Configuring SSH</h3></div></div></div><div class="para">
+				Before you can use SSH to connect to the FreeIPA server without using a password, you need to install a suitable version of <code class="command">ssh</code>, and set up the correct authentication attributes in the SSH configuration file.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Ensure that you have version A.05.10.007 or later of <code class="command">ssh</code> installed. Navigate to the following URL to download a suitable version: 
+<pre class="screen"><a href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA</a></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Make the following changes to the <code class="filename">/etc/opt/ssh/ssh_config</code> file: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Remove any "PreferredAuthentications" entries.
+								</div></li><li class="listitem"><div class="para">
+									Add the following three lines: 
+<pre class="programlisting">Host *
+      GSSAPIAuthentication yes
+      PreferredAuthentications "gssapi-with-mic,publickey,password"
+</pre>
+
+								</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+										Ensure that you include the tab character before the "GSSAPIAuthentication" and "PreferredAuthentications" entries, and the double quotes around the "PreferredAuthentications" argument.
+									</div></div></div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Remove the <code class="filename">/etc/krb5.keytab</code> file.
+					</div></li><li class="listitem"><div class="para">
+						On the FreeIPA server:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the HP-UX client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/hpuxipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Create the host keytab file.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver.example.com -p host/hpuxipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc</code>
+							</div></li><li class="listitem"><div class="para">
+								Copy this keytab to the HP-UX machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at hpuxipaclient.example.com:/etc/krb5/krb5.keytab </code>
+							</div></li></ol></div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.4.4. Configuring Access Control</h3></div></div></div><div class="para">
+				HP-UX systems provide a PAM module called pam_authz which can be used to control login access to the system based on a user's group membership. Refer to the following HP-UX pam_authz documentation for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+			</div><div class="para">
+				The following is a sample <code class="filename">/etc/opt/ldapux/pam_authz.policy</code> file: 
+<pre class="programlisting">
+# pam_authz.policy.template:
+#
+# An example file that could be copied over to /etc/opt/ldapux/pam_authz.policy.
+# pam_authz.policy is a local policy file that PAM_AUTHZ would use to help
+# determine which users would be allowed to login to the local host.
+#
+# In this template file, by default, the only active access rule is
+#     "allow:unix_local_user"
+# All the local users are authorized to login.
+#
+# The policy file contains one or more access rule. The format of an access
+# rule is &lt;action&gt;:&lt;type&gt;:&lt;object&gt;
+#
+# where   &lt;action&gt; could be "deny", "allow", "status"
+#                           "PAM_SUCCESS", "PAM_PERM_DENIED", "PAM_MAXTRIES"
+#                           "PAM_AUTH_ERR", "PAM_NEW_AUTHTOK_REQD",
+#                           "PAM_AUTHTOKEN_REQD, "PAM_CRED_INSUFFICIENT",
+#                           "PAM_AUTHINFO_UNAVAIL", "PAM_USER_UNKNOWN"
+#                           "PAM_ACCT_EXPIRED", "PAM_AUTHOK_EXPIRED"
+#
+#                           Note: "status" must use along with "rhds" or
+#                           "ads" &lt;type&gt;.
+#         &lt;type&gt;   could be "unix_user", "unix_local_user", "unix_group",
+#                           "netgroup", ldap_filter", "ldap_group"
+#                           "rhds" or "ads"
+#
+#                           Note: When &lt;type&gt; is set to "rhds" or "ads",
+#                           the &lt;action&gt; filed must set to "status".
+#         &lt;object&gt; contains search information. For example,
+#
+
+deny:unix_group:admins
+allow:unix_local_user
+</pre>
+
+			</div><div class="para">
+				This configuration will prevent the admin user from logging in, but local UNIX users can still log in.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">2.4.5. Testing the Configuration</h3></div></div></div><div class="para">
+				Use the following tests to validate the PAM and Kerberos configuration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client machine, run <code class="command">kinit admin</code> and enter the password.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div><div class="para">
+						<code class="command"># klist</code> (to verify that you received a valid ticket)
+					</div></li><li class="listitem"><div class="para">
+						From another Linux client machine, attempt to log in using SSH.
+					</div><div class="para">
+						<code class="command"> # ssh admin at hpuxipaclient.example.com </code>
+					</div><div class="para">
+						The admin user should be able to log in using SSH without being asked for a password.
+					</div></li></ul></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client console, at the login prompt, enter the Administrator's login ID and password. The admin user should be able to log in from the console.
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link sh to /bin/bash or modify admin to use /bin/sh or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_AIX">2.5. Configuring an AIX System as a FreeIPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure AIX as a FreeIPA client.
+		</div><div class="para">
+			Before starting the FreeIPA installation, update your system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The FreeIPA client installation process requires that a FreeIPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Prerequisites"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Prerequisites">2.5.1. Prerequisites</h3></div></div></div><div class="para">
+				Before you begin the configuration, ensure that the following software is installed and up to date. This can be installed from your AIX media:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						v5.3 OS
+					</div></li><li class="listitem"><div class="para">
+						v5.3 Updates
+					</div></li><li class="listitem"><div class="para">
+						krb5 client packages
+					</div></li><li class="listitem"><div class="para">
+						openssh
+					</div></li><li class="listitem"><div class="para">
+						wget
+					</div></li><li class="listitem"><div class="para">
+						bash
+					</div></li><li class="listitem"><div class="para">
+						krb5 server
+					</div></li><li class="listitem"><div class="para">
+						ldap.client
+					</div></li><li class="listitem"><div class="para">
+						openssl
+					</div></li><li class="listitem"><div class="para">
+						modcrypt.base (for gssd)
+					</div></li></ul></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.5.2. Configuring Client Authentication</h3></div></div></div><div class="para">
+				Before you begin the following procedures, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the FreeIPA master.
+			</div><div class="para">
+				The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Configure the krb5 client settings as follows:
+					</div><div class="para">
+						<code class="command"># mkkrb5clnt -r EXAMPLE.COM -d example.com -c ipaclient.example.com -s ipaserver.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Get a Kerberos ticket:
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure the LDAP client settings as follows:
+					</div><div class="para">
+						<code class="command"># mksecldap -c -h ipaserver.example.com -d cn=accounts,dc=example,dc=com -a uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com -p secret</code>
+					</div></li><li class="listitem"><div class="para">
+						In the <code class="filename">/etc/security/ldap</code> directory, create the following map files:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								FreeIPAuser.map
+							</div><pre class="programlisting">#FreeIPAuser.map file
+keyobjectclass  SEC_CHAR        posixaccount    s
+
+# The following attributes are required by AIX to be functional
+username        SEC_CHAR        uid     s
+id      SEC_INT uidnumber       s
+pgrp    SEC_CHAR        gidnumber       s
+home    SEC_CHAR        homedirectory   s
+shell   SEC_CHAR        loginshell      s
+gecos   SEC_CHAR        gecos   s
+spassword       SEC_CHAR        userpassword    s
+lastupdate      SEC_INT shadowlastchange        s
+</pre></li><li class="listitem"><div class="para">
+								FreeIPAgroup.map
+							</div><pre class="programlisting">#FreeIPAgroup.map file
+groupname       SEC_CHAR        cn      s
+id      SEC_INT gidNumber       s
+users   SEC_LIST        member  m
+</pre></li></ul></div></li><li class="listitem"><div class="para">
+						Modify the <code class="filename">/etc/security/ldap/ldap.cfg</code> file as follows. Remember to specify your own REALM and basedn values.
+					</div><pre class="programlisting">userbasedn:cn=users,cn=accounts,dc=example,dc=com
+groupbasedn:cn=groups,cn=accounts,dc=example,dc=com
+
+userattrmappath:/etc/security/ldap/FreeIPAuser.map
+groupattrmappath:/etc/security/ldap/FreeIPAgroup.map
+
+userclasses:posixaccount
+</pre></li><li class="listitem"><div class="para">
+						Start the LDAP client daemon:
+					</div><div class="para">
+						<code class="command"># start-secldapclntd</code>
+					</div></li><li class="listitem"><div class="para">
+						Test the LDAP client connection to the FreeIPA server:
+					</div><div class="para">
+						<code class="command"># lsldap -a passwd </code>
+					</div></li><li class="listitem"><div class="para">
+						Add the following sections to the <code class="filename">/usr/lib/security/methods.cfg</code> file to configure the system login to use Kerberos and LDAP: 
+<pre class="programlisting">KRB5A:
+program = /usr/lib/security/KRB5A
+program_64 = /usr/lib/security/KRB5A_64
+options = authonly
+
+LDAP:
+program = /usr/lib/security/LDAP
+program_64 =/usr/lib/security/LDAP64
+
+KRB5ALDAP:
+options = auth=KRB5A,db=LDAP
+</pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Edit the <code class="filename">/etc/security/user</code> file, and modify the "default" section as follows: 
+<pre class="programlisting">SYSTEM = "KRB5ALDAP"
+registry = LDAP
+</pre>
+
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">2.5.3. Configuring Client SSH Access</h3></div></div></div><div class="para">
+				You can also configure the FreeIPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. After configuring the FreeIPA client, use the following procedure to configure the FreeIPA client for SSH connections. Remember to replace the example host and domain names with your own host and domain name.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						SSH syslog configuration:
+					</div><pre class="programlisting">auth.info       /var/log/sshd.log
+auth.info       /var/log/sshd.log
+auth.crit       /var/log/sshd.log
+auth.warn       /var/log/sshd.log
+auth.notice     /var/log/sshd.log
+auth.err        /var/log/sshd.log
+</pre></li><li class="listitem"><div class="para">
+						SSH logging configuration:
+					</div><pre class="programlisting">SyslogFacility AUTH
+LogLevel INFO
+</pre></li><li class="listitem"><div class="para">
+						Configure sshd for GSSAPI (<code class="filename">/etc/ssh/sshd_config</code>)
+					</div><pre class="programlisting"># GSSAPI options
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+</pre></li><li class="listitem"><div class="para">
+						Restart sshd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s sshd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s sshd</code>
+					</div></li><li class="listitem"><div class="para">
+						Restart syslogd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s syslogd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s syslogd</code>
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ipa-admintools</span> package is not available for AIX. Consequently, you need to perform the following steps on the FreeIPA server.
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/ipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the host keytab.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver -p host/ipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc </code>
+							</div></li><li class="listitem"><div class="para">
+								Copy the keytab from the server to the client.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at ipaclient.example.com:/tmp/krb5.keytab </code>
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						On the FreeIPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab.
+					</div><pre class="screen"># ktutil
+ktutil: read_kt /tmp/krb5.keytab
+ktutil: write_kt /etc/krb5/krb5.keytab
+ktutil: q
+</pre></li><li class="listitem"><div class="para">
+						Add a user that is only used for authentication. (This can be substituted with krb5 auth if that works from the ldap client). Otherwise go to the FreeIPA server and use <code class="command">ldapmodify</code>, bind as Directory Manager and create this user.
+					</div><pre class="programlisting">dn: uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com
+objectClass: account
+objectClass: simplesecurityobject
+objectClass: top
+uid: nss
+userPassword: Your own shared password here
+</pre></li><li class="listitem"><div class="para">
+						On the FreeIPA server, get a ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin </code>
+					</div></li></ol></div><div class="para">
+				You should be able to log in as admin using SSH without providing a password.
+			</div><div class="para">
+				<code class="command"> # ssh admin at ipaclient.example.com </code>
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login">2.5.4. Testing System Login</h3></div></div></div><div class="para">
+				After you have completed the steps in <a class="xref" href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">Section 2.5.2, “Configuring Client Authentication”</a> and <a class="xref" href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">Section 2.5.3, “Configuring Client SSH Access”</a>, you should be able to log in as a FreeIPA user on the AIX machine. Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="para">
+				On the system console, log in as a FreeIPA user. After you have logged in, open a shell and run the following command:
+			</div><div class="para">
+				<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link <code class="command">sh</code> to <code class="command">/bin/bash</code> or modify admin to use <code class="command">/bin/sh</code> or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X">2.6. Configuring a Macintosh OS X System as a FreeIPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure Macintosh OS X as a FreeIPA client. These instructions are specific to Mac OS X 10.4 (Tiger). This version of the OS includes a partial install of the Kerberos tools you need by default, especially if you perform an upgrade from 10.1 or 10.2.
+		</div><div class="para">
+			Before starting the FreeIPA installation, ensure that you update the system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The FreeIPA client installation process requires that a FreeIPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.6.1. Configuring Kerberos Authentication</h3></div></div></div><div class="para">
+				The current version of FreeIPA does not provide for automatic configuration of Macintosh clients. Configuring authentication is a manual process, and is described in the following sections.
+			</div><div class="section" id="Configuring_Kerberos_Authentication-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Configuring_Kerberos">2.6.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configuring the Macintosh to use Kerberos for authentication with FreeIPA is a two-step process: First, Kerberos needs to be correctly installed and configured, and second, the Kerberos authentication needs to be enabled.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Ensure that <code class="filename">/System/Library/CFMSupport/Kerberos</code> is version 4.2 or higher. If that directory does not exist or is the wrong version, install the Kerberos Extras support.
+						</div></li><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/System/Library/Coreservices/Kerberos</strong></span>
+						</div></li><li class="listitem"><div class="para">
+							From the <span class="guimenu"><strong>Edit</strong></span> menu, choose <span class="guimenuitem"><strong>Edit Realms</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Settings</strong></span> tab, enter the FreeIPA server's Kerberos realm (for example, EXAMPLE.COM).
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Servers</strong></span> tab, leave two lines, whose hostnames you then need to replace with the FreeIPA server's hostname (for example, ipaserver.example.com):
+						</div><pre class="programlisting">kdc  ipaserver.example.com 88
+admin ipaserver.example.com 749
+</pre></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Domains</strong></span> tab, replace the existing domains with the FreeIPA server's actual domain (such as example.com):
+						</div><pre class="programlisting">.example.com
+example.com
+</pre></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>Make default</strong></span> to create the necessary configuration file, and then close the Kerberos tool.
+						</div><div class="para">
+							This step creates the <code class="filename">/Library/Preferences/edu.mit.kerberos</code> file, and it is recommended that you check this file manually to ensure that it is correct.
+						</div><div class="para">
+							This file should look similar to the following example. Remember to replace the example.com settings with your own FreeIPA server name, Kerberos realm and domain details.
+						</div><pre class="programlisting">[domain_realm]
+example.com = EXAMPLE.COM
+.example.com = .EXAMPLE.COM
+
+[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = true
+dns_lookup_kdc = true
+ticket_lifetime = 24h
+forwardable = yes
+
+[realms]
+EXAMPLE.COM = {
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      kdc = ipaserver.example.com:88
+      }
+</pre></li></ol></div><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">2.6.1.2. Enabling Kerberos Authentication</h4></div></div></div><div class="para">
+					You now need to modify the <code class="filename">/private/etc/authorization</code> file to allow Kerberos authentication.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Log in as the admin user and launch the <span class="application"><strong>/Applications/Utilities/Terminal</strong></span> application.
+						</div></li><li class="listitem"><div class="para">
+							Change to the <code class="filename">/private/etc</code> directory and make a backup of the existing authorization file.
+						</div><div class="para">
+							<code class="command"># cd /private/etc</code>
+						</div><div class="para">
+							<code class="command"># cp -p authorization authorization_bak</code>
+						</div></li><li class="listitem"><div class="para">
+							Open the authorization file, and locate the string "system.login.console".
+						</div></li><li class="listitem"><div class="para">
+							Locate the <em class="parameter"><code>dict</code></em> entry below this string, and then locate the <em class="parameter"><code>mechanisms</code></em> entry.
+						</div></li><li class="listitem"><div class="para">
+							Change <em class="parameter"><code>authinternal</code></em> to <em class="parameter"><code>builtin:krb5authnoverify,privileged</code></em>
+						</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+								Several instances of <em class="parameter"><code>authinternal</code></em> may occur in this file. Ensure that you change the correct instance.
+							</div></div></div></li><li class="listitem"><div class="para">
+							Save and close the file.
+						</div></li><li class="listitem"><div class="para">
+							Restart the machine to enable Kerberos authentication.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.6.2. Configuring LDAP Authorization</h3></div></div></div><div class="para">
+				These instructions are specific to Mac OS X 10.4 (Tiger).
+			</div><div class="section" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">2.6.2.1. Creating the LDAP Configuration</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/Applications/Utilities/Directory Access</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Services</strong></span> tab, clear all check boxes except LDAPv3 and Bonjour.
+						</div></li><li class="listitem"><div class="para">
+							Select the <span class="guilabel"><strong>LDAPv3</strong></span> entry and click <span class="guibutton"><strong>Configure</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Ensure the <span class="guilabel"><strong>Add DHCP-supplied LDAP servers</strong></span> check box is not selected.
+						</div></li><li class="listitem"><div class="para">
+							Click the arrow next to the <span class="guilabel"><strong>Show Options</strong></span> label, and then click <span class="guibutton"><strong>New</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Server Name (for example, ipaserver.example.com).
+						</div></li><li class="listitem"><div class="para">
+							Clear the <span class="guilabel"><strong>Encrypt using SSL</strong></span> check box, and then click <span class="guibutton"><strong>Manual</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Configuration Name (for example, "FreeIPA LDAP").
+						</div></li><li class="listitem"><div class="para">
+							Ensure that the <span class="guilabel"><strong>Enable</strong></span> check box is selected, and that the <span class="guilabel"><strong>SSL</strong></span> check box is cleared.
+						</div></li></ol></div></div><div class="section" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">2.6.2.2. Setting up the LDAP Service Configuration Options</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Select the newly-created LDAP configuration and then click <span class="guibutton"><strong>Edit</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Connection</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Open/close times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Query times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Re-bind attempted in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Connection idles out in: 1 minute
+								</div></li><li class="listitem"><div class="para">
+									Clear all check boxes
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Search &amp; Mappings</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Access this LDAP server using: CUSTOM
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, select <span class="guilabel"><strong>Default Attribute Types</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, select <span class="guilabel"><strong>RecordName</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added RecordName attribute, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "uid" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add a Users record, as follows:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Record Types</strong></span> option, select <span class="guilabel"><strong>Users</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added <span class="guilabel"><strong>Users</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "inetOrgPerson" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Search base</strong></span> field, type "dc=example,dc=com" (without the quotes), and select the <span class="guilabel"><strong>Search in all subtrees</strong></span> option.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add attributes to the Users record as appropriate for your deployment. The following is an example of the required procedure.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, and then use <span class="keycap"><strong>Command</strong></span>+<span class="mousebutton">Click</span> to select the attributes that you want to add. For example, a typical deployment might include the following attributes:
+								</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+											AuthenticationAuthority
+										</div></li><li class="listitem"><div class="para">
+											PrimaryGroupID
+										</div></li><li class="listitem"><div class="para">
+											RealName
+										</div></li><li class="listitem"><div class="para">
+											RecordName
+										</div></li><li class="listitem"><div class="para">
+											UniqueID
+										</div></li><li class="listitem"><div class="para">
+											UserShell
+										</div></li></ul></div></li><li class="listitem"><div class="para">
+									Click <span class="guibutton"><strong>OK</strong></span> to add the selected attributes to the <span class="guilabel"><strong>Users</strong></span> record.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Specify appropriate mappings for the attributes that you just added. For example:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Authentication Authority</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "#;Kerberosv5;;$uid$;EXAMPLE.COM" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map PrimaryGroupID to gidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map UniqueID to uidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Continue until all required entries have been mapped, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>OK</strong></span> to finish setting up the LDAP service configuration options.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.6.3. Configuring the LDAP Authorization Options</h3></div></div></div><div class="para">
+				You now need to add the LDAP service to the list of locations used to search for user authentication information.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the <span class="guilabel"><strong>Authentication</strong></span> tab, change the <span class="guilabel"><strong>Search</strong></span> value to <span class="guilabel"><strong>Custom path</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Select the configuration that you added in the Creating the LDAP Configuration step, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Click <span class="guibutton"><strong>Apply</strong></span> to update the LDAP configuration, and then exit the <span class="application"><strong>Directory Access</strong></span> application.
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.6.4. Configuring NTP</h3></div></div></div><div class="para">
+				Open the Date &amp; Time utility and point it to the FreeIPA server URL to set the date and time automatically.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">2.6.5. Accessing the FreeIPA Server Using SSH</h3></div></div></div><div class="para">
+				After configuring client authentication, you should be able to use SSH to connect to the FreeIPA server without being prompted for a password.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						If you have a valid Kerberos ticket, SSH should proceed with GSSAPI authentication without asking for a password:
+					</div><pre class="programlisting"><span class="perl_Comment"># ssh admin at ipaserver.example.com</span></pre></li></ol></div></div><div class="section" id="Macintosh_OS_X-Configuring_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Macintosh_OS_X-Configuring_System_Login">2.6.6. Configuring System Login</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the Macintosh login window, log in as a FreeIPA user.
+					</div></li><li class="listitem"><div class="para">
+						First, check the user ID to make sure that both the user and group IDs are correct for the current account.
+					</div><pre class="programlisting">$ <span class="perl_BString">id</span>
+
+<span class="perl_Others">uid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">gid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">groups=</span>3<span class="perl_Others">(</span>sys<span class="perl_Others">)</span>,100<span class="perl_Others">(</span>users<span class="perl_Others">)</span>,1070<span class="perl_Others">(</span>devel2<span class="perl_Others">)</span>,10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span></pre></li><li class="listitem"><div class="para">
+						Then, check that there is a valid Kerberos ticket. 
+<pre class="programlisting">$ klist
+
+Ticket cache: <span class="perl_BString">FILE</span>:/tmp/krb5cc_10678
+Default principal: jsmith at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+05/12/11 12:12:26  05/12/11 22:12:26  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+        renew <span class="perl_Keyword">until</span> 05/12/11 12:12:26
+
+
+Kerberos 4 ticket cache: /tmp/tkt10678
+klist: You have no tickets cached</pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					To open the Terminal application, navigate to <span class="application"><strong>Applications/Utilities/Terminal.app</strong></span> or use the keyboard shortcut <span class="keycap"><strong>Command-Shift-U</strong></span>. You can also drag the Terminal icon to the Dock to make it permanently available on your Desktop.
+				</div></div></div></div></div></div><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#using-the-ui">3.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">3.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="#logging-in">3.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="#switching-users">3.3. Switching Users</a></span></dt></dl></div><d
 iv class="section" id="using-the-ui"><div class="titlepage"><div><div><h2 class="title" id="using-the-ui">3.1. Using the IPA UI</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.1.1. Using a Browser on Another System</h3></div></div></div><div class="para">
+				If you are unable, or prefer not, to update <code class="filename">/etc/krb5.conf</code> with the IPA realm information, you can create another copy and set an appropriate environment variable. You can then run <code class="command">kinit</code> as before and use your browser to connect to IPA. This is especially useful if you need to manage multiple realms, and if you have overlapping domains.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					This procedure is not necessary if you use <code class="command">ipa-client-install</code> to set up your client.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_a_Browser_on_Another_System-To_set_up_a_browser_on_another_system_that_already_has_Kerberos_set_up_for_a_different_realm"><h6>Procedure 3.1. To set up a browser on another system that already has Kerberos set up for a different realm:</h6><ol class="1"><li class="step"><div class="para">
+						Copy the <code class="filename">/etc/krb5.conf</code> file from the IPA server to the client system. Do not overwrite the existing <code class="filename">krb5.conf</code> file. Run the following command on the IPA server:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"> # scp /etc/krb5.conf root at ipaclient:/etc/krb5_ipa.conf </code></pre>
+
+					</div></li><li class="step"><div class="para">
+						On the IPA client, open a shell and run the following commands: 
+<pre class="screen"><code class="command">$ export KRB5_CONFIG=/etc/krb5_ipa.conf</code>
+<code class="command">$ kinit user at EXAMPLE.COM</code>
+<code class="command">$ /usr/bin/firefox</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure and test <span class="application"><strong>Firefox</strong></span>.
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">3.1.2. Enabling Username/Password Authentication in Your Browser</h3></div></div></div><div class="para">
+				If Kerberos authentication fails, the browser login will also fail, preventing access to the IPA web interface. You can configure IPA to display a username/password authentication dialog box if this situation occurs.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Enabling_UsernamePassword_Authentication_in_Your_Browser-To_enable_failover_to_usernamepassword_authentication"><h6>Procedure 3.2. To enable failover to username/password authentication:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file, and change the <em class="parameter"><code>KrbMethodK5Passwd</code></em> attribute from <code class="literal">off</code> to <code class="literal">on</code>.
+					</div></li><li class="step"><div class="para">
+						Restart the <code class="systemitem">httpd</code> service: 
+<pre class="screen"><code class="command"># service httpd restart</code></pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							You need to perform this procedure on all of the IPA servers in your deployment.
+						</div></li><li class="listitem"><div class="para">
+							This change may not be preserved between IPA updates.
+						</div></li></ul></div></div></div></div></div><div class="section" id="logging-in"><div class="titlepage"><div><div><h2 class="title" id="logging-in">3.2. Logging into the IPA UI</h2></div></div></div><div class="para">
+			To be able to perform any administrative task you need to authenticate to the server. During the configuration step you were prompted to create two users. The first of these, <code class="literal">Directory Manager</code>, is the superuser, used to perform rare, low-level tasks. The second user, <code class="literal">admin</code>, is used to perform normal administrative activities.
+		</div><div class="para">
+			To authenticate as the <code class="literal">admin</code> user:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Open a new terminal window. This is to ensure that all default aspects of the environment (especially paths) are set correctly.
+				</div></li><li class="step"><div class="para">
+					In this window, type <code class="command">kinit admin</code>.
+				</div></li><li class="step"><div class="para">
+					When you are prompted to enter a password, use the password that you specified during the configuration step for the <code class="literal">admin</code> user.
+				</div></li></ol></div><div class="para">
+			As a result of this operation you will acquire what is known as a Kerberos <em class="firstterm">ticket</em>. You can use the <code class="command">klist</code> command to inspect the details of the ticket that you have acquired.
+		</div><div class="para">
+			You can now authenticate using the newly-created user and temporary password. Type <code class="command">kinit &lt;user login&gt;</code> to log in to IPA. This will prompt you for a password and then immediately request a password change.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The <span class="application"><strong>Kerberos</strong></span> client libraries used by the <code class="command">kinit</code> utility have some limitations. One of these limitations is the fact that the on-disc ticket storage is overwritten with any new invocation of <code class="command">kinit</code>. This means that if you authenticated as <code class="systemitem">admin</code>, then added user <code class="systemitem">foo</code>, set their password and then tried to authenticate as that user, the administrator's ticket would be lost. To prevent this from happening, a special environment variable, <code class="varname">KRB5CCNAME</code>, can be used. This allows you to keep credential caches separate in different shells. Refer to the <code class="command">kinit</code> man page for more information.
+			</div></div></div><div class="para">
+			You can browse the IPA man pages and help system to explore other IPA commands. Please take some time to become familiar with the ways other IPA objects can be created and modified.
+		</div></div><div class="section" id="switching-users"><div class="titlepage"><div><div><h2 class="title" id="switching-users">3.3. Switching Users</h2></div></div></div><div class="para">
+			One of the main advantages of IPA is that it uses <code class="systemitem">Kerberos</code> for authentication. This means that if the machine is configured to use IPA as an authentication server and you have an IPA account, then once you have logged in to the machine and authenticated, you can reuse your <code class="systemitem">Kerberos</code> credentials to access other services in the IPA domain. This avoids the need to constantly re-enter your password to access different services.
+		</div><div class="para">
+			For example, to connect to the IPA web interface, you can enter the server's address in your browser and it will use your <code class="systemitem">Kerberos</code> ticket to authenticate against IPA. Similar functionality is available if you try to access a file share, a wiki or any other application that is configured to be a <code class="systemitem">Kerberos</code> service in the IPA domain.
+		</div><div class="para">
+			If you log in to a machine using an account different from your IPA account, use the <code class="command">kinit</code> command to establish your <code class="systemitem">Kerberos</code> credentials. Similarly, if you need to log in to IPA as a different user, perhaps in another user role or as the administrator, you need to replace your existing credentials with those of the new user. Currently you can only store one set of tickets per logged-in user, and they are the credentials that will be used when you log in to IPA.
+		</div><div class="para">
+			For example, if your local account name is <code class="systemitem">localUser</code> but your IPA account name is <code class="systemitem">ipaUser</code>, run the following command, and enter your password when prompted:
+		</div><pre class="screen">$ kinit ipaUser
+Password for ipaUser at EXAMPLE.COM:
+</pre><div class="para">
+			This establishes your <code class="systemitem">Kerberos</code> credentials on the local machine. You can use the <code class="command">klist</code> command to verify that you received a <em class="firstterm">ticket granting ticket (TGT)</em> from the server. This should return output similar to the following:
+		</div><pre class="screen">$ klist
+Ticket cache: FILE:/tmp/krb5cc_500
+Default principal: ipaUser at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+11/10/08 15:35:45  11/11/08 15:35:45  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+
+Kerberos 4 ticket cache: /tmp/tkt500
+klist: You have no tickets cached
+</pre><div class="para">
+			You should now be able to connect to the IPA web interface. If you were already connected to the web interface as another user, refresh the browser to display the updated details for the new user.
+		</div><div class="para">
+			If you configured <code class="systemitem">SSSD</code> or <code class="systemitem">pam_krb5</code> on the machine with IPA, then the ticket is created for you when you log in to the machine requires authentication (for example, <code class="command">sudo</code>).
+		</div></div></div><div xml:lang="en-US" class="chapter" id="managing-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. Managing Clients in the FreeIPA Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">4.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">4.1.1. Adding Hosts to a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">4.1.2. Removing Hosts from a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">4.1.3. Managing DNS Zones</a></span></dt></dl></dd><dt><span class="section"><a href="#enrolling-machines">4.2. E
 nrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">4.2.1. Manual Host Enrollment with Privileged Administrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">4.2.2. Manual Host Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">4.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="#renaming-machines">4.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="#config-virt-machines">4.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="#certs">4.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl>
 <dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">4.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">4.6. Client Problems</a></span></dt><dt><span class="section"><a href="#uninstalling-clients">4.7. Uninstalling a FreeIPA Client</a></span></dt></dl></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">4.1. Working with DNS</h2></div></div></div><div class="para">
+			A number of benefits exist if you take advantage of FreeIPA's ability to automatically install and configure a DNS, in particular the ability to ease the modification of DNS records when adding hosts to FreeIPA. For example, options exist to add and remove IP addresses, A entries, PTR entries, etc. These options are not available if you are not using a FreeIPA-based DNS.
+		</div><div class="para">
+			IPA stores all DNS information as discrete records in LDAP, and communicates with LDAP using the <span class="package">bind-dyndb-ldap</span> plug-in and the <code class="filename">install/share/60basev2.ldif</code> schema. You can install and configure the DNS as part of the FreeIPA server installation, using the <code class="option">--setup-dns</code> option, or you can add it later using the <code class="command">ipa-dns-install</code> command.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				The following options are currently only available with IPv4 addresses.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">4.1.1. Adding Hosts to a FreeIPA DNS</h3></div></div></div><div class="para">
+				If you are using a FreeIPA-based DNS system, you can use the <code class="option">--ip-address</code> and <code class="option">--force</code> options to the <code class="command">ipa host-add</code> command to provide the IP address and hostname of the FreeIPA machine to the DNS. For example, 
+<pre class="screen"><code class="command">$ ipa host-add --force --ip-address=192.168.166.31 puma.example.com </code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">4.1.2. Removing Hosts from a FreeIPA DNS</h3></div></div></div><div class="para">
+				IPA provides the <code class="command">ipa host-del</code> command to delete FreeIPA hosts. You can pass the <code class="option">--updatedns</code> option to this command to remove the associated records from the DNS. It will attempt to remove any record, A, AAAA, PTR, NS, SRV, and other entries that reference this host. For example, 
+<pre class="screen"><code class="command">$ ipa host-del --updatedns puma</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">4.1.3. Managing DNS Zones</h3></div></div></div><div class="para">
+				IPA provides all the necessary commands to create and manage zones in a FreeIPA-managed DNS server. You can create and delete zones and add entries to any of these zones using the appropriate FreeIPA commands.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">4.1.3.1. Adding DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnszone-add</code> command to add a new zone to your DNS server. You can pass optional attributes on the command line, and you will be prompted for any required information. The following example demonstrates adding a new zone to your top-level domain.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You need to restart the <code class="systemitem">named</code> service whenever you create a new zone, otherwise the DNS server will not reply successfully to queries asking for records in the new zone. This is a one-time operation; any subsequent changes to the zone do not require any further action to be effective.
+					</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_add_the_sub_domain_translation_to_the_ipadocs.org_domain"><h6>Procedure 4.1. To add the sub-domain "translation" to the ipadocs.org domain</h6><ol class="1"><li class="step"><div class="para">
+							Ensure you have a valid Kerberos ticket: 
+<pre class="screen"><code class="command">$ kinit admin</code>
+Password for admin at IPADOCS.ORG:</pre>
+
+						</div></li><li class="step"><div class="para">
+							Run the following command to add the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-add translation.ipadocs.org</code></pre>
+
+						</div></li><li class="step"><div class="para">
+							Reload the <code class="systemitem">named</code> service (ensure you have <code class="systemitem">root</code> privileges): 
+<pre class="screen"><code class="command"># service named reload</code></pre>
+
+						</div></li></ol></div><div class="para">
+					Use the <code class="command">ipa dnszone-show</code> command to display details about the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-show translation.ipadocs.org</code>
+  Zone name: translation.ipadocs.org
+  Authoritative name server: ipaserver.ipadocs.org.
+  Administrator e-mail address: root.translation.ipadocs.org.
+  SOA serial: 2011090201
+  SOA refresh: 3600
+  SOA retry: 900
+  SOA expire: 1209600
+  SOA minimum: 3600
+  Active zone: TRUE</pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><h5 class="formalpara">Using Dynamic DNS Updates</h5>
+						Dynamic DNS updates are not enabled by default for new DNS zones served by FreeIPA; that is, zones added by the <code class="command">ipa dnszone-add</code> command. This may lead to errors in the <code class="command">ipa-client-install</code> script when it joins this domain and tries to add a DNS record pointing to this new client.
+					</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_enable_dynamic_DNS_updates"><h6>Procedure 4.2. To enable dynamic DNS updates</h6><ul><li class="step"><div class="para">
+							Use the following command to enable dynamic updates:
+						</div><pre class="screen"><code class="command">$ ipa dnszone-mod clients.example.com --allow-dynupdate \ </code>
+                        <code class="command">--update-policy="grant TESTRELM krb5-self * A; grant TESTRELM krb5-self * AAAA;"</code></pre><div class="para">
+							In this example, <code class="systemitem">clients.example.com</code> is the custom DNS domain managed by the FreeIPA server and TESTRELM is the Kerberos realm.
+						</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">4.1.3.2. Adding Records to DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-add</code> command to add various types of records to DNS zones. The following examples demonstrate adding some of these types of records.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv4_Type_A_Resource_Records"><h5 class="formalpara">Adding IPv4 (Type A) Resource Records</h5>
+						Type A resource records map hostnames to IPv4 addresses. To add a type A resource record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165</code></pre>
+						 This creates the record <code class="uri">www.example.com</code> with the IP address 10.64.14.165. Refer to <a href="http://tools.ietf.org/html/rfc1035">http://tools.ietf.org/html/rfc1035</a> for detailed information on Type A resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv6_Type_AAAA_Resource_Records"><h5 class="formalpara">Adding IPv6 (Type AAAA) Resource Records</h5>
+						Type AAAA resource records (<em class="firstterm">quad-A records)</em> map hostnames to IPv6 addresses. Uses the same command syntax to add AAAA resource records, as follows: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+						 This creates the same record as in the previous example but with an IPv6 address. Refer to <a href="http://tools.ietf.org/html/rfc3596">http://tools.ietf.org/html/rfc3596</a> for detailed information on Type AAAA resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_Service_SRV_Resource_Records"><h5 class="formalpara">Adding Service (SRV) Resource Records</h5>
+						<em class="firstterm">Service (SRV) resource records</em> map service names, for example, LDAP, to the DNS name of the server that is providing that particular service. Use the <code class="command">ipa dnsrecord-add</code> command to add SRV records to the DNS database. You need to add these records using a particular format for both the name of the record and the associated RDATA. For example: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="0 100 389 ipaserver.ipadocs.org"</code>
+<code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="1 100 389 ipareplica.ipadocs.org"</code></pre>
+
+					</div><div class="para">
+					Each record must be entered using the format <em class="replaceable"><code>_service._protocol</code></em>. RDATA is entered using the format <em class="replaceable"><code>"priority weight port target"</code></em>. Refer to <a href="http://tools.ietf.org/html/rfc2782">http://tools.ietf.org/html/rfc2782</a> for a detailed explanation.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa dnsrecord-add</code> command only creates forward entries, not reverse entries.
+					</div></div></div><div class="para">
+					IPA DNS integration supports the following DNS record types: 
+<pre class="programlisting">A, AAAA, A6, AFSDB, APL, CERT, CNAME, DHCID, DLV, DNAME, DNSKEY, DS, HIP, IPSECKEY, KX, LOC,
+MX, NAPTR, NS, NSEC, NSEC3, NSEC3PARAM, PTR, RRSIG, RP, SIG, SPF, SRV, SSHFP, TA, TXT</pre>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">4.1.3.3. Deleting Records from DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-del</code> command to remove records from DNS zones. The following examples demonstrate how to remove the records added in the preceding examples.
+				</div><div class="para">
+					To remove the A type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --a-rec 10.64.14.213</code></pre>
+
+				</div><div class="para">
+					To remove the AAAA type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+
+				</div><div class="para">
+					Alternatively, you can use the <code class="option">--del-all</code> option to remove all associated records.
+				</div><div class="para">
+					You can also delegate zones if you want to allow other areas of your company intranet to reach your DNS server, or if you want to allow access from outside your firewalls. Refer to the <a href="http://www.isc.org/software/bind/documentation">ISC BIND documentation</a> for further information.
+				</div><div class="para">
+					Refer to the <code class="command">ipa help dns</code> help page for more information about working with DNS and FreeIPA.
+				</div></div></div></div><div class="section" id="enrolling-machines"><div class="titlepage"><div><div><h2 class="title" id="enrolling-machines">4.2. Enrolling Machines</h2></div></div></div><div class="para">
+			Enrollment is the process whereby a host entry is created and saved in the directory server, and a keytab for that host entry is generated on the server and provisioned to the client. This keytab is saved with specific ownership and permission properties in a specific directory on the client.
+		</div><div class="para">
+			With the host entry successfully created and the keytab in place, enrollment is complete and the client machine can now automatically connect to and communicate with the FreeIPA server.
+		</div><div class="para">
+			The enrollment process itself is performed by the <code class="command">ipa-client-install</code> command, part of the <span class="package">freeipa-client</span> package. After installing the client packages, the system administrator invokes this command, providing their Kerberos credentials as parameters. The <code class="command">ipa-client-install</code> command authenticates against FreeIPA using these credentials.
+		</div><div class="para">
+			The actual steps that constitute the enrollment process are not consistent. Instead, they depend on the enrollment scenario being implemented. FreeIPA currently supports the following enrollment scenarios: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Manual host enrollment with privileged administrator
+					</div></li><li class="listitem"><div class="para">
+						Manual enrollment with separation of duties
+					</div></li><li class="listitem"><div class="para">
+						Bulk host deployment
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These are examined in more detail below.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">4.2.1. Manual Host Enrollment with Privileged Administrator</h3></div></div></div><div class="para">
+				This scenario implements the following sequence of operations: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							The Administrator logs into the machine that they want to enroll with FreeIPA.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator installs the FreeIPA client packages on that machine.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator runs the <code class="command">ipa-client-install</code> command, providing their Kerberos credentials as parameters.
+						</div><div class="para">
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										The <code class="command">ipa-client-install</code> command authenticates against FreeIPA using the administrator's credentials.
+									</div></li><li class="listitem"><div class="para">
+										The host entry for the machine is synthesized and saved in the directory server.
+									</div></li><li class="listitem"><div class="para">
+										The keytab is generated on the server and provisioned to the client machine.
+									</div></li></ul></div>
+
+						</div></li><li class="listitem"><div class="para">
+							The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+						</div></li></ol></div>
+
+			</div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the FreeIPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">4.2.2. Manual Host Enrollment with Separation of Duties</h3></div></div></div><div class="para">
+				This scenario assumes that there are different administrators with different levels of privileges regarding host-related operations. One administrator (A) can add and edit host entries, and thus enroll the hosts as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">Section 4.2.1, “Manual Host Enrollment with Privileged Administrator”</a>. The second administrator (B) has insufficient permissions to create host entries, but is allowed to enroll machines. The following sequence of operations is engaged:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Administrator A authorizes enrollment of a host by creating the host entry in the back end using the webUI or command-line script.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B installs the FreeIPA client packages on the machine.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B invokes the enrollment script, providing their Kerberos credentials as parameters to the script.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script authenticates against FreeIPA using Administrator B's credentials.
+								</div></li><li class="listitem"><div class="para">
+									The keytab is generated on the server and provisioned to the client machine.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+					</div></li></ol></div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the FreeIPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">4.2.3. Bulk Host Deployment</h3></div></div></div><div class="para">
+				This scenario is very useful for automatic provisioning of multiple hosts (or virtual machines). In this scenario you can pre-create a number of hosts on the FreeIPA server and set passwords on them. You can use your kickstart operation to perform the enrollment. For example, the <span class="application"><strong>cobbler</strong></span> utility makes this relatively easy because you can store variables in the <span class="application"><strong>cobbler</strong></span> system configuration.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There are two ways to set the password. You can either supply your own or have FreeIPA generate a random one.
+				</div></div></div><div class="para">
+				This scenario implies the following sequence of operations:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						The host entry is pre-created on the FreeIPA server. This can be done using:
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The webUI – manually
+								</div></li><li class="listitem"><div class="para">
+									The command line interface – manually or using a script
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						When the entry is created a user password is set to a suitable value.
+					</div></li><li class="listitem"><div class="para">
+						The password is set to expire after the first authentication in the same way as the user password after it has been reset by an administrator.
+					</div></li><li class="listitem"><div class="para">
+						The bulk provisioning scripts and tools (such as kickstart) will be hard coded to use the same password that was used to create host entries on the server side.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script (kickstart) installs the FreeIPA packages.
+								</div></li><li class="listitem"><div class="para">
+									The script (kickstart) runs the enrollment script and passes in the password.
+								</div></li><li class="listitem"><div class="para">
+									The enrollment script connects to the FreeIPA server using the provided password and a bind DN derived from the machine name. It then authenticates using a simple bind over SSL.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Because the password is set to expire, the Kerberos keytab will be generated and the password attribute cleared.
+					</div></li></ol></div></div></div><div class="section" id="renaming-machines"><div class="titlepage"><div><div><h2 class="title" id="renaming-machines">4.3. Renaming Machines</h2></div></div></div><div class="para">
+			The hostname of a system is critical for the correct operation of Kerberos and SSL. Both of these security mechanisms rely on the hostname to ensure that communication is occurring between the specified hosts, and that no "man-in-the-middle" or other attacks are affecting the system.
+		</div><div class="para">
+			In an environment where virtual machines are commonplace, or perhaps in a clustered environment, copying, moving, and renaming hosts could be quite common, resulting in frequent demands for renames of machines.
+		</div><div class="para">
+			Fedora does not provide a simple rename command to facilitate the renaming of a FreeIPA host. Renaming a host in a FreeIPA domain involves deleting the entry in FreeIPA, uninstalling the client software, changing the hostname, and re-enrolling using the new name.
+		</div><div class="para">
+			Due to the nature of service principals, renaming hosts also requires the regeneration of service principals. Each service has a Kerberos principal in the form of <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;@&lt;REALM&gt;</code>, for example, <code class="systemitem">ldap/server.example.com at EXAMPLE.COM</code>. This principal can be referred to as a "service principal". In some cases the <code class="systemitem">@&lt;REALM&gt;</code> is omitted, leaving only <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;</code>. (The "/" is a "slash" separator, not an "or" operator.)
+		</div><div class="para">
+			The following procedure renames the host <code class="systemitem">server.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code>, to the new hostname <code class="systemitem">master.example.com</code>. This procedure uses example file names, hostnames and domain names throughout; you need to update these examples to suit your own environment.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine"><h6>Procedure 4.3. To rename a FreeIPA machine:</h6><ol class="1"><li class="step"><div class="para">
+					Identify which services are running on the machine. These need to be re-created when the machine is re-enrolled: 
+<pre class="screen"><code class="command"># ipa service-find server.example.com</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Each host has a default service which does not appear in the list of services. This service can be referred to as the "host service". The service principal for the host service is <code class="systemitem">host/&lt;hostname&gt;</code>, for example, <code class="systemitem">host/server.example.com</code>. This principal can also be referred to as the "host principal".
+					</div></div></div></li><li class="step"><div class="para">
+					Identify all host groups to which this machine belongs: 
+<pre class="screen"><code class="command"># ipa hostgroup-find server.example.com</code></pre>
+
+				</div><div class="para">
+					Identify which of these services have certificates associated with them. The <code class="systemitem">host</code> service always has an associated certificate, so no further action is required for this service.
+				</div></li><li class="step"><div class="para">
+					For any principals in addition to the standard <code class="systemitem">host</code> principal, you need to determine the location of the corresponding keytabs for these services on <code class="systemitem">server.example.com</code>. The keytab location is different for each service, and FreeIPA does not store this information.
+				</div></li><li class="step"><div class="para">
+					On <code class="systemitem">server.example.com</code>, un-enroll from the FreeIPA domain: 
+<pre class="screen"><code class="command"># ipa-client-install --uninstall</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					For each identified keytab other than <code class="filename">/etc/krb5.keytab</code>, remove the old principals: 
+<pre class="screen"><code class="command"># ipa-rmkeytab -k /path/to/keytab -r EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					On another machine using <code class="systemitem">admin</code> (or delegated) credentials, remove the host. This will remove all services and revoke all certificates issued for this host via those services: 
+<pre class="screen"><code class="command"># ipa host-del server.example.com</code></pre>
+
+				</div><div class="para">
+					At this point the host has been completely removed from FreeIPA, and can be recreated with the new name.
+				</div></li><li class="step"><div class="para">
+					Rename the machine to <code class="systemitem">master.example.com</code>.
+				</div></li><li class="step"><div class="para">
+					Re-enroll with FreeIPA: 
+<pre class="screen"><code class="command"># ipa-client-install</code></pre>
+
+				</div><div class="para">
+					This generates a <code class="systemitem">host</code> principal for <code class="systemitem">master.example.com</code> in <code class="filename">/etc/krb5.keytab</code>.
+				</div></li><li class="step"><div class="para">
+					For every service that needs a new keytab, run the following command: 
+<pre class="screen"><code class="command"># ipa service-add &lt;service name&gt;/master.example.com</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					If you need certificates for services, use either <code class="command">certmonger</code> or the FreeIPA administration tools.
+				</div></li><li class="step"><div class="para">
+					Re-add the host to any applicable host groups.
+				</div></li></ol></div></div><div class="section" id="config-virt-machines"><div class="titlepage"><div><div><h2 class="title" id="config-virt-machines">4.4. Reconfiguring Virtual Machines</h2></div></div></div><div class="para">
+			There are two cases where it might be necessary to reconfigure a VM enrolled in a FreeIPA domain: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The VM is copied.
+					</div></li><li class="listitem"><div class="para">
+						The VM is migrated from one FreeIPA domain to another.
+					</div><div class="para">
+						This means that there is a FreeIPA configuration that needs to be removed and the machine needs to be enrolled in the new realm.
+					</div></li></ul></div>
+
+		</div><div class="para">
+			In each case, the procedure is identical to that described for renaming a FreeIPA machine: <a class="xref" href="#proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine">Procedure 4.3, “To rename a FreeIPA machine:”</a>. Although it is possible to <span class="emphasis"><em>not</em></span> completely unconfigure the client, there is no real downside to doing this (that is, running the <code class="command">ipa-client-install --uninstall</code> command).
+		</div><div class="para">
+			If you cannot use the <code class="command">ipa-client-install --uninstall</code> command, or it is failing for some reason, use the following manual procedure to remove the FreeIPA configuration from the client. Bear in mind, however, that this procedure cannot be undone:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Remove the old hostname from the main keytab. This method removes *ALL* principals in the domain: 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -r EXAMPLE.COM</code></pre>
+
+				</div><div class="para">
+					To remove on a per-principal basis (per-principal and per-encryption type): 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -p host/server.example.com at EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Disable certificate tracking in <code class="systemitem">certmonger</code>: 
+<pre class="programlisting"><code class="command">$ ipa-getcert stop-tracking -n Server-Cert -d /etc/pki/nssdb</code></pre>
+
+				</div><div class="para">
+					If there are any additional certificates being tracked by <code class="systemitem">certmonger</code>, you need to perform this step for each nickname and database pair.
+				</div></li><li class="step"><div class="para">
+					Remove the old host from FreeIPA. This is not strictly required but it is certainly cleaner. 
+<pre class="programlisting"><code class="command">$ ipa host-del <em class="replaceable"><code>HOSTNAME</code></em></code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Add the new host to FreeIPA, or re-join using administrator privileges: 
+<pre class="programlisting"><code class="command">$ ipa-join</code></pre>
+
+				</div></li></ol></div></div><div class="section" id="certs"><div class="titlepage"><div><div><h2 class="title" id="certs">4.5. Configuring Certificate-Based Machine Authentication</h2></div></div></div><div class="para">
+			IPA v2 extends the scope of authentication to include machines on the network. Machine authentication is required for the FreeIPA server to trust the machine and to accept FreeIPA connections from the client software installed on that machine. After authenticating the client, the FreeIPA server can respond to its requests.
+		</div><div class="para">
+			IPA supports two different approaches to machine authentication: Key Tables (or <em class="firstterm">keytabs</em>, a symmetric key resembling to some extent a user password); and Machine Certificates. FreeIPA clients use XML-RPC calls to request keytabs and certificates. Keys and certificate requests are generated on machines applying for certificates. Certificates are generated by the CA, in response to certificate requests submitted to FreeIPA and stored in FreeIPA's DS, and at the same time delivered to the machine for use in PKI machine authentication.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">4.5.1. Authentication Usage Scenarios</h3></div></div></div><div class="para">
+				Usage scenarios are split into the following categories:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Deployment of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Authentication using machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Revocation of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Renewal of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Recovery from destruction of FreeIPA server
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">4.6. Client Problems</h2></div></div></div><div class="para">
+			If you are unable to log into a machine or the standard NSS tools fail to return user and group information (for example, <code class="command">getent passwd admin</code> fails), inspect the SSSD logs in <code class="filename">/var/log/sssd/</code>. You should start with the log file for your domain (<code class="filename">sssd_example.com.log</code>).
+		</div><div class="para">
+			To increase the log level, set <code class="varname">debug_level</code> = 9 in the <code class="literal">[domain/<em class="replaceable"><code>example.com</code></em>]</code> section of the <code class="filename">/etc/sssd/sssd.conf</code> file, and restart the <code class="systemitem">sssd</code> daemon for this change to take effect. Monitor the <code class="filename">/var/log/sssd/sssd_example.com.log</code> file for any relevant information.
+		</div></div><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">4.7. Uninstalling a FreeIPA Client</h2></div></div></div><div class="para">
+			For Fedora clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the FreeIPA domaine. To remove the client, use the <code class="option">--uninstall</code> option.
+		</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --uninstall</span></pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				There is an uninstall option with the <code class="command">ipa-join</code> command. This is called by <code class="command">ipa-client-install --uninstall</code> as part of the uninstallation process. However, while the <code class="command">ipa-join</code> option removes the client from the domain, it does not actually uninstall the client or properly remove all of the FreeIPA-related configuration. Do not run <code class="command">ipa-join -u</code> to attempt to uninstall the FreeIPA client. The only way to uninstall a client completely is to use <code class="command">ipa-client-install --uninstall</code>.
+			</div></div></div></div></div><div xml:lang="en-US" class="chapter" id="users" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Identity: Managing Users and User Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#home-directories">5.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="#adding-users">5.2. Adding Users</a></span></dt><dt><span class="section"><a href="#editing-users">5.3. Editing Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">5.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">5.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_
 Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">5.5. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">5.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#user-groups">5.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">5.6.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">5.6.2. Editing FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">5.6.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="#user-pwdpolicy">5.7. Setting an Individual Password Polic
 y</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">5.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">5.7.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">5.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">5.7.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_Us
 er_Groups">5.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">5.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">5.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">5.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">5.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="#searching">5.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a hre
 f="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">5.8.1. Searching for Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">5.8.2. Searching for Groups</a></span></dt></dl></dd></dl></div><div class="section" id="home-directories"><div class="titlepage"><div><div><h2 class="title" id="home-directories">5.1. Managing User Home Directories</h2></div></div></div><div class="para">
+			FreeIPA, as part of managing users, can manage user home directories. However, the FreeIPA server has expectations about 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The default prefix for users' home directories is <code class="filename">/home</code>.
+					</div></li><li class="listitem"><div class="para">
+						FreeIPA does not automatically create home directories when users log in.
+					</div><div class="para">
+						To automatically create home directories, you can use the <code class="systemitem module">pam_mkhomedir</code> module. FreeIPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+					</div><div class="para">
+						Pass the <code class="option">--mkhomedir</code> option to the <code class="command">ipa-client-install</code> command to enable the <code class="systemitem">pam_mkhomedir</code> module.
+					</div></li><li class="listitem"><div class="para">
+						It is possible to use an NFS file server that provides <code class="filename">/home</code> that can be made available to all client machines.
+					</div></li><li class="listitem"><div class="para">
+						If a suitable directory and mechanism are not available for the creation of home directories, users may not be able to log in.
+					</div></li></ul></div>
+
+		</div></div><div class="section" id="adding-users"><div class="titlepage"><div><div><h2 class="title" id="adding-users">5.2. Adding Users</h2></div></div></div><div class="para">
+			FreeIPA supports a wide range of <span class="property">username</span> formats, but you need to be aware of any restrictions that may apply to your particular environment. For example, a <span class="property">username</span> that starts with a digit may cause problems for some UNIX systems.
+		</div><div class="para">
+			The range of <span class="property">username</span> formats supported by FreeIPA can be described by the following regular expression:
+		</div><pre class="screen"><code class="command">[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]</code></pre><div class="para">
+			The trailing $ symbol is permitted for Samba 3.x machine support.
+		</div><div class="para">
+			Use the <code class="command">ipa user-add</code> command to add users to FreeIPA. You can pass attributes directly on the command line, or run the command with no parameters to enter interactive mode. Interactive mode prompts you to enter the basic attributes required to add a new user. You can add further attributes using the <code class="command">ipa user-mod</code> command. Use the <code class="command">ipa user-mod --list</code> command to view a list of the attributes that you can modify using this command.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_the_Command_Line-To_create_the_user_jlamb_using_the_command_line"><h6>Procedure 5.1. To create the user <code class="systemitem">jlamb</code> using the command line:</h6><ul><li class="step"><div class="para">
+					Open a shell and run the following command:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command">$ ipa user-add jlamb --first=John --last=Lamb --password</code></pre>
+
+				</div><div class="para">
+					This will prompt for a password and then complete the new entry with default values.
+				</div></li></ul></div><div class="para">
+			The following example illustrates using the <code class="command">ipa user-add</code> command in interactive mode to create a user account:
+		</div><pre class="screen"># ipa user-add
+First name: Jinny
+Last name: Pattanajee
+User login [jpattanajee]: jpattan
+--------------------
+Added user "jpattan"
+--------------------
+User login: jpattan
+First name: Jinny
+Last name: Pattanajee
+Home directory: /home/jpattan
+GECOS field: jpattan
+Login shell: /bin/sh
+Kerberos principal: jpattan at MYDOMAIN.NET
+UID: 387115841
+</pre><div class="para">
+			Press <span class="keycap"><strong>Enter</strong></span> at each prompt to accept the default values (enclosed in square brackets), or type an alternative.
+		</div><div class="para">
+			Refer to the <code class="command">ipa user-add</code> help page for more information.
+		</div></div><div class="section" id="editing-users"><div class="titlepage"><div><div><h2 class="title" id="editing-users">5.3. Editing Users</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa user-mod</code> command to modify user account details, such as adding, removing or changing attributes. Refer to the following examples:
+		</div><div class="para">
+			To update attributes for the user <code class="systemitem">jsmith</code>:
+		</div><div class="para">
+			<code class="command">$ ipa user-mod jsmith <code class="option">--email=johnsmith at mydomain.com</code> <code class="option">--title=Editor</code></code>
+		</div><div class="para">
+			To retrieve a list of attributes for a user:
+		</div><div class="para">
+			<code class="command">$ ipa user-show --raw &lt;user name&gt;</code>
+		</div><div class="para">
+			The list of attributes corresponds to those available in the web interface, not including any custom attributes that may have been defined.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">5.4. Activating and Deactivating User Accounts</h2></div></div></div><div class="para">
+			FreeIPA user accounts can be set to a status of <code class="literal">Active</code> or <code class="literal">Inactive</code>. If you deactivate a user account, that user can no longer log in to FreeIPA, change their password, or perform any other tasks. Any existing connections will remain valid until their <code class="systemitem">Kerberos</code> TGT and other tickets expire, but they will not be able to renew them. The account and all associated information still exists, but is inaccessible by the user.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">5.4.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-enable</code> and <code class="command">ipa user-disable</code> commands to enable and disable user accounts, respectively. Refer to the following examples:
+			</div><div class="para">
+				To disable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-disable jsmith</code>
+			</div><div class="para">
+				To enable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command"> $ ipa user-enable jsmith</code>
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">5.5. Deleting FreeIPA Users</h2></div></div></div><div class="para">
+			If you delete a FreeIPA user account, all of the information stored in the entry for that identity is lost. This includes the user's full name, group membership, phone numbers, and passwords. The actual user account and home directory still exist, be they on a server, local machine, or other provider, but they are no longer accessible by FreeIPA.
+		</div><div class="para">
+			Unlike deactivation, if you delete a user account, it cannot be retrieved. If you need this user account again, you need to recreate it and add all of the account details manually.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Unlike in earlier versions of FreeIPA, it is now possible to delete the <code class="systemitem">admin</code> user. If, however, you delete all of the <code class="systemitem">admin</code> users then you will need to use the Directory Manager account to create a new administrative user. Alternatively, if you have a user in the group management role, they can add a new <code class="systemitem">admin</code> user.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">5.5.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-del</code> command to delete user accounts. For example:
+			</div><div class="para">
+				To delete the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-del jsmith</code>
+			</div><div class="para">
+				If you intend to delete multiple users, you can use the <code class="option">--continue</code> option to prevent the command from stopping should it encounter any errors. For example:
+			</div><div class="para">
+				<code class="command">$ ipa user-del <code class="option">--continue</code> <em class="parameter"><code>user_01</code></em> <em class="parameter"><code>user_02</code></em> <em class="parameter"><code>user_03</code></em></code>
+			</div><div class="para">
+				If you run this command without using the <code class="option">--continue</code> option, FreeIPA will delete the listed user accounts unless it encounters any errors, at which point it stops. For example, if <em class="parameter"><code>user_02</code></em> did not exist, the previous command would only delete <em class="parameter"><code>user_01</code></em>; <em class="parameter"><code>user_03</code></em> would not be affected.
+			</div><div class="para">
+				The <code class="option">--continue</code> option returns a summary of successes and failures to <code class="systemitem">stdout</code>.
+			</div></div></div><div class="section" id="user-groups"><div class="titlepage"><div><div><h2 class="title" id="user-groups">5.6. Creating User Groups</h2></div></div></div><div class="para">
+			FreeIPA uses groups to facilitate the management and administration of all types of objects, such as users, hosts, tasks, roles, and others. This section introduces <code class="systemitem">User Groups</code> and how they are used within FreeIPA. Other object groups behave and are used in similar ways; these are discussed elsewhere.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-User_Groups"><h5 class="formalpara">User Groups</h5>
+				Three groups are created during the installation process: <code class="systemitem">ipausers</code>, <code class="systemitem">admins</code>, and <code class="systemitem">editors</code>. All of these groups are required for FreeIPA operation.
+			</div><div class="para">
+			The FreeIPA Administrator is a member of the <code class="systemitem">admins</code> group. All other users belong to the global group <code class="systemitem">ipausers</code>, and you can create as many additional groups as you require.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Some operating systems limit the number of groups that you can create. For example, <code class="systemitem">Solaris</code> and <code class="systemitem">AIX</code> allow only 16 groups per user. FreeIPA Administrators need to be aware of this limitation, especially when using nested groups.
+			</div></div></div><div class="para">
+			The <code class="systemitem">editors</code> group is a special group used by the web interface. Members of this group have at least one delegation, which means they can edit records apart from their own.
+		</div><div class="para">
+			You can create groups based on the departments within your organization, for example, Development, Finance, and HR. You can also create groups based on the permissions, or roles, required to manage your departmental or other groups.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Nested_Groups"><h5 class="formalpara">Nested Groups</h5>
+				You can also create nested groups. For example, you can create a group called "Documentation", and then create sub-groups such as "Writers", "Translators", and "Editors". You can add users to each of the sub-groups to suit the needs of your organization. Any users that you add to a sub-group automatically become members of the parent group.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Avoid the creation of cyclic groups; that is, groups that contain groups that in turn contain their own ancestors, and avoid creating group names that contain spaces. Either of these conditions can lead to unexpected behavior.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">5.6.1. Creating FreeIPA Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">5.6.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-add</code> command to add groups. You can include attributes on the command line or use the command interactively. For example:
+				</div><div class="para">
+					To create a group called "Engineering" using the command line:
+				</div><pre class="screen">$ ipa group-add
+Group name: Engineering
+Description: All members of the engineering group
+-------------------------
+Added group "engineering"
+-------------------------
+  Group name: Engineering
+  Description: All members of the engineering group
+  GID: 387115842
+</pre><div class="para">
+					Alternatively, include all of the required attributes on the command line:
+				</div><pre class="screen">$ ipa group-add --desc='All authors, editors, and translators' Documentation
+---------------------------
+Added group "documentation"
+---------------------------
+  Group name: documentation
+  Description: All authors, editors, and translators
+  GID: 387115845</pre><div class="para">
+					The group name and description are mandatory fields. If either of these are not included on the command line, you will be prompted to include them.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_the_Command_Line-Adding_members_to_a_new_group"><h5 class="formalpara">Adding members to a new group</h5>
+						You cannot add members to a newly-created group using the <code class="command">ipa group-add</code> command. First you need to create the group, and then use the <code class="command">ipa group-add-member</code> command to add members. For example:
+					</div><pre class="screen">$ ipa group-add-member --users=user01,user02,user03 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member users: user01,user02,user03
+-------------------------
+Number of members added 3
+-------------------------
+</pre><div class="para">
+					You can use the same process to create nested groups:
+				</div><pre class="screen">$ ipa group-add-member --groups=group01,group02 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member groups: group01,group02
+  -------------------------
+  Number of members added 2
+  -------------------------
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">5.6.2. Editing FreeIPA Groups</h3></div></div></div><div class="para">
+				You can edit many of the attributes that define a group, as well as add or remove members. Some attributes are read-only by default, however you can edit these attributes if required.
+			</div><div class="para">
+				You cannot edit the group name. The group name is the primary key, so changing it is the equivalent of deleting the group and creating a new one.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">5.6.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-mod</code> command to modify specific attributes of FreeIPA groups. FreeIPA provides numerous commands for working with groups, such as <code class="command">ipa group-add-member</code> and <code class="command">ipa group-detach</code>; run the <code class="command">ipa help group</code> command to access the FreeIPA group help page for more information.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">5.6.3. Deleting FreeIPA Groups</h3></div></div></div><div class="para">
+				When you delete a FreeIPA group, only the immediate group is removed; members of the group are not affected.
+			</div><div class="para">
+				When you delete a FreeIPA group, any delegations that apply to that group are also removed. For example, suppose you added an "EngineeringManager" group specifically to set up delegations for the Engineering Manager. If you delete the EngineeringManager group, then those delegations are also lost. These delegations cannot be retrieved. If you need this group and delegation again, you need to recreate them.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">5.6.3.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-del</code> command to delete groups. For example:
+				</div><div class="para">
+					To delete the Engineering group:
+				</div><div class="para">
+					<code class="command">$ ipa group-del Engineering</code>
+				</div></div></div></div><div class="section" id="user-pwdpolicy"><div class="titlepage"><div><div><h2 class="title" id="user-pwdpolicy">5.7. Setting an Individual Password Policy</h2></div></div></div><div class="para">
+			FreeIPA has a default policy of never exposing passwords, even hashed passwords, to clients, in the interests of system security. This policy applies even if you still rely on NIS server functionality to some degree, for example, as a result of a full or partial migration from NIS to FreeIPA. FreeIPA normally expects a switch to Kerberos for authentication, but this may not always be possible.
+		</div><div class="para">
+			The FreeIPA password policy supports the specification of various password attributes that help to ensure the security of your system, and also that of individual user accounts. You can specify the password lifetime, length, and the types of characters required, all as part of the FreeIPA password policy.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						In Fedora 15, the FreeIPA password policy is enforced by the <abbr class="abbrev">KDC</abbr>. Only a limited number of attributes are currently supported, but this will be extended in later versions.
+					</div></li><li class="listitem"><div class="para">
+						Because the password policy is enforced by the <abbr class="abbrev">KDC</abbr>, any further policy specifications that you implement as part of the Directory Server password policy will not be visible in FreeIPA, and neither will they be enforced.
+					</div></li><li class="listitem"><div class="para">
+						Different rules apply to changing passwords, depending on your login credentials.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">5.7.1. Changing Passwords as the Directory Manager</h3></div></div></div><div class="para">
+				If you reset a password using <em class="parameter entry"><code>cn=Directory Manager</code></em> credentials (only possible if you manually perform an <code class="systemitem">LDAP</code> password change operation) then you override any checks and the password is set to whatever you specify. The FreeIPA password policy is ignored.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">5.7.2. Changing Passwords as the FreeIPA Administrator</h3></div></div></div><div class="para">
+				If you reset a password using <code class="systemitem">admin</code> credentials (that is, as part of the <code class="systemitem">admins</code> group), the FreeIPA password policy is ignored, but the expiration date is set to "now". This means that the user is forced to change the password at login time, and the password policy is then enforced. This is also true for users who have had password changing rights delegated to them.
+			</div><div class="para">
+				Consequently, the FreeIPA Administrator can easily create users with "default" passwords and reset user's passwords, but will not know the actual, final password entered by the user. Further, any password that is transmitted from the FreeIPA Administrator to the user, even over insecure channels, is a temporary password. Consequently, it is not critical if it is accidentally disclosed, provided that the user promptly resets it.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">5.7.3. Changing Passwords as a Regular User</h3></div></div></div><div class="para">
+				If you are logged in as a regular user (that is, you are not part of the <code class="systemitem">admins</code> group, or possessed of any elevated privileges), then you can only change your own password, and these changes are always subject to the FreeIPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">5.7.4. Editing the Password Policy</h3></div></div></div><div class="para">
+				You can use either the web interface or the command line to edit the FreeIPA password policy. However, you can only edit those attributes supported by FreeIPA.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">5.7.4.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa pwpolicy-*</code> commands to create and modify FreeIPA password policies. These commands are provided as part of the <code class="command">ipa pwpolicy</code> plug-in functionality. The <code class="command">ipa help pwpolicy</code> command displays the help page and some examples of using this plug-in.
+				</div><div class="para">
+					For example, use the following command to update the minimum global password length to 10 characters, and to specify that no history of passwords be kept:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-mod --minlength=10 --history=0</code>
+				</div><div class="para">
+					To display the global password policy:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-show</code>
+				</div><div class="para">
+					Refer to <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">Section 5.7.6, “Password Policy Attributes”</a> for information on password policy attributes.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">5.7.5. Setting Different Password Policies for Different User Groups</h3></div></div></div><div class="para">
+				The FreeIPA password policy plug-in (<code class="command">ipa pwpolicy</code>) manages both global and per-group password policies. You can use this plug-in to display or modify existing password policies to suit the needs of your environment.
+			</div><div class="para">
+				The following examples demonstrate how to display and modify existing password policies.
+			</div><div class="para">
+				To display the password policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="para">
+				To add a new policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					When adding or modifying the password policy for a group, that group needs to already exist but does not need to contain any members.
+				</div></div></div><div class="para">
+				To remove an attribute from a password policy, use the <code class="command">ipa pwpolicy-mod</code> command to set an empty value for the required attribute to delete it.
+			</div><div class="para">
+				The following example illustrates adding a password policy with three specific attributes to an existing group:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-add --minlife=1 --maxlife=5 --priority=1 g1</code>
+Group: g1
+Max lifetime (days): 5
+Min lifetime (hours): 1
+Priority: 1
+</pre><div class="para">
+				The following command uses the <code class="command">ipa pwdpolicy-mod</code> command to set an empty value to the <em class="parameter"><code>minlife</code></em> attribute:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-mod --minlife= g1</code>
+Group: g1
+Max lifetime (days): 5</pre><div class="para">
+				To display the policy for a given user:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --user=tuser1</code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Password policies are not cumulative. That is, you cannot override a single setting in a policy and let it fall back to the global policy on all the others; it is all or nothing.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">5.7.5.1. Setting the Priority of Password Policies</h4></div></div></div><div class="para">
+					The following example demonstrates the use of password priority, where a user and two groups are created, with a separate password policy for each group. Each policy has a different priority, and the user is added to both groups.
+				</div><div class="procedure"><ol class="1"><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_a_user"><h5 class="formalpara">Adding a user</h5>
+								Use the <code class="command">ipa user-add</code> command to add a new user:
+							</div><pre class="screen">
+<code class="command"># ipa user-add --first=Tim --last=User tuser1</code>
+---------
+Added user "tuser1"
+---------
+  User login: tuser1
+  First name: Tim
+  Last name: User
+  Home directory: /home/tuser1
+  GECOS field: tuser1
+  Login shell: /bin/sh
+  Kerberos principal: tuser1 at IPANETWORK.ORG
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_groups"><h5 class="formalpara">Adding the user groups</h5>
+								Use the <code class="command">ipa group-add</code> command to add two new groups:
+							</div><pre class="screen">
+<code class="command"># ipa group-add --desc=Group1 g1</code>
+----------
+Added group "g1"
+----------
+  Group name: g1
+  Description: Group1
+
+# ipa group-add --desc=Group2 g2
+----------
+Added group "g2"
+----------
+Group name: g2
+Description: Group2
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Specifying_the_password_policies"><h5 class="formalpara">Specifying the password policies</h5>
+								Use the <code class="command">ipa pwpolicy-add</code> command to specify different policies for each group:
+							</div><pre class="screen">
+<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=g1</code>
+---------------------------
+Added policy for group "g1"
+---------------------------
+  Group: g1
+  Minimum lifetime (in hours): 10
+
+# ipa pwpolicy-add --minlife=20 --priority=20 --group=g2
+---------------------------
+Added policy for group "g2"
+---------------------------
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_to_the_groups"><h5 class="formalpara">Adding the user to the groups</h5>
+								Use the <code class="command">ipa group-add-member</code> command to add the user that you previously created to each group. You can then use the <code class="command">ipa pwpolicy-show</code> command to display the policy that is in effect for the user.
+							</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g1</code> group and then check the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g1</code>
+  Group name: g1
+  Description: Group1
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+$ ipa pwpolicy-show --user=tuser1
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre></li><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g2</code> group and recheck the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g2</code>
+  Group name: g2
+  Description: Group2
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre><div class="para">
+									Notice that the password policy that is in effect for the user <code class="systemitem">tuser1</code> is taken from the <code class="systemitem">g1</code> group, because it has a higher priority.
+								</div></li></ol></div></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Removing_the_user_from_a_single_group"><h5 class="formalpara">Removing the user from a single group</h5>
+								Finally, use the <code class="command">ipa group-remove-member</code> command to remove the user from the <code class="systemitem">g1</code> group to demonstrate that they still have a custom policy.
+							</div><pre class="screen">
+<code class="command">$ ipa group-remove-member --users=tuser1 g1</code>
+---------------------------
+Number of members removed 1
+---------------------------
+    Users:
+    Groups:
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="command">ipa help &lt;topic&gt;</code> command to display a list of the commands available for working with various topics.
+					</div></div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">5.7.6. Password Policy Attributes</h3></div></div></div><div class="para">
+				The password policy is enforced by the <code class="systemitem module">pwd_extop</code> SLAPI plug-in. FreeIPA 2.0 supports the following password policy attributes:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Password Lifetime</strong></span> (<span class="property">krbMinPwdLife</span>): The minimum period of time, in hours, that a user's password must be in effect before the user can change it. The default value is one hour.
+					</div><div class="para">
+						You can use this attribute to prevent users from changing their password to a "temporary" value and then immediately changing it back to the original value.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Password Lifetime</strong></span> (<span class="property">krbMaxPwdLife</span>): The maximum period of time, in days, that a user's password can be in effect before it must be changed. The default value is 90 days.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Number of Character Classes</strong></span> (<span class="property">krbPwdMinDiffChars</span>): The minimum number of different classes, or types, of character that must exist in a password before it is considered valid. The default value is 0 (zero).
+					</div><div class="para">
+						For example, setting <span class="property">krbPwdMinDiffChars</span> = 3 requires that passwords contain at least one character from three of the supported classes.
+					</div><div class="para">
+						The following character classes are supported:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Upper-case characters
+							</div></li><li class="listitem"><div class="para">
+								Lower-case characters
+							</div></li><li class="listitem"><div class="para">
+								Digits
+							</div></li><li class="listitem"><div class="para">
+								Special characters (for example, punctuation)
+							</div></li><li class="listitem"><div class="para">
+								8-bit characters (characters whose decimal code starts at 128 or below, for example, Â, Ã, and Ä)
+							</div></li></ul></div><div class="para">
+						The following special classes also exist:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Number of repeated characters
+							</div><div class="para">
+								This weights in the opposite direction, so that if you have too many repeated characters you will not meet the quorum to satisfy the "level" expressed by <span class="property">krbPwdMinDiffChars</span>.
+							</div></li></ul></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Length of Password</strong></span> (<span class="property">krbPwdMinLength</span>): The minimum number of characters that must exist in a password before it is considered valid. The default value is eight characters.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Password History Size</strong></span> (<span class="property">krbPwdHistoryLength</span>): The number of previous passwords that FreeIPA stores, and which a user is prevented from using. For example, if you set this value to 10, FreeIPA prevents a user from reusing any of their previous 10 passwords. The default value is 0 (zero) (disable password history).
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							If password history checking is enabled, and a user attempts to use one of the passwords in the history list, the error message returned by the system may be misleading. For example, you may see the following error:
+						</div><pre class="screen">A database error occurred: Constraint violation: Password fails to meet minimum strength criteria
+</pre><div class="para">
+							This is because <span class="package">python-ldap</span> prevents the retrieval of extended information on password policy failures over <code class="systemitem">LDAP</code>.
+						</div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Even with <span class="property">krbPwdHistoryLength</span> set to zero, users cannot reuse their existing password.
+						</div></div></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Priority</strong></span> (<span class="property">priority</span>): The priority determines which policy is in effect. The lower the number the higher priority. This is important if a user is in several groups, each with a password policy set.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Consecutive Failures</strong></span> (<span class="property">maxfail</span>): Specifies the maximum number of consecutive failures to input the correct password before the user's account is locked.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Fail Interval</strong></span> (<span class="property">failinterval</span>): Specifies the period (in seconds) after which the failure count will be reset.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Lockout Time</strong></span> (<span class="property">lockouttime</span>): Specifies the period (in seconds) for which a lockout is enforced.
+					</div></li></ul></div><div class="para">
+				Refer to the <code class="command">ipa help pwpolicy-add</code> help page for more information on configuring the FreeIPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">5.7.7. Notifying Users of Password Expiration</h3></div></div></div><div class="para">
+				If it is installed and configured, SSSD can use the PAM module to send messages to users, warning them about imminent password expiration. Fedora has a <code class="option">pam_pwd_expiration_warning</code> option to fine tune this feature. You can also manually search for passwords that are due to expire by a specified date. For example, to retrieve all user entries whose passwords are due to expire before March 1st, 2011, run the following command:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command">$ ldapsearch -Y GSSAPI -b "cn=users,cn=accounts,dc=example,dc=com"</code> <code class="command">'(krbPasswordExpiration&lt;=20110301000000Z)'</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">5.7.8. Using SSH for Password Authentication</h3></div></div></div><div class="para">
+				If you use password authentication (no GSSAPI authentication, and no ticket on the client) with a new user, or with a user whose password has expired, you need to enable Challenge-Response authentication. Otherwise, the password changing dialog box will not display.
+			</div><div class="para">
+				This is not enabled by default because some older <code class="systemitem">SSL</code> clients may not support Challenge-Response authentication, and it is needed only if the password has expired.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_SSH_for_Password_Authentication-To_enable_Challenge_Response_authentication"><h5 class="formalpara">To enable Challenge-Response authentication:</h5>
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Set <em class="parameter"><code>ChallengeResponseAuthentication</code></em> to <code class="literal">yes</code> in the <code class="filename">/etc/ssh/sshd_config</code> file.
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">5.7.9. Using Local Logins</h3></div></div></div><div class="para">
+				User identity and authentication is managed by SSSD in recent versions of Fedora. The default settings specified by the FreeIPA installation script include timeout settings that still allow local logins to succeed if the client cannot access the FreeIPA server. These settings are specified in the <code class="filename">/etc/sssd/sssd.conf</code> file, and can be tuned to suit your particular deployment. Further, if SSSD's password caching feature is enabled, a user can log in even if the FreeIPA server is down. A typical deployment would normally include two or more servers for redundancy, and so this would not normally be a problem.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+					These timeout settings are only set on operating systems that support the FreeIPA installation script, meaning Fedora 15 and later. On other versions, specify these values manually or it may be impossible to log into the host if no FreeIPA servers are available.
+				</div></div></div></div></div><div class="section" id="searching"><div class="titlepage"><div><div><h2 class="title" id="searching">5.8. Searching for Users and Groups</h2></div></div></div><div class="para">
+			FreeIPA provides extensive search capabilities, which enable you to perform simple and partial-match searches on a range of attributes, including:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					First Name (givenname)
+				</div></li><li class="listitem"><div class="para">
+					Last Name (sn)
+				</div></li><li class="listitem"><div class="para">
+					Login (uid)
+				</div></li><li class="listitem"><div class="para">
+					Job Title (title)
+				</div></li><li class="listitem"><div class="para">
+					Organizational Unit Name (ou)
+				</div></li><li class="listitem"><div class="para">
+					Phone Number (telephoneNumber)
+				</div></li></ul></div><div class="para">
+			Searches are not case sensitive, and automatically search across multiple fields. Search results are displayed with exact matches listed first, followed by partial matches.
+		</div><div class="para">
+			The default display lists users in alphabetical order. Click any column title to sort in alphabetical or numerical order. Click the title again to sort in reverse order. The sort order is indicated by an icon next to the title.
+		</div><div class="para">
+			Not all fields are indexed for searching. For example, you cannot search on the following user details:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Initials
+				</div></li><li class="listitem"><div class="para">
+					Account Status
+				</div></li><li class="listitem"><div class="para">
+					Home Directory
+				</div></li><li class="listitem"><div class="para">
+					Login Shell
+				</div></li><li class="listitem"><div class="para">
+					Gecos
+				</div></li><li class="listitem"><div class="para">
+					Home Page
+				</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot use wildcards to search for users or groups. The search string must include at least one character that appears in one of the indexed search fields.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">5.8.1. Searching for Users</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">5.8.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa user-find</code> command to search for users from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa user-find</code> [
+							options
+						] {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find User utility, you can only search for a single string using the command line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa user-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa user-find</code> command to find users whose record contains the string "kay":
+				</div><pre class="screen">$ ipa user-find kay
+---------------
+2 users matched
+---------------
+User login: klim
+First name: Kay
+Last name: Lim
+Home directory: /home/klim
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+
+User login: kming
+First name: Kay
+Last name: Ming
+Home directory: /home/kming
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+----------------------------
+Number of entries returned 2
+----------------------------</pre><div class="para">
+					If you do not see the entry that you are looking for, you may need to adjust the <code class="option">--searchrecordslimit</code> option in the default FreeIPA configuration.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">5.8.2. Searching for Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">5.8.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-find</code> command to search for groups from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa group-find</code> {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find Group utility, you can only search for a single string using the command-line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa group-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa group-find</code> command to find groups that contain the string "documentation":
+				</div><pre class="screen">$ ipa group-find documentation
+---------------
+1 group matched
+---------------
+Group name: documentation
+Description: Group for all documentation authors
+GID: 1453400012
+Member users: dkim, mkang, lming, klim
+----------------------------
+Number of entries returned 1
+----------------------------</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa group-find</code> command searches both group names and group descriptions. If your search results are too extensive, use a more specific search string.
+					</div></div></div></div></div></div></div><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Princip
 als-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">6.1. About Kerberos</h2></div></div></div><div class="para">
+			The Kerberos server is a part of FreeIPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <em class="firstterm">ticket</em>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
+		</div><div class="para">
+			To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <em class="firstterm">ticket-granting ticket</em> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+		</div><div class="para">
+			<code class="systemitem">Kerberos</code> is a network authentication protocol which allows users to authenticate to services with the help of a KDC. <code class="systemitem">Kerberos</code> authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <em class="firstterm">principal names</em>, and those users and services are often referred to simply as <em class="firstterm">principals</em>.
+		</div><div class="para">
+			A service principal consists of three components: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						the service name
+					</div></li><li class="listitem"><div class="para">
+						the fully-qualified domain name (FQDN)
+					</div></li><li class="listitem"><div class="para">
+						the Kerberos realm
+					</div></li></ul></div>
+
+		</div><div class="para">
+			The service name is an arbitrary case-sensitive string, such as <code class="systemitem">host</code>, <code class="systemitem">HTTP</code>, <code class="systemitem">ldap</code>, or <code class="systemitem">DNS</code>. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the <code class="systemitem">host</code> service principal.
+		</div><div class="para">
+			The syntax, or structure, of a service principal is as follows: <code class="systemitem">service/FQDN at REALM</code>. For example, the host service principal for a machine named <code class="systemitem">test.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code> would be <code class="systemitem">host/test.example.com at EXAMPLE.COM</code>. By convention, this principal is stored in <code class="filename">/etc/krb5.keytab</code>.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				When you run the <code class="command">ipa-client-install</code> command, it retrieves the host service principal and stores it in the <code class="filename">/etc/krb5.keytab</code> file. This host principal is stored within the host record so that the service commands cannot be used with this principal. The idea behind this is that after you have run the <code class="command">ipa-client-install</code> command, your client should be fully prepared to participate in the FreeIPA network.
+			</div></div></div><div class="para">
+			Clients use service principals to inform the KDC which service they need a ticket for. The KDC uses the key assigned to the service principal to encrypt the service ticket it grants to client. Service principals and their associated keys are stored in a keytab file. If the KDC has the service principal and the key assigned to that principal, it can still provide the client with a ticket, but the service server will not be able to decrypt the ticket without the key stored in that keytab file.
+		</div><div class="para">
+			Service principals are typically released per service, although it is possible for one service principal to be used for more than one service.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-The_Importance_of_Service_Principals_and_keytabs"><h5 class="formalpara">The Importance of Service Principals and keytabs</h5>
+				Service principals and their associated keys play a critical role in a <code class="systemitem">Kerberos</code>-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their <code class="systemitem">Kerberos</code> credentials.
+			</div><div class="para">
+			For example, if a user tries to mount an <code class="systemitem">NFS</code> directory using <code class="systemitem">Kerberos</code>, then both the <code class="systemitem">NFS</code> server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the FreeIPA <code class="systemitem">NFS</code> configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-Protecting_keytab_Files"><h5 class="formalpara">Protecting keytab Files</h5>
+				To protect your keytab files, consider the following general rules with respect to their permissions and ownership: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Owner: <span class="property">uid</span> of the process that will use the keytab
+						</div></li><li class="listitem"><div class="para">
+							Mode: 0600
+						</div></li></ul></div>
+				 For example, set the owner of the <span class="application"><strong>Apache</strong></span> keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Clients attempting to mount <code class="systemitem">NFS</code> exports rely on the existence of a valid principal and secret key on both the <code class="systemitem">NFS</code> server and the client host. Clients themselves should not have access to the <code class="systemitem">NFS</code> keytab. The ticket for the <code class="systemitem">NFS</code> connection will be given to clients from the KDC.
+			</div><div class="para">
+				Failure to export an updated keytab can cause problems that are difficult to isolate. For example, existing service connections may continue to function, but no new connections may be possible.
+			</div><div class="para">
+				Due to the critical role that keytabs play in authenticating users and services, and the issues that can arise if they are compromised, ensure that all keytab files are appropriately secured, and have suitable file ownership and permissions established.
+			</div></div></div></div><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">6.2. Setting Kerberos Ticket Policies</h2></div></div></div><div class="para">
+			Kerberos tickets are issued subject to the restraints of the <em class="firstterm">Kerberos ticket policy</em>. This policy defines the maximum ticket lifetime and also the maximum renewal age, the period during which the ticket is renewable. You can use the <code class="command">ipa krbtpolicy-mod</code> command to modify the policy to suit your environment. You can also use the <code class="command">ipa krbtpolicy-reset</code> command to reset the policy to the default values.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Use the following command to restart the KDC: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div></div></div><div class="para">
+			Kerberos authentication is the core of the FreeIPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+		</div><div class="para">
+			FreeIPA uses a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age; that is, the period during which the ticket is renewable. You can also create a per-user ticket policy by specifying the user login.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Changes to the global policy require a restart of the KDC service to take effect, as follows: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div><div class="para">
+				Changes to per-user policies take effect immediately for newly-requested tickets, for example, when the user next runs <code class="command">kinit</code>.
+			</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</h2></div></div></div><div class="para">
+			You can use the web interface to create service principals and also to search for existing service principals. For security and other reasons, however, it is not possible to retrieve a keytab using the web interface. This has to be done either on the command line on the system where the service is accessed, or on the FreeIPA server itself, and the keytab then exported to the client host.
+		</div><div class="para">
+			The following example demonstrates creating a service principal and keytab on a client host for the <code class="systemitem">HTTP</code> service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the FreeIPA server is <code class="systemitem">ipaserver.example.com</code>: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add ipaclient.example.com</code>
+<code class="command"># ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com /</code>
+<code class="command">-k /etc/httpd/conf/ipa.keytab</code></pre>
+
+		</div><div class="para">
+			Note the location of the keytab. By default, <span class="application"><strong>FreeIPA</strong></span> saves its <code class="systemitem">HTTP</code> keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the FreeIPA interface would stop working, because the original key would also be deleted.
+		</div><div class="para">
+			Similar locations can be specified for each service that needs to be made Kerberos aware. There is no specific location that must be used, but, when using <code class="command">ipa-getkeytab</code>, you should avoid using <code class="filename">/etc/krb5.keytab</code>. This file should not contain service-specific keytabs; each service should have its keytab saved in a specific location and the access privileges (and possibly SELinux rules) should be configured so that only this service has access to the keytab.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The realm name is optional. The FreeIPA server automatically appends the <code class="systemitem">Kerberos</code> realm for which it is configured. You cannot specify a different realm.
+					</div></li><li class="listitem"><div class="para">
+						The hostname must resolve to a <code class="systemitem">DNS</code> A record for it to work with <code class="systemitem">Kerberos</code>. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
+					</div></li><li class="listitem"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command is part of the <span class="package">freeipa-client</span> package, which is only available for Fedora 15 or later. For other clients, you need to use this procedure on the server and manually copy the keytab to the client.
+					</div></li><li class="listitem"><div class="para">
+						You can use the <code class="option">-e</code> flag to include a comma-separated list of encryption types to include in the keytab. This supersedes any default encryption type. Refer to the <code class="command">ipa-getkeytab</code> man page for more information.
+					</div></li></ul></div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				The <code class="command">ipa-getkeytab</code> command resets the secret for the specified principal. This means that all other keytabs for that principal are rendered invalid.
+			</div></div></div><div class="para">
+			FreeIPA provides a range of tools and commands to facilitate the creation and administration of services and the service principals and certificates required to use them. Some of this can be automated, but there will always be a certain amount of manual intervention required to create services and certificates after the initial joining of a host to a realm. These requirements and procedures are discussed in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Prerequisites"><h5 class="formalpara">Prerequisites</h5>
+					Before you can create a service for a FreeIPA host, you need to ensure that the host exists. This should be true if it has already joined the realm. Use the following command to determine if the host exists: 
+<pre class="screen"><code class="command"># ipa host-show myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				If the host does <span class="emphasis"><em>not</em></span> exist in the realm, you will see an error message similar to the following: 
+<pre class="screen"><span class="errortext">ipa: ERROR: myserver.mydomain.net: host not found</span></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-To_create_an_IPA_service"><h5 class="formalpara">To create a FreeIPA service:</h5>
+					Use the following command to create a service for that host: 
+<pre class="screen"><code class="command"># ipa service-add test/myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				This will produce output similar to the following:
+			</div><pre class="screen">
+-------------------------------------------------------
+Added service "test/myserver.mydomain.net at MYDOMAIN.NET"
+-------------------------------------------------------
+  Principal: test/myserver.mydomain.net at MYDOMAIN.NET
+  Managed by: myserver.mydomain.net</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">6.3.1.1. Requesting a Certificate for a Service</h4></div></div></div><div class="para">
+					Use the following command to request a certificate for the new service. The certificate request is contained in the <code class="filename">example.csr</code> file. 
+<pre class="screen"><code class="command"># ipa cert-request --principal=test/myserver.mydomain.net example.csr </code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="option">--add</code> option to create the service when requesting the certificate.
+					</div></div></div><div class="para">
+					If necessary, create the CSR file using openssl. The following is an example session creating such a file:
+				</div><pre class="screen"><code class="command"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key</code>
+Generating a 2048 bit RSA private key
+.........................................................+++
+.............................+++
+writing new private key to 'private.key'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [XX]:AU
+State or Province Name (full name) []:QLD
+Locality Name (eg, city) [Default City]:BNE
+Organization Name (eg, company) [Default Company Ltd]:MYDOMAIN.NET
+Organizational Unit Name (eg, section) []:ECS
+Common Name (eg, your name or your server's hostname) []:myserver.mydomain.net
+Email Address []:authors at mydomain.net
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:</pre></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">6.3.1.2. Using certmonger to Manage Certificate Requests</h4></div></div></div><div class="para">
+					You can also use <span class="application"><strong>certmonger</strong></span> to manage the certificate request process for you. Use the following command to request a certificate: 
+<pre class="screen"><code class="command"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</code></pre>
+
+				</div><div class="para">
+					The <code class="filename">/etc/pki/nssdb</code> file is the global NSS database, and <code class="literal">Server-Cert</code> is the nickname of this certificate. There is nothing special about this name; it can be anything, but it does need to be unique within this database. Use the <code class="command">ipa-getcert list</code> command to display the current status of certificates managed by <span class="application"><strong>certmonger</strong></span>.
+				</div><div class="para">
+					If you use <span class="application"><strong>certmonger</strong></span> to request a certificate for a service, you need to use the <code class="option">-K &lt;principal&gt;</code> option. Without this option, <span class="application"><strong>certmonger</strong></span> assumes it is requesting a certificate for the host service (host/fqdn at REALM). For example:
+				</div><pre class="screen"><code class="command"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K</code>
+<code class="command">HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</code></pre><div class="para">
+					You need to use the <code class="option">-N</code> option to specify the subject when using the <code class="option">-K</code> option. The subject format is as follows: CN=&lt;fqdn&gt;,O=&lt;subject base&gt;
+				</div><div class="para">
+					You can configure the FreeIPA subject base as part of the FreeIPA server installation process; the default value is the same as the default value for the realm name, which is derived from the hostname by default. Use the following command to determine the subject base: 
+<pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code></pre>
+					 FreeIPA will reject requests with invalid subject base values.
+				</div><div class="para">
+					Refer to the <code class="systemitem">certmonger</code> man page and also to <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">Section B.1, “What is certmonger?”</a> for more information.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">6.3.1.3. Using NSS</h4></div></div></div><div class="para">
+					If you need to create an NSS database in which to store your key, use the <code class="command">certutil</code> command as follows: 
+<pre class="screen"><code class="command">$ certutil -N -d /path/to/database/dir</code>
+<code class="command">$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" \</code>
+<code class="command">-d /path/to/database/dir -a &gt; example.csr</code></pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_NSS-CSR_File_Formats"><h5 class="formalpara">CSR File Formats</h5>
+						The format of the CSR is partly dependent upon the CA back end you are using.
+					</div><div class="para">
+					If you are using Dogtag, then the Common Name (CN) is the only part of the request subject that is used; all other components are ignored.
+				</div><div class="para">
+					If you are using the selfsigned CA back end, then the subject must match the configured certificate subject base. You can find this with:
+				</div><pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code>
+
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+					This means you need to use MYDOMAIN.NET for the organization. FreeIPA will reject requests whose subject base differs from this value.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</h3></div></div></div><div class="para">
+				The following procedure describes how to configure <code class="systemitem">NFS</code> on the FreeIPA server and to set up an <code class="systemitem">NFS</code> service principal.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 6.1. Configuring <code class="systemitem">NFS</code> on the FreeIPA Server</h6><ol class="1"><li class="step"><div class="para">
+						Configure the export directory. 
+<pre class="screen"><code class="command"># mkdir /export</code>
+<code class="command"># chmod 777 /export</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure the <code class="filename">/etc/exports</code> file as follows:
+					</div><div class="para">
+						
+<pre class="programlisting">/export  *(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5i(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5p(rw,fsid=0,insecure,no_subtree_check)
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						To enable secure <code class="systemitem">NFS</code>, add the following line to <code class="filename">/etc/sysconfig/nfs</code>
+					</div><div class="para">
+						
+<pre class="programlisting">SECURE_NFS=yes
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Add a service principal and keytab for <code class="systemitem">NFS</code>. 
+<pre class="screen"><code class="command"># ipa service-add nfs/ipaserver.example.com</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com \</code>
+ <code class="command">-k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on an older Fedora machine, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's <code class="systemitem">rpc.gssd</code> and the server's <code class="systemitem">rpc.svcgssd</code> daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="step"><div class="para">
+						Run the following commands to reload the NFS configuration and restart the required services: 
+<pre class="screen"><code class="command"># exportfs -a</code>
+<code class="command"># restart services</code>
+<code class="command"># service nfs restart</code>
+<code class="command"># service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Note the use of the <code class="option">-k</code> option when restarting <code class="systemitem">rpcgssd</code>. This is necessary to update the NFS configuration with the path to the NFS keytab.
+						</div></div></div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</h2></div></div></div><div class="para">
+			Some compliance or company security policies may require that system administrators manually refresh Kerberos tickets, perhaps annually or more frequently. The current version of FreeIPA does not provide automatic renewal of Kerberos tickets.
+		</div><div class="para">
+			Manually refreshing Kerberos tickets is a two step process: you first need to find all of the keytabs that are older than a certain date, and then obtain a new keytab for the host or service in question. This process is described in detail below.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Refreshing_Kerberos_Tickets-How_to_manually_refresh_Kerberos_keytabs"><h6>Procedure 6.2. How to manually refresh Kerberos keytabs</h6><ol class="1"><li class="step"><div class="para">
+					Find all keytabs, both for host services and for any other services, issued before today. Use the following queries (update the dates as necessary): 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Dates are expressed in YYYYMMDD format, and times in HHMMSS format (GMT).
+						</div></div></div>
+
+				</div></li><li class="step"><div class="para">
+					Log into each machine and obtain a new keytab for the given service. To do this, you need to know the location of the keytab on the target system. For example, the default location for the <code class="systemitem">host/</code> principal is <code class="filename">/etc/krb5.keytab</code>. Use the <code class="command">ipa-getkeytab</code> command to retrieve a new <code class="systemitem">host/</code>principal: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM \</code>
+  <code class="command">-s ipa.example.com -k /etc/krb5.keytab</code></pre>
+
+				</div><div class="para">
+					To retrieve a new keytab for the <code class="systemitem">HTTP</code> service, run the following command instead: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM \</code>
+<code class="command">-s ipa.example.com -k /etc/httpd/conf/ipa.keytab</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command does not delete the old keytab in case it already exists in the file.
+					</div></div></div></li></ol></div><div class="para">
+			You can use the <code class="command">klist</code> command to view the new key version number (KVNO): 
+<pre class="screen"><code class="command"># klist -kt /path/to/keytab</code></pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Some services, such as NFSv4, only support a limited set of encryption types. Ensure that you pass the appropriate arguments to the <code class="command">ipa-getkeytab</code> command.
+			</div></div></div></div><div class="section" id="rotating-keys"><div class="titlepage"><div><div><h2 class="title" id="rotating-keys">6.5. Rotating Keys</h2></div></div></div><div class="para">
+			Kerberos keys are similar to passwords, and in the interests of security they should occasionally be changed. The frequency of these changes may be determined by company or other policies. Each key has an associated version number, which are stored in the <em class="parameter"><code>KVNO</code></em> parameter.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Rotating_Kerberos_Keys-Obtaining_a_new_service_principal_Kerberos_key"><h5 class="formalpara">Obtaining a new service principal Kerberos key</h5>
+				Use the <code class="command">ipa-getkeytab</code> command to create a new Kerberos key. For example, use the following command to refresh your FreeIPA keytab: 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+				 This will add a new set of keys to your existing keytab. That is, you should now have two identical sets of principals, each with a separate <em class="parameter"><code>KVNO</code></em>.
+			</div><div class="para">
+			Use the <code class="command">klist</code> command to view the existing keys: 
+<pre class="screen"><code class="command"># klist -kt /etc/dirsrv/ds.keytab</code>
+Ticket cache: FILE:/tmp/krb5cc_0
+Default principal: admin at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+03/08/11 13:57:18  03/09/11 13:57:16  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+03/08/11 13:57:27  03/09/11 13:57:16  HTTP/ipa.example.com at EXAMPLE.COM
+03/08/11 13:57:32  03/09/11 13:57:16  ldap/ipa.example.com at EXAMPLE.COM
+</pre>
+
+		</div><div class="para">
+			Use the <code class="command">kvno</code> command to display the version number of a service ticket that you have been issued: 
+<pre class="screen"><code class="command"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+			 The <code class="option">-c</code> option specifies which credentials cache to use. The credentials cache (Ticket cache) is included in the output of the <code class="command">klist</code> command, above.
+		</div><div class="para">
+			Tickets issued against the old service will continue to work as expected but new tickets will be issued using the highest <em class="parameter"><code>KVNO</code></em>. This is to avoid any disruption to system operations. No service restart should be needed.
+		</div><div class="para">
+			You should maintain the old records for at least the amount of time that valid tickets are issues (8 hours by default) so that any clients that have a ticket encrypted with the old key will continue to work. However, there is no real need to remove old keys.
+		</div><div class="para">
+			FreeIPA does not currently provide an automated method of performing this task for all service tickets. Use the following queries to display a list of all services that have been issued keytabs: 
+<pre class="screen"><code class="command"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code>
+<code class="command"># ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code></pre>
+
+		</div><div class="para">
+			This will display service and host keytab information. It is not possible to determine if it has a key directly, but you can infer that a keytab was issued by looking at the last change date.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</h2></div></div></div><div class="para">
+			If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the server: <code class="filename">/var/log/krb5kdc.log</code>
+					</div></li><li class="listitem"><div class="para">
+						If you were using the framework also look in <code class="filename">/var/log/httpd/error_log</code>
+					</div></li></ul></div>
+
+		</div></div></div><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-automount">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="#sect-
 Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">7.1. About Automount and IPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure <code class="command">automount</code> on <code class="systemitem">Linux</code> and <code class="systemitem">Solaris</code> for use with IPA. It details the procedures and configuration changes necessary to set up <code class="command">automount</code>, the <code class="filename">auto.master</code> file and other map files used by <code class="command">autofs</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Known_Issues_with_Automount-Additional_Schema_Required_for_Some_Systems"><h5 class="formalpara">Additional Schema Required for Some Systems</h5>
+					If you are supporting <code class="systemitem">Solaris</code> clients, you need to use the 2307bis-style <code class="command">automount</code> schema, although Sun's version is NOT identical to the one at <a href="http://people.redhat.com/nalin/schema/autofs.schema">http://people.redhat.com/nalin/schema/autofs.schema</a>.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</h3></div></div></div><div class="para">
+				In order to illustrate the <code class="command">automount</code> configuration procedures, this chapter assumes that: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							The IPA server is correctly installed and operational.
+						</div></li><li class="listitem"><div class="para">
+							The domain is <code class="systemitem">example.com</code>.
+						</div></li><li class="listitem"><div class="para">
+							The NFS server is also configured as an IPA client.
+						</div></li><li class="listitem"><div class="para">
+							You have root access to the server where you want <code class="command">autofs</code> to work. For the purposes of this exercise, this server is called <code class="systemitem">nfsserver.example.com</code>
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">nfsserver.example.com</code> server can communicate with the <code class="systemitem">LDAP</code> server for users and groups.
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">NFS</code> service is running on <code class="systemitem">nfsserver.example.com</code>
+						</div></li></ul></div>
+
+			</div><div class="para">
+				This chapter also assumes that the user has at least a basic understanding of <code class="systemitem">NFS</code> and automount.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Assumptions-NFS_Configuration"><h5 class="formalpara">NFS Configuration</h5>
+					Configuring <code class="systemitem">NFS</code> is beyond the scope of this document. Refer to the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html</a> for information on how to configure <code class="systemitem">NFS</code>.
+				</div><div class="para">
+				The following is an example of a suitable entry in the <code class="filename">/etc/exports</code> file:
+			</div><pre class="programlisting">/home 192.168.1.0/16 (rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
+</pre><div class="para">
+				You should test that you can mount the <code class="filename">/home</code> directory from the command line before proceeding with the <code class="command">automount</code> configuration. This makes troubleshooting easier if the configuration does not work.
+			</div></div></div><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">7.2. Configuring Automount</h2></div></div></div><div class="para">
+			IPA natively supports automount and so only minimal configuration is required. IPA 2.0 also introduces the concept of a <em class="firstterm">location</em>, which allows for different sets of maps for different purposes, or locations. 
+			<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					You can direct different clients to use different map sets. These map sets use a tree structure, which means that you cannot share maps between locations.
+				</div></div></div>
+			 Any extra steps required for configuring automount on Linux or Solaris are described below. Refer to the <code class="command">ipa help automount</code> help page for more information and a list of available commands.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-To_configure_autofs_on_Linux"><h6>Procedure 7.1. To configure autofs on Linux:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/sysconfig/autofs</code> file as follows. This specifies the attributes that <code class="command">autofs</code> searches for:
+					</div><pre class="programlisting">#
+# Other common LDAP naming
+#
+MAP_OBJECT_CLASS="automountMap"
+ENTRY_OBJECT_CLASS="automount"
+MAP_ATTRIBUTE="automountMapName"
+ENTRY_ATTRIBUTE="automountKey"
+VALUE_ATTRIBUTE="automountInformation"
+</pre></li><li class="step"><div class="para">
+						You also need to specify which <code class="systemitem">LDAP</code> server to use, and the <em class="parameter"><code>basedn</code></em> for <code class="systemitem">LDAP</code> searches:
+					</div><pre class="programlisting">LDAP_URI="ldap://ipa.example.com"
+SEARCH_BASE="cn=&lt;location&gt;,cn=automount,dc=example,dc=com"
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							The default value for <em class="parameter"><code>location</code></em> is <code class="literal">default</code>.
+						</div></div></div></li><li class="step"><div class="para">
+						Save the file and restart <code class="systemitem">autofs</code>:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># service autofs restart</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">7.2.1.1. Testing the Configuration</h4></div></div></div><div class="para">
+					Test the configuration by attempting to list a user's <code class="filename">/home</code> directory:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+				</div><div class="para">
+					If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors or other indications of what the problem might be. You can also increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</h3></div></div></div><div class="para">
+				The following procedure describes the steps required to configure <code class="command">automount</code> for <code class="systemitem">Solaris</code>.
+			</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+						If the <code class="systemitem">NFS</code> server is running on <code class="systemitem">Linux</code>, you need to specify on the <code class="systemitem">Solaris</code> machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
+					</div><pre class="programlisting">NFS_CLIENT_VERSMAX=3
+</pre></li><li class="step"><div class="para">
+						IPA does not configure automount by default, so you need to use the <code class="command">ldapclient</code> command to manually configure your host to use LDAP:
+					</div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none \
+-a defaultSearchBase=dc=example,dc=com \
+-a defaultServerList=ipa.example.com \
+-a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com \
+-a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com \
+-a serviceSearchDescriptor=auto_master:automountMapName=auto.master, \
+	cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a serviceSearchDescriptor=auto_home:automountMapName=auto_home, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a objectClassMap=shadow:shadowAccount=posixAccount \
+-a searchTimelimit=15 \
+-a bindTimeLimit=5
+</pre></li><li class="step"><div class="para">
+						Enable <code class="command">automount</code> as follows:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># svcadm enable svc:/system/filesystem/autofs</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">7.2.2.1. Testing the Configuration</h4></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Testing_the_Configuration-_To_test_the_automount_configuration_run_the_following_commands_"><h6>Procedure 7.2.  To test the <code class="command">automount</code> configuration, run the following commands: </h6><ol class="1"><li class="step"><div class="para">
+							
+<pre class="screen"><code class="command"># ldapclient -l auto_master</code>
+dn: automountkey=/home,automountmapname=auto.master,cn=&lt;location&gt;,cn=automount,dc=example,dc=com
+objectClass: automount
+objectClass: top
+automountKey: /home
+automountInformation: auto.home
+</pre>
+
+						</div></li><li class="step"><div class="para">
+							Attempt to list a user's <code class="filename">/home</code> directory:
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+						</div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</h3></div></div></div><div class="para">
+				An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
+			</div><div class="para">
+				The following example creates an indirect map for <code class="filename">/usr/man</code> using the built-in IPA commands. This creates a single indirect map, <code class="filename">/usr/man/man1</code>, which:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Creates a new <code class="command">automount</code> map called <code class="filename">auto.man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds <code class="filename">auto.man</code> to <code class="filename">auto.master</code> on the mount point <code class="filename">/usr/man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds an indirect mount of <code class="filename">man1</code> to <code class="filename">auto.man</code>
+					</div></li></ul></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-How_to_create_an_indirect_map"><h6>Procedure 7.3. How to create an indirect map:</h6><ol class="1"><li class="step"><div class="para">
+						Create a new location:
+					</div><pre class="screen"><code class="command">$ ipa automountlocation-add baltimore</code>
+  Location: baltimore</pre></li><li class="step"><div class="para">
+						Create a map for man pages:
+					</div><pre class="screen"><code class="command">$ ipa automountmap-add baltimore auto.man</code>
+  Map: auto.man</pre></li><li class="step"><div class="para">
+						Add this map to the location's auto.master on the mount point /usr/man:
+					</div><pre class="screen"><code class="command">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man</code>
+  Key: /usr/man
+  Mount information: auto.man</pre></li></ol></div><div class="para">
+				Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
+			</div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
+/etc/auto.master:
+/-      /etc/auto.direct
+/usr/man        /etc/auto.man
+---------------------------
+/etc/auto.direct:
+---------------------------
+/etc/auto.man:</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_an_Indirect_Map_on_Solaris"><h5 class="formalpara">Configuring an Indirect Map on Solaris</h5>
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
+  cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">7.2.3.1. Configuring Direct Maps</h4></div></div></div><div class="para">
+					Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
+				</div><div class="para">
+					To add a direct map configuration, IPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
+				</div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automount
+    automountKey: '/-'
+    automountInformation: auto.direct
+</pre><pre class="programlisting">automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automountMap
+    automountMapName: auto.direct
+</pre><div class="para">
+					Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
+				</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Direct_Maps-How_to_create_a_direct_map"><h6>Procedure 7.4. How to create a direct map:</h6><ol class="1"><li class="step"><div class="para">
+							Create a new location:
+						</div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
+  Location: brisbane</pre></li><li class="step"><div class="para">
+							Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
+						</div><pre class="screen"><code class="command">$ ipa automountkey-add brisbane auto.direct --key=/share \</code>
+  <code class="command">--info="-ro,soft, ipaserver.ipadocs.org:/home/share"</code>
+  Key: /share
+  Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</h3></div></div></div><div class="para">
+				The following pages were used as references for this work:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://efod.se/blog/archive/2006/06/27/autofs-and-ldap">http://efod.se/blog/archive/2006/06/27/autofs-and-ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://www.linuxjournal.com/article/6266">http://www.linuxjournal.com/article/6266</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/showthread.php?t=138992">http://forums.fedoraforum.org/showthread.php?t=138992</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap">http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide">http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide</a>
+					</div></li></ul></div></div></div></div><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_S
 ynchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7.
  Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
+		To synchronize user identity information between 389 Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the 389 Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between 389 Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the <em class="parameter"><code>ipaWinSyncUserAttr</code></em> parameter to specify which attributes and values to add to new users that are synchronized from Active Directory.
+	</div><div class="section" id="about-active-directory"><div class="titlepage"><div><div><h2 class="title" id="about-active-directory">8.1. About Active Directory, IPA, and Identity Management</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</h3></div></div></div><div class="para">
+				IPA clients find, or discover, IPA servers using a process known as <em class="firstterm">Service Discovery</em>. This can occur automatically, using DNS, or manually, by entering the IPA server details during the client configuration phase. If your Active Directory installation is in the same domain as the IPA server, it is possible that when you install IPA clients they will not discover the IPA server, but rather the Active Directory DNS. This means that IPA commands run on the client will fail because the client cannot contact the IPA server.
+			</div><div class="para">
+				To avoid this situation, use a separate domain for your IPA and Active Directory servers. If this is not possible, use the <em class="parameter"><code>--force</code></em> parameter when you run the <code class="command">ipa-client-install</code> script.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</h2></div></div></div><div class="para">
+			The Windows Sync utility requires TLS/SSL to synchronize password changes. Therefore, you need to set up Active Directory as an SSL server. The easiest way to achieve this is to install Microsoft Certificate System in Enterprise Root Mode; Active Directory will then automatically enroll to retrieve its SSL server certificate.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You need to install both the <code class="command">winsync</code> and <code class="command">passsync</code> utilities to synchronize User IDs and attributes as well as passwords.
+			</div><div class="para">
+				You need to install the <code class="command">passsync</code> utility on all AD domain controllers to enable password synchronization from AD to IPA.
+			</div></div></div><div class="para">
+			Refer to the <a href="http://directory.fedoraproject.org/wiki/Howto:WindowsSync">Fedora Project Windows Sync Howto</a> for information on setting up Active Directory as an SSL server.
+		</div><div class="para">
+			After you have installed Microsoft Certificate System, you need to save the CA certificate in ASCII (PEM) format. This CA Certificate is required to create the synchronization agreement.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-To_save_the_CA_certificate_in_ASCII_format"><h6>Procedure 8.1. To save the CA certificate in ASCII format:</h6><ol class="1"><li class="step"><div class="para">
+					Navigate to My Network Places and drill down to the CA distribution point. On Windows 2003 Server this is typically <code class="filename">C:\WINDOWS\system32\certsrv\CertEnroll\</code>
+				</div></li><li class="step"><div class="para">
+					Double-click the security certificate file (<code class="filename">.crt</code> file) to display the <span class="guilabel"><strong>Certificate</strong></span> dialog box.
+				</div></li><li class="step"><div class="para">
+					On the <span class="guilabel"><strong>Details</strong></span> tab, click <span class="guibutton"><strong>Copy to File</strong></span> to start the <span class="application"><strong>Certificate Export Wizard</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>Next</strong></span>, select <span class="guilabel"><strong>Base-64 encoded X.509 (.CER)</strong></span> and then click <span class="guibutton"><strong>Next</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Specify a suitable directory and file name for the exported file. The file name is not important. Click <span class="guibutton"><strong>Next</strong></span> to export the certificate, and then click <span class="guibutton"><strong>Finish</strong></span>. You should receive a message stating that the export was successful.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>OK</strong></span> to exit the wizard.
+				</div></li></ol></div><div class="para">
+			Refer to <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">Section 8.4, “Creating Synchronization Agreements”</a> for information on how to use the CA Certificate to create the synchronization agreement.
+		</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-Select_Base_64_encoded_X.509_to_export_the_security_certificate_as_ASCII"><div class="figure-contents"><div class="mediaobject" align="center"><img src="images/ASCII_Cert_Export.png" align="middle" alt="Select Base-64 encoded X.509 to export the security certificate as ASCII" /></div></div><h6>Figure 8.1. Select Base-64 encoded X.509 to export the security certificate as ASCII</h6></div><br class="figure-break" /></div><div class="section" id="configuring-active-directory"><div class="titlepage"><div><div><h2 class="title" id="configuring-active-directory">8.3. Configuring Active Directory Synchronization</h2></div></div></div><div class="para">
+			The Windows Sync plug-in is installed on the IPA server, and enables one-way replication of users and groups from Windows to IPA. The <code class="command">ipa-server-install</code> script automatically installs the plug-in configuration entry and enables it by default. The Windows Sync plug-in is only ever called if Windows Sync is used.
+		</div><div class="para">
+			The passsync plug-in for Windows uses a standard <code class="command">ldapmodify</code> operation to change users' passwords. These operations take effect immediately, and are still normally subject to password policy settings. When the special user used by passsync sets the password, these password policies should be bypassed and the password should not be set to immediately expire, as is the case when a normal administrator resets a user password. To achieve this, you need to add a list of passSync Manager DNs to the password plug-in configuration. These users will be exempt from password policy enforcement in the same way that the Directory Manager is exempt. This currently requires a manual configuration, as follows:
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Windows_Sync_on_the_IPA_Server-To_add_a_list_of_passSync_Manager_DNs_to_the_password_plug_in_configuration"><h6>Procedure 8.2. To add a list of passSync Manager DNs to the password plug-in configuration:</h6><ol class="1"><li class="step"><div class="para">
+					As Directory Manager, modify the entry <em class="parameter"><code>cn=ipa_pwd_extop,cn=plugins,cn=config</code></em>
+				</div></li><li class="step"><div class="para">
+					Add or update the <em class="parameter"><code>passSyncManagersDNs</code></em> attribute. This is a multi-valued list of DNs that bypass password policy.
+				</div></li></ol></div><div class="para">
+			The following is an example of adding the new entry <code class="literal">uid=admin</code>:
+		</div><pre class="screen">% ldapmodify -x -D "cn=Directory Manager" -W
+Enter LDAP Password: *******
+dn: cn=ipa_pwd_extop,cn=plugins,cn=config
+changetype: modify
+add: passSyncManagersDNs
+passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=example,dc=com
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The entry <em class="parameter"><code>cn=Directory Manager</code></em> always bypasses policy and does not need to be explicitly listed.
+			</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa-replica-manage connect</code> command to create synchronization agreements. The following command-line arguments apply to creating synchronization agreements:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<code class="option">--winsync</code> — specifies that this is a Windows Sync agreement. Winsync replication occurs every five minutes.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--binddn</code> — the full DN of the user to use. The DS will bind to Active Directory as this user to read and write changes. This user requires read, search, and write permissions on the Active Directory subtree, including password changes, as well as permission to use the DirSync control (that is, it must be able to use replication).
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--bindpw</code> — the password for the user specified by the <code class="option">--binddn</code> argument.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--passsync</code> — the password for the Windows PassSync user, and a required argument to <code class="command">ipa-replica-manage</code> when creating winsync agreements.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--cacert</code> — the full path and file name of the ASCII/PEM-encoded Windows Active Directory CA certificate. This certificate will be installed in the Directory Server certificate database as "Imported CA".
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--win-subtree</code> — the DN of the Windows subtree containing the users you want to synchronize. The default value is <em class="parameter"><code>cn=Users,$SUFFIX</code></em> — this is what Windows AD typically uses as the default value.
+				</div></li></ul></div><div class="para">
+			The following example illustrates adding a new WinSync agreement:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Creating_Synchronization_Agreements-Adding_a_WinSync_agreement_between_an_IPA_server_and_an_AD_server."><h6>Example 8.1. Adding a WinSync agreement between an IPA server and an AD server.</h6><div class="example-contents"><pre class="screen"><code class="command">ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=example,dc=com \</code>
+<code class="command">--bindpw password --passsync password --cacert /path/to/certfile.cer adserver.example.com -v</code></pre></div></div><br class="example-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</h2></div></div></div><div class="para">
+			You can change the behavior of the synchronization agreement to suit the changing needs of your organization. You can modify a number of attributes related to the synchronization agreement using default tools provided with IPA.
+		</div><div class="para">
+			The following example illustrates changing the synchronization behavior of account lock status. By default, account lock status is synchronized between IPA and AD. This means that accounts that are locked in IPA are also locked (disabled) in AD, and vice versa. You can change this synchronization behavior as follows:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Configuring_the_IPA_WinSync_agreement_to_not_synchronize_account_lock_status_information."><h6>Example 8.2. Configuring the IPA WinSync agreement to not synchronize account lock status information.</h6><div class="example-contents"><pre class="screen"><code class="command">$ ldapmodify -x -D "cn=directory manager" -w password</code>
+dn: cn=ipa-winsync,cn=plugins,cn=config
+changetype: modify
+replace: ipaWinSyncAcctDisable
+ipaWinSyncAcctDisable: none
+
+modifying entry "cn=ipa-winsync,cn=plugins,cn=config"
+</pre></div></div><br class="example-break" /><div class="para">
+			The default value of the <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> attribute is <code class="literal">both</code>. If you change this value to <code class="literal">none</code>, as described in the example, account lock status synchronization is completely disabled. Valid values for <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> are <code class="literal">both</code>, <code class="literal">to_ad</code>, <code class="literal">to_ds</code>, and <code class="literal">none</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</h3></div></div></div><div class="para">
+				When you create synchronization agreements, two default containers are used as the source of the user accounts to synchronize between IPA and Windows Active Directory. IPA uses the <em class="parameter"><code>cn=users,cn=accounts,$SUFFIX</code></em> subtree as the default container, and Windows uses the <em class="parameter"><code>CN=Users,$SUFFIX</code></em> subtree. You can use the <em class="parameter"><code>--win-subtree</code></em> argument to the <code class="command">ipa-replica-manage connect</code> command to override the default Windows subtree.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					If you pass such arguments to the bash or other shell, ensure that you quote spaces and other shell metacharacters. For example, the argument <em class="parameter"><code>--win-subtree=cn=users, dc=example, dc=com</code></em> will fail. The argument <em class="parameter"><code>--win-subtree="cn=users, dc=example, dc=com"</code></em> will succeed.
+				</div></div></div><div class="para">
+				IPA does not currently support modifying the default synchronization container while you are creating the synchronization agreement. You can, however, change the container after the agreement has been established. To do so, you can either modify the <code class="filename">dse.ldif</code> file directly (ensure that you stop the directory server before editing this file), or use <code class="command">ldapmodify</code> to change <em class="parameter"><code>nsds7WindowsReplicaSubtree</code></em>.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</h2></div></div></div><div class="para">
+			You can use the IPA administration tools to delete existing synchronization agreements. For example, to delete an agreement with the AD server <code class="systemitem">adserver.example.com</code>, run the following command:
+		</div><div class="para">
+			<code class="command"># ipa-replica-manage disconnect adserver.example.com</code>
+		</div><div class="para">
+			This removes the replication agreement between the IPA and AD servers. To complete the operation, you need to remove the AD certificate from the IPA server. Run the following command to remove the AD certificate:
+		</div><div class="para">
+			<code class="command"># certutil -D -d /etc/dirsrv/slapd-$REALM/ -n "Imported CA"</code>
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7. Winsync Agreement Failures</h2></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Symptom"><h5 class="formalpara">Symptom</h5>
+				If the creation of a winsync agreement fails, you may see an error message similar to the following: 
+<pre class="screen">"Update failed! Status: [81  - LDAP error: Can't contact LDAP server]
+</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Cause"><h5 class="formalpara">Cause</h5>
+				One example of this error occurring is if you use an invalid Windows Server Certificate when creating the winsync agreement. This can result in the wrong certificates being created in the certificate database in the <code class="filename">/etc/dirsrv/slapd-DOMAIN-NAME/</code> directory, and with same name, for example "Imported CA". The following is an example of a corrupt certificate database after such a failure (note the duplicate "Imported CA" entries): 
+<pre class="screen"><code class="command">$ certutil -L -d /etc/dirsrv/slapd-DOMAIN-NAME/</code>
+
+Certificate Nickname                                         Trust Attributes
+SSL,S/MIME,JAR/XPI
+
+CA certificate                                               CTu,u,Cu
+Imported CA                                                  CT,,C
+Server-Cert                                                  u,u,u
+Imported CA                                                  CT,,C</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Solution"><h5 class="formalpara">Solution</h5>
+				To resolve this issue, you need to clear the certificate database, as follows: 
+<pre class="screen"><code class="command"># certutil -d /etc/dirsrv/slapd-DOMAIN-NAME -D -n "Imported CA"</code></pre>
+
+			</div><div class="para">
+			This will delete the CA from the AD server ("Imported CA"). You need to do this after each failed invocation.
+		</div><div class="para">
+			You may also see the following message:
+		</div><pre class="screen">"Windows PassSync entry exists, not resetting password"
+</pre><div class="para">
+			This is not an error, but rather a notification that IPA is not re-adding the <code class="systemitem">passync</code> user, and neither is it changing the original password. The <code class="systemitem">passync</code> user is a special user entry that can change passwords in IPA.
+		</div></div></div><div xml:lang="en-US" class="chapter" id="nis" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. Identity: Integrating with NIS Domains and Netgroups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="#sec
 t-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="#migrintg-from-nis">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></div><div class="section" id="about-nis"><div class="titlepage"><div><div><h2 class="title" id="about-nis">9.1.
  About NIS and IPA</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</h3></div></div></div><div class="para">
+				Netgroups are a concept introduced in the directory service NIS. They were designed to contain users, hosts (machines) and other netgroups. A netgroup is a user-host-domain triplet. Refer to the following for more details about netgroups and their uses:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4">http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F">http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F</a>
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Do not read beyond the section "What are NIS netgroups good for?"; netgroup entries are different in IPA.
+				</div></div></div><div class="para">
+				Despite this difference, it is important to underline that there are two plug-ins in IPA that make the data in the new format available via NIS or the old standard RFC2307 and RFC2307bis LDAP schema. For details, refer to the documentation and examples at: <a href="https://fedorahosted.org/slapi-nis/">https://fedorahosted.org/slapi-nis</a>. The entries stored using the new schema are converted into the standard NIS netgroup map and served via the NIS protocol by the first plug-in described on the slapi-nis project page and the compatibility plug-in can be used to create a virtual LDAP view that matches the standard 2307 or 2307bis schema for netgroups using the IPA-specific schema.
+			</div><div class="para">
+				Historically, netgroups have been used to define groups of hosts or users. The advantage of netgroups for user aggregation has been that netgroups allow nesting while normal UNIX user groups do not. Netgroups also provide the only way to aggregate hosts. There is no notion of host groups in NIS, although for effective centralized system management they are definitely needed. It is important to understand that netgroups are collections of entities, be they users, hosts, or both, but there is no relation between particular user-host pairs defined in the netgroup triplet.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</h3></div></div></div><div class="para">
+				IPA defines both user groups and host groups, each of which allow nesting. This is a much cleaner way of aggregation and allows better separation of duties and access control. In an IPA deployment, netgroups are a much less attractive approach to grouping than with other LDAP-based systems compliant with RFC 2307 (this defines the LDAP schema for users, groups, netgroups and other maps).
+			</div><div class="para">
+				Client-side applications, for example, SUDO, need netgroups because there is no alternative to host grouping on the client side. Consequently, netgroups are far from obsolete on the client side. A lot of effort is still required within SSSD and IPA to provide clean interfaces to reliably (both online and offline) relay centrally-managed information to applications running on a client machine. IPA therefore provides a way to define and store netgroups, but they are viewed as secondary to user groups and host groups.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">9.1.2.1. How IPA Stores Netgroups</h4></div></div></div><div class="para">
+					IPA stores netgroups in a different format from that specified in RFC2307 and RFC2307bis. The netgroup entries defined by the IPA schema allow relating different objects (users, groups, hosts, host groups) to each other. IPA also provides what is known as a <em class="firstterm">compat (compatibility)</em> plug-in. This plug-in creates a virtual view of the data stored in native IPA entries in the format expected by the RFC-compliant clients. This means that even though the internal data representation of netgroups is different from the RFC, this deviation does not affect clients due to the presence of the <code class="systemitem">compat</code> plug-in.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Comparison_of_Schema"><h5 class="formalpara">Comparison of Schema</h5>
+						To realize the differences, we can compare the standard RFC schema for netgroups and the schema used by IPA. IPA defines the following object class:
+					</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup'
+  DESC 'IPA version of NIS netgroup'
+  SUP ipaAssociation
+  STRUCTURAL
+  MAY ( externalHost $ nisDomainName $ member $ memberOf )
+  X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The IPA netgroup object class is derived from the association object class:
+				</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation'
+    ABSTRACT
+    MUST ( ipaUniqueID $ cn )
+    MAY ( memberUser $ userCategory $
+    memberHost $ hostCategory $
+    ipaEnabledFlag $ description )
+    X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The RFC2307bis schema defines the netgroup object as:
+				</div><pre class="programlisting">objectClasses: (1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+    SUP top
+    STRUCTURAL
+    DESC 'Abstraction of a netgroup. May refer to other netgroups'
+    MUST cn
+    MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Discussion"><h5 class="formalpara">Discussion</h5>
+						The <em class="parameter"><code>nisNetgroupTriple</code></em> is a string consisting of the host-user-domain triplet. The IPA format allows referencing of other objects present in IPA, such as users and groups, instead of manually adding them to the value of the netgroup triplet. Such an arrangement provides a better administrative experience when a user or group is removed or renamed. Inspecting the <em class="parameter"><code>memberUser</code></em> attribute of the association, you can see that it can hold the DN of a user or a user group. In the same way, the <em class="parameter"><code>memberHost</code></em> attribute can hold a reference to a host or a host group entry. This means that the netgroup can function as a wrapper for groups of users and groups of hosts.
+					</div><div class="para">
+					For examples and more information on the meaning of the user and host category attributes, refer to: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities ">http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities </a>
+							</div></li><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Netgroups">http://www.freeipa.org/page/DS_Design_Summary#Netgroups</a>
+							</div></li></ul></div>
+
+				</div></div></div><div class="section" id="adding-netgroups"><div class="titlepage"><div><div><h3 class="title" id="adding-netgroups">9.1.3. Adding Netgroups</h3></div></div></div><div class="para">
+				NIS groups traditionally contain a so-called netgroup triple of the format: (machine, user, domain)
+			</div><pre class="screen">machine - machine name, a host name
+user - user name
+domain - NIS domain of the machine and user
+</pre><div class="para">
+				IPA does not use this triple. Instead, it uses the membership relationship between LDAP entries. It is a simple matter to add users, hosts, and even their groups as members of a netgroup. The domain field is constant for each netgroup and defaults to the current IPA domain.
+			</div><div class="para">
+				The following is an example of a netgroup displayed using the IPA CLI:
+			</div><pre class="screen"><code class="command"># ipa netgroup-show net1</code>
+Netgroup name: net1
+Description: test netgroup
+NIS domain name: panda
+Member User: admin
+Member Host: icefloat.panda</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There is no necessary relationship between the machine and the user. Only one of those fields is usually used at a time to avoid confusion.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</h3></div></div></div><div class="para">
+				The IPA netgroup management plug-in conforms to the Create, Read, Update, Delete (CRUD) command-naming conventions used in all other plug-ins that ship with the default IPA installation. You can use the following command to display a list of the IPA commands available for working with netgroups:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command"># ipa help netgroup</code></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Creating_New_Netgroups"><h5 class="formalpara">Creating New Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add</code> command to add new netgroups to IPA:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				NAME - the name of the netgroup (can be anything, but must be unique)
+			</div><div class="para">
+				DESCRIPTION - the netgroup description (required)
+			</div><div class="para">
+				NISDOMAIN - the NIS domain name. Defaults to the current IPA domain
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Deleting_Netgroups"><h5 class="formalpara">Deleting Netgroups</h5>
+					Use the <code class="command">ipa netgroup-del</code> command to delete IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-del NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Displaying_Netgroups"><h5 class="formalpara">Displaying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-show</code> command to display information about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-show NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Modifying_Netgroups"><h5 class="formalpara">Modifying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-mod</code> command to modify details about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				Same as <code class="command">ipa netgroup-add</code>, except modifying the description is required and NISDOMAIN does not default to anything.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Searching_for_Netgroups"><h5 class="formalpara">Searching for Netgroups</h5>
+					Use the <code class="command">ipa netgroup-find</code> command to search for IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] [--uuid=UUID]</code></pre><div class="para">
+				CRITERIA is an optional substring, and if included in the query it must appear in either the name, the description or the NIS domain of the groups you are searching for. Other options are the same as <code class="command">ipa netgroup-add</code>, except that nothing is required and there are no default values. There is a new <code class="envar">UUID</code> option that allows searching netgroups by <code class="envar">ipaUniqueID</code>. If one of these options is set, the command returns only exact matches of this option.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Adding_Users_and_Hosts_to_Netgroups"><h5 class="formalpara">Adding Users and Hosts to Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add-member</code> command to add users and hosts to IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] [--hosts=HOSTS] \</code>
+  <code class="command">[--hostgroups=HOSTGROUPS] [--netgroups=NETGROUPS]</code></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Removing_Users_and_Hosts_From_Netgroups"><h5 class="formalpara">Removing Users and Hosts From Netgroups</h5>
+					Use the <code class="command">ipa netgroup-remove-member</code> command to remove users and hosts from IPA netgroups:
+				</div><pre class="screen">
+		<div class="cmdsynopsis"><p><code class="command">ipa netgroup-remove-member</code> {
+					NAME
+				} [
+					--users=USERS
+				] [
+					--groups=GROUPS
+				] [
+					--hosts=HOSTS
+				] [
+					--hostgroups=HOSTGROUPS
+				] [
+					--netgroups=NETGROUPS
+				]</p></div></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">9.1.4.1. Examples</h4></div></div></div><div class="para">
+					The following examples provide an introduction to using the <code class="command">ipa netgroup-*</code> commands:
+				</div><pre class="screen">
+<code class="command"># ipa netgroup-add net0 --desc="test netgroup"</code>
+  Netgroup name: net0
+  Description: test netgroup
+  NIS domain name: pavlova
+  IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a
+
+<code class="command"># ipa netgroup-mod net0 --desc="description change"</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+
+<code class="command"># ipa netgroup-add-member net0 --users=admin --hosts=testbox.pavlova</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member User: admin
+  Member Host: testbox.pavlova
+-------------------------
+Number of members added 2
+-------------------------
+
+<code class="command"># ipa netgroup-remove-member net0 --users=admin</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member Host: testbox.pavlova
+---------------------------
+Number of members removed 1
+---------------------------
+
+<code class="command"># ipa netgroup-del net0</code>
+
+<code class="command"># ipa netgroup-show net0</code>
+ipa: ERROR: no such entry
+</pre></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">9.2. Configuring the Network Information Service (NIS)</h2></div></div></div><div class="para">
+			The Network Information Service (NIS) is an RPC service, used in conjunction with <code class="systemitem">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+		</div><div class="para">
+			IPA provides a NIS server plug-in to facilitate the integration of NIS clients with an IPA domain, including exposing any automount maps that have been configured.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</h3></div></div></div><div class="para">
+				Currently, when the NIS service is enabled, the server is automatically configured to serve the NIS domain with the IPA domain's name, and to serve IPA users, groups, and netgroups (passwd, group, and netgroup maps) to the NIS domain.
+			</div><div class="para">
+				If you have defined automount maps, these maps need to be manually added to the NIS server plug-in's configuration in the directory server in order to expose them to NIS clients.
+			</div><div class="para">
+				The NIS plug-in needs to know the name of the NIS domain, the name of the NIS map, how to find the directory entries to use as the NIS map's contents, and which attributes to use as the NIS map's key and value. Most of these settings will be the same for every map.
+			</div><div class="para">
+				The IPA server stores the automount maps, grouped by automount location, in the <em class="parameter"><code>cn=automount</code></em> branch of the IPA domain's tree.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">9.2.1.1. Example Automount Map Configuration</h4></div></div></div><div class="para">
+					If you have created an automount map named <code class="filename">auto.example</code> in a location named "default", you first need to add an entry to the configuration for the NIS server running on a host named <code class="systemitem">dirsrv</code>, as follows: 
+<pre class="screen">LOCATION=default
+NISDOMAIN=example.com
+NISMAP=auto.master
+NISSERVER=dirsrv
+IPASUFFIX=`echo ${NISDOMAIN} | sed -e 's,^,dc=,g' -e 's,\.,\,dc=,g'`
+
+ldapadd -h ${NISSERVER} -x -D "cn=Directory Manager" -W &lt;&lt; EOF
+dn: nis-domain=${NISDOMAIN}+nis-map=${NISMAP},
+ cn=NIS Server, cn=plugins, cn=config
+objectClass: extensibleObject
+nis-domain: ${NISDOMAIN}
+nis-map: ${NISMAP}
+nis-filter: (objectclass=automount)
+nis-key-format: %{automountKey}
+nis-value-format: %{automountInformation}
+nis-base: automountmapname=${NISMAP}, ${LOCATION:+cn=${LOCATION},}
+ cn=automount, ${IPASUFFIX}
+
+EOF
+</pre>
+
+				</div><div class="para">
+					This entry instructs the plug-in to create a map named <code class="filename">auto.master</code> in the domain named <code class="systemitem">${NISDOMAIN}</code>, and that the data for that map should be read from the entries at and below <em class="parameter"><code>automountmapname=${NISMAP}</code></em>, which exists inside a container named <code class="systemitem">cn=${LOCATION}</code>. This container is in the automount section of the IPA data store. The keys for the entries in the automount map in NIS are the values of the <em class="parameter"><code>automountKey</code></em> attribute for the directory server entries, and the corresponding values in the NIS map are the values of the <em class="parameter"><code>automountInformation</code></em> attribute in those same entries.
+				</div><div class="para">
+					You then need to repeat the process for the <code class="filename">auto.direct</code> map, and then any other maps that you have defined.
+				</div></div></div></div><div class="section" id="migrintg-from-nis"><div class="titlepage"><div><div><h2 class="title" id="migrintg-from-nis">9.3. Migrating from NIS to IPA</h2></div></div></div><div class="para">
+			The IPA development team researched the topic of how netgroups are typically used in order to better determine an optimal migration design solution. This research shows that the main use cases for netgroups are the aggregation of users and the aggregation of hosts, but not both at the same time. IPA does not provide a special script or command to facilitate the migration of customers' existing netgroups to IPA. This operation must be performed by the system administrator himself or with the help of professional services. This chapter provides some guidelines to ease the process of migrating netgroups to IPA.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</h3></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					These procedures are guidelines only, and are provided to help clean your environment and make it more manageable. It is not a definitive set of instructions, and administrators need to be creative and factor in the real constraints present in their environment. If any steps described below are not possible due to independent conditions, we recommend migrating netgroups on a one-to-one basis. This is described later in this chapter.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment"><h6>Procedure 9.1. To prepare your environment</h6><ol class="1"><li class="step"><div class="para">
+						Inspect your client applications and determine which kind of grouping information they need from the central server. For example, if netgroups exist that contain only users, and any applications that rely on these netgroups can be converted to use UNIX groups instead of netgroups, then we recommend doing so. If this is not possible, we still recommend creating UNIX groups out of the netgroups. If no applications use them, we recommend deleting these netgroups altogether. Refer to the following example:
+					</div><ol class="a"><li class="step"><div class="para">
+								Given the following netgroup: <code class="systemitem">(host1, user1, )(host2, user2,)(host3, user3, )...</code>, create a group consisting of the users <code class="systemitem">user1</code>, <code class="systemitem">user2</code>, and <code class="systemitem">user3</code> (assuming it does not already exist).
+							</div></li><li class="step"><div class="para">
+								Create a netgroup that has a <em class="parameter"><code>memberUser</code></em> attribute equal to the DN of the newly-created group. This netgroup will be equivalent to your original netgroup.
+							</div></li></ol></li><li class="step"><div class="para">
+						Migrating hosts is more straightforward. The creation of a host group automatically triggers the creation of a netgroup that is linked to the newly-created host group. This functionality is enabled by default, and can be managed with the following commands: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage status</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage disable</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage enable</code>
+								</div></li></ul></div>
+
+					</div><div class="para">
+						This can be disabled when the clients no longer use netgroups for aggregation of hosts.
+					</div></li><li class="step"><div class="para">
+						If none of the above recommendations are possible and the netgroups need to be converted on a one-to-one basis, then:
+					</div><ol class="a"><li class="step"><div class="para">
+								Ensure that all users referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Ensure that all hosts referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Create a netgroup with the same name as the original netgroup.
+							</div></li><li class="step"><div class="para">
+								Add users and hosts as direct members of the netgroup, or, alternatively, put them into groups and then add those groups as members to the netgroup.
+							</div><div class="para">
+								For IPA clients, both methods result in the same thing — having the users and hosts managed in the netgroup — but from an administrative perspective, it may be simpler in some environments to use one option instead of the other.
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</h3></div></div></div><div class="para">
+				There are three main approaches that can be taken to the actual migration procedure:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dump the netgroups from the source into an LDIF file.
+							</div></li><li class="listitem"><div class="para">
+								Create a script that follows the instructions in <a class="xref" href="#proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment">Procedure 9.1, “To prepare your environment”</a> to convert the LDIF format into an LDIF file that contains IPA native objects.
+							</div></li><li class="listitem"><div class="para">
+								Run the conversion script and load the resulting LDIF file into IPA using the <code class="command">ldapmodify</code> command.
+							</div><div class="para">
+								Refer to <a href="http://linux.die.net/man/1/ldapmodify">http://linux.die.net/man/1/ldapmodify</a> or a similar man page for more details.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Create a script to retrieve data from the source (by parsing the LDIF file or by connecting to the original source of information using the client utility).
+							</div></li><li class="listitem"><div class="para">
+								Create a second script that invokes a sequence of IPA CLI commands. This script uses the information from the first script to create user, user group, host, host group and netgroup entries, and to create the appropriate associations.
+							</div><div class="para">
+								Refer to the IPA CLI help system for more details. Use the <code class="command">ipa help</code> command to display a list of available topics.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Use the UI to manually create a new structure of netgroups.
+							</div></li></ol></div></li></ol></div></div></div></div><div xml:lang="en-US" class="chapter" id="authz" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Policy: Configuring Authorization</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#configuring-host-access">10.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">10.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">10.3. HBAC Services</a></span></dt></dl></div><div class="section" id="configuring-host-access"><div class="titlepage"><div><div><h2 class="title" id="configuring-host-access">10.1. Configuring Host-Based Access Control</h2></div></div></div><div class="para">
+			Host-based access control (HBAC) uses <em class="firstterm">rules</em> to determine who can access what services on what hosts and from where. You can use HBAC to control which users or groups on a source host can access a service, or group of services, on a target host. Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
+		</div><div class="para">
+			You can also specify a category of users, target hosts, and source hosts. This is currently limited to "all", but might be expanded in the future.
+		</div><div class="para">
+			The available services and groups of services are controlled by the <code class="systemitem">hbacsvc</code> and <code class="systemitem">hbacsvcgroup</code> plug-ins, respectively.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">10.2. HBAC Service Groups</h2></div></div></div><div class="para">
+			HBAC service groups can contain any number of individual services (<em class="firstterm">members</em>), and are typically used to group similar services to make it easier to create HBAC rules. All HBAC service groups require a name and description. IPA provides a single default group, SUDO, used for SUDO-related services.
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvcgroup-find</code> command to display the existing HBAC groups: 
+<pre class="screen"><code class="command"># ipa hbacsvcgroup-find</code>
+----------------------------
+1 HBAC service group matched
+----------------------------
+  Service group name: SUDO
+  Description: Default group of SUDO related services
+----------------------------
+Number of entries returned 1
+----------------------------</pre>
+
+		</div><div class="para">
+			IPA provides commands for adding, removing and modifying HBAC service groups, adding and removing members to and from those groups, and displaying group information. Refer to the <code class="command">ipa help hbacsvcgroup</code> help page for more information.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">10.3. HBAC Services</h2></div></div></div><div class="para">
+			HBAC services refer to the PAM services that the IPA HBAC system can control access to. HBAC service names must exactly match the service name that PAM is evaluating. For example, use the following command to add the <code class="systemitem">tftp</code> service as an HBAC service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-add tftp</code>
+-------------------------
+Added HBAC service "tftp"
+-------------------------</pre>
+
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvc-find</code> command to search for HBAC services. Note that in this example, two results are returned; the newly-added <code class="systemitem">tftp</code> service and the preexisting <code class="systemitem">ftp</code> service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-find ftp</code>
+-----------------------
+2 HBAC services matched
+-----------------------
+Service name: ftp
+Description: ftp
+
+Service name: tftp
+----------------------------
+Number of entries returned 2
+----------------------------
+</pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">ipa help hbacsvc</code> help page for more information.
+		</div></div></div><div xml:lang="en-US" class="chapter" id="sudo" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Policy: Using sudo</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-sudo">11.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">11.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">11.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">11.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configurati
 on">11.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-sudo">11.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">11.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">11.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></div><div class="section" id="about-sudo"><div class="titlepage"><div><div><h2 class="title" id="about-sudo">11.1. About sudo and IPA</h2></div></div></div><div class="para">
+			The <code class="command">sudo</code> command allows a system administrator to delegate authority, allowing certain users (or groups of users) the ability to run one or more commands as root or as another user, and at the same time providing an audit trail of the commands and their arguments. For more information, including coverage of the options available for use with <code class="command">sudo</code>, refer to the <code class="command">sudo</code> and <code class="command">sudoers</code> man pages.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">11.1.1. Sudo with LDAP</h3></div></div></div><div class="para">
+				In the past, <code class="command">sudo</code> used a single, local, configuration file, <code class="filename">/etc/sudoers</code>. It is possible to share the same <code class="filename">sudoers</code> file among machines, but there is no built-in mechanism to distribute it. Some have attempted to work around this by synchronizing changes using CVS, RSYNC, RDIST, RCP, SCP, and even NFS. By using LDAP for <code class="filename">sudoers</code>, IPA provides a centrally-administered, globally-available configuration source for <code class="command">sudo</code>.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">11.1.2. Limitations of the Existing Sudo LDAP Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					The current schema relies on LDAP-stored POSIX groups for its groups of users. The limitation here is that you cannot use a group of users for <code class="command">sudo</code> without the users inheriting potential POSIX rights.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Hosts"><h5 class="formalpara">Groups of Hosts</h5>
+					The current schema does not have a concept of host groups. Instead, it relies on the legacy LDAP nisNetgroupTriple to manage groups of hosts.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					The current schema does not have a concept of command groups. This requires that individual commands be present in each Sudo rule. It also limits the ability to reuse a group of commands for multiple Sudo rules.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">11.1.3. Benefits of the IPA Alternative Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					Groups of users can be either POSIX or non-POSIX groups within IPA. This provides the flexibility to group users without assigning POSIX rights or GID information to the group.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Computers"><h5 class="formalpara">Groups of Computers</h5>
+					The IPA alternative schema also addresses the issue of host groups and netgroups for the purpose of sudo. The <code class="command">sudo</code> utility itself does not support host groups—a better and cleaner host grouping mechanism—but instead expects netgroups. To resolve this issue, IPA automatically creates a "shadow netgroup" with the same name as every host group that you create. This means that you can create host groups but still use netgroups with <code class="command">sudo</code> without encountering any problems.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					Command groups are a new concept introduced by IPA. These objects allow administrators the ability to create groups of <code class="command">sudo</code> commands that can be reused for multiple rules without the need of assigning individual commands throughout.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">11.1.4. Compatibility and Managed Entry Plug-in Configuration</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Compatibility_Translation_for_Native_Sudo"><h5 class="formalpara">Compatibility Translation for Native Sudo</h5>
+					The native <code class="command">sudo</code> binary does not yet support SSSD or the IPA Sudo Schema. As an interim solution, IPA has implemented a compatibility plug-in which transparently translates IPA Sudo rules into those supported by the current <code class="command">sudo</code> binary.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Managed_Entries_for_NIS_Netgroups"><h5 class="formalpara">Managed Entries for NIS Netgroups</h5>
+					In order to seamlessly support the current implementation of sudo, IPA provides a managed entry plug-in for NIS netgroups. Whenever an IPA host group is created, a translated nisNetgroupTriple is also created.
+				</div></div></div><div class="section" id="configuring-sudo"><div class="titlepage"><div><div><h2 class="title" id="configuring-sudo">11.2. Configuring sudo</h2></div></div></div><div class="para">
+			To fully implement Sudo rules, you need to perform various configuration steps on both the IPA server and client. You should first create a <em class="firstterm">Sudo command object</em>, and optionally create any <em class="firstterm">Sudo command groups</em>. Finally, create a <em class="firstterm">Sudo rule</em>, which should contain at least the following components: 
+			<div class="itemizedlist"><div class="para">
+					One or more:
+				</div><ul><li class="listitem"><div class="para">
+						users or groups of users
+					</div></li><li class="listitem"><div class="para">
+						hosts or groups of hosts
+					</div></li><li class="listitem"><div class="para">
+						commands or groups of commands
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These steps are described in detail in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">11.2.1. Server Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules"><h6>Procedure 11.1. How to configure your server to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Set up a host group, and add the client to the host group:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add bne_doc</code>
+  Description: BNE Documentation hosts
+  -------------------------------
+  Added hostgroup "bne_doc"
+  -------------------------------
+  Host-group: bne_doc
+  Description: BNE Documentation hosts</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add-member bne_doc --hosts ipaclient.ipadocs.org</code>
+  Host-group: bne_doc
+  Description: BNE Documentation hosts
+  Member hosts: ipaclient.ipadocs.org
+-------------------------
+Number of members added 1
+-------------------------</pre></li></ol></li><li class="step"><div class="para">
+						Set up a user group, and add the required users to this group. This procedure assumes that the IPA users already exist:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa group-add translators</code>
+  Description: Translation team
+  -------------------------
+  Added group "translators"
+  -------------------------
+  Group name: translators
+  Description: Translation team
+  GID: 1014000006</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa group-add-member translators --users yhuang,klim,hchoi</code>
+    Group name: translators
+    Description: Translation team
+    GID: 1014000006
+    Member users: yhuang, klim, hchoi
+-------------------------
+Number of members added 3
+-------------------------
+</pre></li></ol></li><li class="step"><div class="para">
+						Set up a bind user. This requires setting the password for the <code class="command">sudo</code> bind user. 
+<pre class="screen"><code class="command">$ LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipaserver.ipadocs.org -ZZ \</code>
+  <code class="command">-D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org</code>
+    New password: &lt;sudo user's password&gt;
+    Re-enter new password: &lt;sudo user's password&gt;
+    Enter LDAP Password: &lt;Directory Manager's password&gt;
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Set up the Sudo commands.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add one or more logically-related Sudo commands: 
+<pre class="screen"><code class="command">$ ipa sudocmd-add --desc 'For reading log files' '/usr/bin/less'</code>
+----------------------------------
+Added sudo command "/usr/bin/less"
+----------------------------------
+  Sudo Command: /usr/bin/less
+  Description: For reading log files</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add a suitable Sudo command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add --desc 'Read-only commands' readonly</code>
+-----------------------------------
+Added sudo command group "readonly"
+-----------------------------------
+  Sudo Command Group: readonly
+  Description: Read-only commands</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the command to the command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add-member --sudocmds '/usr/bin/less' readonly</code>
+  Sudo Command Group: readonly
+  Description: Read-only commands
+  Member Sudo commands: /usr/bin/less
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the Sudo rules.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add readonly-commands</code>
+-----------------------------------
+Added sudo rule "readonly-commands"
+-----------------------------------
+  Rule name: readonly-commands
+  Enabled: TRUE
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the allowable commands. These are the commands enabled by this Sudo rule when it is active. 
+<pre class="screen">$ ipa sudorule-add-allow-command --sudocmdgroups readonly readonly-commands
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the hosts. These are the hosts and host groups to which this Sudo rule applies when it is active. 
+<pre class="screen"><code class="command">$ ipa sudorule-add-host --hostgroups bne_doc readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the users (or groups of users). These are the IPA users affected by this Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add-user --groups translators readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Groups: translators
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">11.2.2. Client Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-How_to_configure_your_client_to_use_Sudo_rules"><h6>Procedure 11.2. How to configure your client to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Configure <code class="command">sudo</code> to look to LDAP for the <code class="filename">sudoers</code> file. Add the following line to <code class="filename">/etc/nsswitch.conf</code>: 
+<pre class="programlisting">sudoers:  ldap</pre>
+
+					</div><div class="para">
+						You can still use the local <code class="filename">/etc/sudoers</code> file in preference to the LDAP version. The following configuration uses the local file before referring to LDAP to find <code class="command">sudo</code> rules: 
+<pre class="programlisting">sudoers:  files ldap</pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure SSSD to look for NIS netgroups.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following line immediately after the <em class="parameter"><code>ipa_server</code></em> entry in the <code class="filename">/etc/sssd/sssd.conf</code> file: 
+<pre class="programlisting">ldap_netgroup_search_base = cn=ng,cn=compat,dc=ipadocs,dc=org</pre>
+
+							</div></li><li class="step"><div class="para">
+								Restart the SSSD daemon: 
+<pre class="screen"><code class="command"># service sssd restart</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Edit the LDAP configuration file for <code class="command">sudo</code>:
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following lines to the <code class="filename">/etc/nss_ldap.conf</code> file. You may have to create this file if it does not already exist: 
+<pre class="programlisting">sudoers_base ou=SUDOers,dc=ipadocs,dc=org
+binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org
+bindpw &lt;sudo user's password&gt;
+ssl start_tls
+tls_cacertfile /etc/ipa/ca.crt
+tls_checkpeer yes
+bind_timelimit 5
+timelimit 15
+uri ldap://ipaserver.ipadocs.org
+</pre>
+								 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+										The sudo user's password in this configuration is the same password you set up in <a class="xref" href="#proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules">Procedure 11.1, “How to configure your server to use Sudo rules:”</a>.
+									</div></div></div>
+
+							</div><div class="para">
+								If desired, you can also add the <em class="parameter"><code>sudoers_debug</code></em> parameter to this file to assist with any troubleshooting processes. Valid values for this parameter are 0, 1, and 2. Refer to <a href="http://www.gratisoft.us/sudo/readme_ldap.html">http://www.gratisoft.us/sudo/readme_ldap.html</a> for more information.
+							</div></li><li class="step"><div class="para">
+								To support compatibility with the legacy configuration, create the following symbolic link: 
+<pre class="screen"><code class="command"># ln -s /etc/nss_ldap.conf /etc/ldap.conf</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the NIS domain. Sudo still utilizes NIS netgroups, and so to support the client-side identification of NIS netgroup domains, you need to define your NIS domain name, as follows: 
+<pre class="screen"><code class="command"># nisdomainname example.com</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							A bug has been filed in Fedora to have this configuration requirement addressed during the boot process.
+						</div></div></div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">11.2.2.1. NIS Configuration Notes</h4></div></div></div><div class="para">
+					Originally called <em class="firstterm">Yellow Pages (YP)</em>, NIS was created by Sun Microsystems and stands for Network Information Service. It was primarily used by UNIX to centrally manage authentication and enumeration information such as user/password, host/IP address, POSIX groups, and netgroups. NIS (the service) does not actually need to be configured on either the client or the server. Not only is it unnecessary, but might be considered a security risk if it were running. NIS is an RPC service and is insecure by today's standards, partly because: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								It provides no host authentication mechanisms
+							</div></li><li class="listitem"><div class="para">
+								It transmits all of its information over the network unencrypted, including password hashes
+							</div></li></ul></div>
+
+				</div><div class="para">
+					Modern Linux/BSD systems implement the <em class="firstterm">Name Service Switch (NSS)</em>, which provides a means of controlling and directing look ups for authentication and enumeration information.
+				</div><div class="para">
+					The IPA LDAP implementation provides the schema to support NIS as defined in <a href="http://tools.ietf.org/html/rfc2307">RFC 2307</a>. NIS objects are automatically created inside of LDAP and NSS_LDAP, or SSSD fetches them using an encrypted LDAP connection.
+				</div><div class="para">
+					Utilizing SSSD or NSS_LDAP, a client system can enumerate the necessary NIS information using authenticated and encrypted queries to the back end LDAP service provided by the IPA Server. This eliminates the need for NIS client configuration for systems that can support NIS using LDAP when utilizing IPA.
+				</div></div></div></div></div><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Configuring the IPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#managing-access-to-ipa">12.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">12.1.1. Server-side Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="#creating-roles">12.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">12.3. Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">12.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="#search-limits">12.5. Setting Default Search L
 imits</a></span></dt><dt><span class="section"><a href="#disabling-anon-binds">12.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">12.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">12.7.1. Assigning UIDs and GIDs</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">12.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">12.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="sec
 tion"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">12.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="#Using_OCSP">12.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">12.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="#ipa-cluster">12.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">12.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">12.10.2. Using t
 he Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">12.11. Creating DNS Entries for FreeIPA Replicas</a></span></dt><dt><span class="section"><a href="#promoting-replica">12.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="#logging">12.13. IPA Server Logging</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">12.1. Defining Access Controls within IPA</h2></div></div></div><div class="para">
+			Access control is a mechanism which defines user access. That is, it defines the rights that users and other objects have been granted in order to perform operations on other users or objects. When the IPA directory server receives a request, it uses the authentication information provided by the user in the bind operation together with <em class="firstterm">access control instructions (ACIs)</em> defined in the server to allow or deny access to directory information. The server can allow or deny permissions for actions, such as read, write, search, and compare, on directory server entries. The permission level granted to a user may depend on the authentication information provided.
+		</div><div class="para">
+			IPA implements a number of different methods for controlling access to the various objects, commands and processes that exist within an IPA domain. This includes a Kerberos Ticket Policy, a Password Policy, Host-based Access Control and SUDO Command Policies for controlling client access to services and commands; that is, outside of the IPA server, and a separate Access Control Model for controlling server-side objects; that is, LDAP entries within the IPA server.
+		</div><div class="para">
+			IPA relies on three separate types of access control rules:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Role-based rules: specify what operations an entity can perform based on its IPA Role.
+				</div></li><li class="listitem"><div class="para">
+					Self-service rules: specify what an entity can change within its own entry.
+				</div></li><li class="listitem"><div class="para">
+					Delegation rules: specify which groups can modify members of another group.
+				</div></li></ul></div><div class="para">
+			These three types of access control complement each other, and allow IPA administrators to create a very flexible set of access control permissions and restrictions.
+		</div><div class="para">
+			Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Users, groups, hosts, and host groups can be added to different IPA Roles. These roles provide the necessary permissions for access. You can create as many roles as you need to suit the requirements of your deployment.
+		</div><div class="para">
+			There are several aspects to working with roles. Because it is a hierarchical system, to create a fully operational role you need to create the role itself, add privileges to this role to establish what tasks it can and cannot perform, and finally add members to the role, such as users, groups, etc. The reverse is also true; if you remove a role, then any users or groups who relied on this role to perform certain tasks will no longer be able to do so.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot create nested roles. That is, a role cannot contain another role.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">12.1.1. Server-side Access Control</h3></div></div></div><div class="para">
+				The IPA Access Control Model is based on the underlying 389 Directory Server access control model, which uses access control instructions (ACIs) to define user access within the system. An ACI is a construct that can express a complex set of access control information.
+			</div><div class="para">
+				As explained in the directory server documentation, the three main parts of an ACI statement are: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Target
+						</div></li><li class="listitem"><div class="para">
+							Permission
+						</div></li><li class="listitem"><div class="para">
+							Bind Rule
+						</div></li></ul></div>
+
+			</div><div class="para">
+				The ACI structure itself is very flexible, but can also be confusing. IPA attempts to structure these ACIs in order to provide a formalized input and output that can be expressed on the command line and in the WebUI, while at the same time maintaining sufficient flexibility to create complex access control rules. In order to achieve this, IPA implements three types of access control. These are discussed in the following sections.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">12.1.1.1. Types of Access Control</h4></div></div></div><div class="para">
+					IPA relies on three separate types of access control rules: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Role-based
+							</div></li><li class="listitem"><div class="para">
+								Self-service
+							</div></li><li class="listitem"><div class="para">
+								Delegation
+							</div></li></ul></div>
+					 These three types of access control complement each other, allowing IPA administrators to create a very flexible set of access control permissions and restrictions.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Role_based_Access_Control"><h5 class="formalpara">Role-based Access Control</h5>
+						Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Different users who perform the same tasks within an organization are typically combined into a group, and this group is made a member of an IPA <em class="firstterm">Role</em>. This Role provides the member groups and users the necessary permissions to perform their assigned tasks.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Self_service_Access_Control"><h5 class="formalpara">Self-service Access Control</h5>
+						Self-service access control defines what operations an entity can perform on itself. This method of control is attribute based; that is, it defines what attributes can be modified for any particular entity. The ability of a user to update their own password is an example of self-service access control. Self-service access control applies to any authenticated entity performing an operation, not only to users. This method of access control should also be used with caution, to avoid the possibility that it lead to the elevation of an entity's privileges.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Delegation_Access_Control"><h5 class="formalpara">Delegation Access Control</h5>
+						Delegation access control defines what operations one group of users or entries can perform on another group of users or entries. In each case, the group of users or entries may be identified by a provided filter. The core difference between delegation access control rules and other rules is that the target—the object of the access control rule—is not a class of entries but rather a set of specific entries that are members of a group or retrieved by a specific filter. The delegation rules allow targeted management of specific user entries.
+					</div><div class="para">
+					In each case, the access control rule resolves the constituents of the IPA access control expression: "<em class="firstterm">Who</em> can do <em class="firstterm">What</em> to <em class="firstterm">Whom</em>". The following section explains these constituents in more detail.
+				</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression">12.1.1.1.1. The IPA Access Control Expression</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Who_of_Access_Control"><h5 class="formalpara">The "Who" of Access Control</h5>
+							In simple grammatical terms, the "who" of an IPA <em class="firstterm">access control instruction (ACI)</em>, or expression, is the subject. It specifies the entity that interacts with the system and tries to perform an administrative task. This task could be an administrator adding a user, a user changing his home address, or a host requesting a certificate for a service running on the host.
+						</div><div class="para">
+						It is important to understand that the "who" is not necessarily a person; it can be any entity that has successfully authenticated against IPA. In order to authenticate against the IPA server, this entity, the "who", needs to have a Kerberos principal. After the entity has authenticated, it can connect to the IPA server and try to issue administrative commands. The system will either allow or deny the requested operation based on this entity's permissions.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_What_of_Access_Control"><h5 class="formalpara">The "What" of Access Control</h5>
+							To continue the analogy with grammatical terms, the "what" of an IPA ACI is the verb. This specifies the actual administrative operation that the subject, the "who", is trying to perform. Such operations can target actual entries, such as adding or deleting users, or they can target specific attributes of entries, such as changing phone numbers for a user entry, or changing the member attributes of a group entry.
+						</div><div class="para">
+						Most entry attributes are optional, and the operations against attributes can be any of the following: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">Add</code> — allows the creation of a new attribute, or new values for multi-valued attributes.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Delete</code> — allows the removal of an attribute.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Read</code> — makes attributes accessible.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Write</code> — allows modification of existing attributes.
+								</div></li></ul></div>
+
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Whom_of_Access_Control"><h5 class="formalpara">The "Whom" of Access Control</h5>
+							The "whom" of an IPA ACI is the object, or <em class="firstterm">target</em>, upon which the ACI acts. Targets can be expressed in different ways: 
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										As a class of entries, for example: <code class="classname">user</code>; <code class="classname">group</code>; <code class="classname">host</code>.
+									</div></li><li class="listitem"><div class="para">
+										As a location in a specific part of the directory tree, for example: everything under <em class="parameter"><code>cn=accounts</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a specific attribute potentially used in many types of entries, for example: the <em class="parameter"><code>cn</code></em> attribute.
+									</div></li><li class="listitem"><div class="para">
+										As a specific entry, for example: <em class="parameter"><code>fqdn=mycomp.mywork.com</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a set of entries selected by filter, for example: <em class="parameter"><code>cn="filter"</code></em>.
+									</div></li></ul></div>
+
+						</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types">12.1.1.1.2. Directory Server ACIs and IPA Access Control Types</h5></div></div></div><div class="para">
+						The following table summarizes the relationship between the different Directory Server ACI components and the IPA access control types.
+					</div><div class="table" id="tabl-Enterprise_Identity_Management_Guide-Directory_Server_ACIs_and_IPA_Access_Control_Types-Summary_mapping_table_of_Directory_Server_ACI_component_types_to_IPA_access_control_types."><h6>Table 12.1. Summary mapping table of Directory Server ACI component types to IPA access control types.</h6><div class="table-contents"><table summary="Summary mapping table of Directory Server ACI component types to IPA access control types." border="1"><colgroup><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /></colgroup><thead><tr><th align="left">
+										Type of Access Control
+									</th><th align="left">
+										Target
+									</th><th align="left">
+										Permission
+									</th><th align="left">
+										Bind Rule
+									</th></tr></thead><tbody><tr><td align="left">
+										Role-based
+									</td><td align="left">
+										An entry as a whole (for add and delete), or a set of attributes of an entry.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										<div class="para">
+											Taskgroup.
+										</div>
+										 <div class="para">
+											(A taskgroup is a special internal entry developed as part of IPA to construct the access control hierarchy. A taskgroup is a "container" that is granted permission to perform specific tasks.)
+										</div>
+
+									</td></tr><tr><td align="left">
+										Self-service
+									</td><td align="left">
+										Attributes within the entity's own entry.
+									</td><td align="left">
+										Write permission for specific attributes. All attributes are readable unless globally hidden.
+									</td><td align="left">
+										The entity who authenticated.
+									</td></tr><tr><td align="left">
+										Delegation
+									</td><td align="left">
+										A group of users or a set of entries selected by a filter.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										A group of users, usually a group of administrative users.
+									</td></tr></tbody></table></div></div><br class="table-break" /></div></div></div></div><div class="section" id="creating-roles"><div class="titlepage"><div><div><h2 class="title" id="creating-roles">12.2. Creating Roles</h2></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_an_IPA_Role-To_set_up_a_new_role"><h6>Procedure 12.1. To set up a new role:</h6><ol class="1"><li class="step"><div class="para">
+					Add the new role:
+				</div><pre class="screen"><code class="command"># ipa role-add --desc="User Administrator" useradmin</code>
+  ------------------------
+  Added role "useradmin"
+  ------------------------
+  Role name: useradmin
+  Description: User Administrator</pre></li><li class="step"><div class="para">
+					Add the required privileges to the role:
+				</div><pre class="screen"><code class="command"># ipa role-add-privilege --privileges="User Administrators" useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Privileges: user administrators
+  ----------------------------
+  Number of privileges added 1
+----------------------------
+</pre></li><li class="step"><div class="para">
+					Add the required groups to the role. In this case, we are adding only a single group, <code class="systemitem">useradmin</code>, which already exists.
+				</div><pre class="screen"><code class="command"># ipa role-add-member --groups=useradmins useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Member groups: useradmins
+  Privileges: user administrators
+  -------------------------
+  Number of members added 1
+-------------------------
+</pre></li></ol></div><div class="para">
+			The result of this procedure is that any user in the <code class="systemitem">useradmins</code> group can add, modify, and remove users, change user passwords, add users to the default group, and unlock user accounts. You can use the <code class="command">ipa privilege-show</code> command to determine exactly which command set the user or group can access: 
+<pre class="screen"><code class="command"># ipa privilege-show 'user administrators'</code>
+  Privilege name: User Administrators
+  Description: User Administrators
+  Permissions: add users, change a user password, add user to default group, unlock user accounts,
+  remove users, modify users
+  Granting privilege to roles: useradmin</pre>
+
+		</div><div class="para">
+			As the needs of your enterprise change, you may need to modify the roles that you have established. For example, you may need to change the members of the role, or change the privileges associated with the role. You can use the <code class="command">ipa role-*</code> commands to perform these functions. For example, to remove an existing privilege from a role, use the <code class="command">ipa role-remove-privilege</code> command. To remove members from a role, use the <code class="command">ipa role-remove-member</code> command. Refer to the <code class="command">ipa role help</code> pages for more information.
+		</div><div class="para">
+			You can use the <code class="command">ipa role-del</code> command to delete IPA roles from your configuration. Bear in mind, however, that any entities that rely on this role for access to IPA objects or to perform certain tasks will no longer have that ability.
+		</div></div><div class="section" id="self-service"><div class="titlepage"><div><div><h2 class="title" id="self-service">12.3. Defining Self-Service Settings</h2></div></div></div><div class="para">
+			Self-service access control rules define the operations that an entity can perform on itself. These rules are attribute based; that is, they define what attributes can be modified for any particular entity. You can create self-service rules so that users can manage their own addresses, keep their contact details current, change their passwords, etc.
+		</div><div class="para">
+			Self-service rules are defined and managed by a number of sub-commands. Use the <code class="command">ipa help selfservice</code> command to display the list of available commands.
+		</div><div class="para">
+			The following example demonstrates how to add a new self-service rule that allows users to maintain their own name details. Note that access control rules whose names contain spaces or other special characters need to be quoted. 
+<pre class="screen"><code class="command">$ ipa selfservice-add "Users can manage their own name details" --permissions=write \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials</code>
+-----------------------------------------------------------
+Added selfservice "Users can manage their own name details"
+-----------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials</pre>
+
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-show</code> command to display the newly-created rule.
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-mod</code> command to manage your self-service rules. For example, you can add or remove various attributes from any of the defined rules, or change the permissions. For example, you can add telephone contact details to the rule we created in the previous example: 
+<pre class="screen"><code class="command">$ ipa selfservice-mod "Users can manage their own name details" \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials,homephone,mobile,telephonenumber</code>
+--------------------------------------------------------------
+Modified selfservice "Users can manage their own name details"
+--------------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials, homephone, mobile, telephonenumber</pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to include all of the required attributes when you modify a self-service rule, including existing ones.
+			</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">12.4. Specifying Default User Settings</h2></div></div></div><div class="para">
+			You can configure the default settings for IPA users to suit your deployment. For example, you can specify the maximum username length, the default path to the <code class="filename">/home</code> directory, the default shell, and other attributes.
+		</div><div class="para">
+			IPA supports the following User Settings:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Maximum Username Length</strong></span> (<span class="property">ipaMaxUsernameLength</span>): The maximum length of any username. The default value is eight.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Root for Home Directories</strong></span> (<span class="property">ipaHomesRootDir</span>): The root directory for all home directories. The default value is <code class="filename">/home</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default Shell</strong></span> (<span class="property">ipaDefaultLoginShell</span>): The default shell for all user accounts. The default value is <code class="command">/bin/sh</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default User Group</strong></span> (<span class="property">ipaDefaultPrimaryGroup</span>): The default group to which all newly created accounts are added. The default value is <code class="systemitem">ipausers</code>, which is automatically created during the IPA server installation process.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default E-mail Domain</strong></span> (<span class="property">ipaDefaultEmailDomain</span>): The default domain used to create email addresses for all newly created accounts. The default is the domain to which the IPA server belongs.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. The following is an example of how to set the maximum username length to 64 characters, and the default home directory to <code class="filename">/users/home</code>:
+		</div><pre class="screen"><code class="command"># ipa config-mod --maxusername=64 --homedirectory=/users/home</code>
+Max username length: 64
+Home directory base: /users/home
+Default shell: /bin/sh
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 100
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Migration mode: FALSE
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The default root directory for all home directories is <code class="filename">/home</code>, but it is the responsibility of the system administrator to ensure that whatever value is specified for this attribute is actually available.
+			</div><div class="para">
+				Fedora includes a <code class="systemitem">PAM</code> module called <code class="systemitem module">pam_mkhomedir</code> that can automatically create a home directory if one does not exist for the user authenticating against the system. IPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+			</div></div></div></div><div class="section" id="search-limits"><div class="titlepage"><div><div><h2 class="title" id="search-limits">12.5. Setting Default Search Limits</h2></div></div></div><div class="para">
+			You can set limits on the number of records returned when performing various queries, for example when you run the <code class="command">ipa user-find</code> command. These limits are specified by the <em class="parameter"><code>Search size limit</code></em> attribute in the default IPA configuration. The default value for this attribute is 100.
+		</div><div class="para">
+			To view the current configuration, run the <code class="command"># ipa config-show</code> command. Refer to the <code class="command">ipa help config</code> help page for more information.
+		</div><div class="para">
+			The following is a sample IPA configuration:
+		</div><pre class="screen">[ming at myserver ~]$ ipa config-show
+Max username length: 32
+Home directory base: /home
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 20
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			You can use the <code class="command">ipa config-mod</code> command to specify a suitable value for the <em class="parameter"><code>Search size limit</code></em> attribute. For example, if you set this value to 10, the <code class="command">ipa user-find</code> command will only return 10 entries, even if many more entries exist. If you set this value to 0 (zero) or −1, it means that there are no restrictions on the number of entries that can be returned.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_Limits_for_Search_Results-Setting_search_size_limits"><h6>Procedure 12.2. Setting search size limits</h6><ul><li class="step"><div class="para">
+					To set the <em class="parameter"><code>Search size limit</code></em> attribute to 50, run the following command: 
+<pre class="programlisting"><code class="command"># ipa config-mod --searchrecordslimit=50</code></pre>
+
+				</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to be aware of the potential performance impact of setting the search size limit too high. You need to determine a suitable balance between the benefits of always returning all entries matched by a search, and the performance gained by implementing a search filter.
+			</div><div class="para">
+				Note also that if the size limit is set too high or removed completely it might affect the behavior of UI screens.
+			</div></div></div><div class="para">
+			You can configure various aspects of the IPA search functionality to suit your deployment. For example, you can restrict the number of fields upon which a user can base a search, or limit the number of records returned for any particular search.
+		</div><div class="para">
+			IPA supports the following search configuration attributes:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Time Limit</code></em>: The maximum time, in seconds, that a search will run before failing.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Records Limit</code></em>: The maximum number of records that a search can return. Set this value to zero (0) to specify no limit. The directory server limit (the default value is 2000) still applies.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>User Search Fields</code></em>: For a user search, specifies the fields to search for the values entered by a user.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Group Search Fields</code></em>: For a group search, specifies the fields to search for the values entered by a user.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. For example, to specify a search time limit of 60 seconds, use the following command: 
+<pre class="screen"><code class="command"># ipa config-mod --searchtimelimit=60</code></pre>
+			 Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="para">
+			If you add attributes to the user or group search fields, you should also create a new <code class="systemitem">LDAP</code> index for those attributes to avoid performance degradation. Conversely, the existence of too many indexes can impact write performance, so you need to balance one against the other.
+		</div><div class="para">
+			Refer to <a href="http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Indexes-Creating_Indexes.html">Creating Indexes</a> in the <em class="citetitle">Directory Server Administration Guide</em> for information on creating indexes.
+		</div></div><div class="section" id="disabling-anon-binds"><div class="titlepage"><div><div><h2 class="title" id="disabling-anon-binds">12.6. Disabling Anonymous Binds</h2></div></div></div><div class="para">
+			Even though the XML-RPC and WebUI always require authentication, the default IPA configuration allows anonymous binds to the LDAP port by anyone in the same domain as the IPA server, and consequent retrieval of a range of data, including user, group, netgroup, host, host group, and service records. This is generally considered insecure, and some RFC standards require that it be disabled to achieve compliance. With anonymous binds disabled, all connections to the directory server need to provide a valid identity.
+		</div><div class="para">
+			To disable anonymous binds, perform this LDAP modification: 
+<pre class="screen"><code class="command"># ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password:
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+
+<code class="command"># service dirsrv restart</code></pre>
+
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">12.7. Implementing Unique UID and GID Attributes</h2></div></div></div><div class="para">
+			An IPA deployment needs to handle the dual constraints of generating random UID and GID values, while ensuring that replicas never generate the same UID or GID value. It is also important to minimize the chance that any two deployments of IPA have overlapping ranges.
+		</div><div class="para">
+			The system administrator—or whoever is performing the IPA installation—can impact the logic that deals with these constraints only once, when the system is being installed.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">12.7.1. Assigning UIDs and GIDs</h3></div></div></div><div class="para">
+				To assign UIDs and GIDs, IPA uses the directory server DNA plug-in. This plug-in is configured with a range of IDs and will assign a new ID whenever an entry requiring the uidNumber or gidNumber attributes is added to the system.
+			</div><div class="para">
+				For simplicity, and to allow configuring User Private Groups (UPGs) at any time, IPA uses a single range of UIDs and GIDs, instead of using two separate ranges. When UPGs are active, the private group gidNumber is numerically identical to the uidNumber of its user.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">12.7.1.1. Selecting ID Ranges</h4></div></div></div><div class="para">
+					When the first IPA server is installed, a range of 200,000 IDs is randomly selected between the values 1MiB and 2GiB, approximately. There are 10,000 possible ranges. The selection of a random range provides a high probability of non-conflicting IDs if, at a later stage, a trust relationship or merge between two separate installations needs to occur.
+				</div><div class="para">
+					IDs are assigned in order by a single master, but ID ranges can be split and distributed between replicas. When a replica is installed it is configured with an invalid depleted range, and a place in the shared tree where it can expose information about the ranges it manages. The first time an allocation is needed, the replica will notice it has no more IDs available and will contact one of the other available masters (typically the one with the greatest available range). A special extended operation is performed to split the range in two, so that the original master and the replica will each receive half of the previously available range for their use. When a range comes close to depletion (by default when less than 100 IDs are available), a new range is requested.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">12.7.1.2. Adding New Ranges</h4></div></div></div><div class="para">
+					If the domain-wide range is close to depletion, the system administrator needs to manually select and add a new range to one of the masters. All other replicas will manage sharing the range among them as necessary.
+				</div><div class="para">
+					To add a new range, the Directory Manager must connect to the LDAP server and add the new range as a dash-separated minimum/maximum value pair in the <em class="parameter"><code>dnaNextRange</code></em> attribute in the DNA configuration entry for the ranges in question. For example, the following command adds a new range of 100k values:
+				</div><pre class="screen"><code class="command">% ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password: *******
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: modify
+add: dnaNextRange
+dnaNextRange: 123400000-123500000</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						This command only adds the specified range of values; it does not check that the values in that range are actually available. This check will be performed when an attempt is made to allocate those values. If, for example, you added a range that contained mostly values that were already allocated, time would be lost as the system cycled through searching for unallocated values, and then finally failing if none were available.
+					</div></div></div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">12.8. Configuring Certificates and Certificate Authorities</h2></div></div></div><div class="para">
+			IPA creates a self-signed Certificate Authority (<abbr class="abbrev">CA</abbr>) during the installation process. If you have your own or a preferred <abbr class="abbrev">CA</abbr>, however, and want to use your own certificates, IPA provides the necessary tools to import certificates for use by Directory Server and the <code class="systemitem">HTTP</code> server. While not a prerequisite for the correct operation of IPA, it is recommended that you save an <acronym class="acronym">ASCII</acronym> copy of your <abbr class="abbrev">CA</abbr> certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code> to ensure that users download the correct certificate.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">12.8.1. Installing Your Own Certificate</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by Directory Server, <code class="systemitem">HTTP</code> Server, or both.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Installing_Your_Own_Certificate-To_install_the_certificate_for_use_by_Directory_Server"><h5 class="formalpara">To install the certificate for use by Directory Server:</h5>
+					<code class="command"> # /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12 </code>
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">12.8.2. Using Your Own Certificate with Firefox</h3></div></div></div><div class="para">
+				To continue using the <span class="application"><strong>Firefox</strong></span> auto-configuration feature, you need an object-signing certificate, and you need to regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					The following procedure assumes that the signing certificate is provided as a PKCS#12 file.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_Your_Own_Certificate_with_Firefox-To_use_your_own_certificate_with_Firefox"><h6>Procedure 12.3. To use your own certificate with Firefox:</h6><ol class="1"><li class="step"><div class="para">
+						Create a suitable directory and then create the new certificate database in that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/signdb</code>
+<code class="command"># certutil -N -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Import the signing certificate into that same directory. 
+<pre class="screen"><code class="command"># pk12util -i /path/to/pkcs12.p12 -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Make a temporary signing directory, and copy the IPA javascript file to that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/sign</code>
+<code class="command"># cp /usr/share/ipa/html/preferences.html /tmp/sign</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Use the certificate you created earlier to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file. 
+<pre class="screen"><code class="command"># signtool -d /tmp/signdb -k Signing_cert_nickname \</code>
+<code class="command">-Z /usr/share/ipa/html/configure.jar -e .html</code></pre>
+
+					</div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h3 class="title" id="Using_OCSP">12.8.3. Using OCSP</h3></div></div></div><div class="para">
+				<code class="systemitem">The Online Certificate Status Protocol (OCSP)</code> is natively provided by the CA embedded into FreeIPA. This is so that any client that supports it can use OCSP for certificate validity checks.
+			</div><div class="para">
+				The OCSP responder URL is encoded into the certificates issued by FreeIPA. In order for that responder to be available, port 9180 needs to be open in the firewall. The OCSP URL uses the following format: 
+<pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre>
+
+			</div><div class="para">
+				For more information on OCSP, refer to the RFC at <a href="http://www.ietf.org/rfc/rfc2560.txt">http://www.ietf.org/rfc/rfc2560.txt</a>
+			</div></div></div><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">12.9. Setting an IPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
+			If you have a standard Apache instance running on port 80, you can configure IPA to run on a secondary port, for example, on port 8089. You should be aware, however, that in this configuration, IPA does not use <code class="systemitem">SSL</code>; all requests will use standard <code class="systemitem">HTTP</code>.
+		</div><div class="para">
+			The following procedure assumes that IPA is configured to run on port 80, and that you want to move it to port 8089.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_IPA_to_run_as_an_Apache_Virtual_Host-To_configure_IPA_to_run_on_port_8089"><h6>Procedure 12.4. To configure IPA to run on port 8089:</h6><ol class="1"><li class="step"><div class="para">
+					Log in as the <code class="systemitem">root</code> user.
+				</div></li><li class="step"><div class="para">
+					Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file. Add the following three lines to the beginning of the file:
+				</div><pre class="programlisting">Listen 8089
+NameVirtualHost *:8089
+&lt;VirtualHost *:8089&gt;
+</pre></li><li class="step"><div class="para">
+					Add the following line to the end of the file:
+				</div><pre class="programlisting">&lt;/VirtualHost&gt;
+</pre><div class="para">
+					This wraps the entire IPA configuration in a virtual host, and ensures that Apache is listening to that port.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You cannot use port 8080. This port is used by the <code class="systemitem">ipa_webgui</code> service.
+					</div></div></div></li><li class="step"><div class="para">
+					Comment out the following rewrite rules from the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file:
+				</div><pre class="programlisting">----------------------------------------------------------------------
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+RewriteCond %{HTTP_HOST}    !^host.foo.com$ [NC]
+RewriteRule ^/(.*)          http://host.foo.com/$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
+RewriteCond %{SERVER_PORT}  !^443$
+RewriteCond %{REQUEST_URI}  !^/(errors|config|favicon.ico)
+RewriteRule ^/(.*)          https://host.foo.com/$1 [L,R=301,NC]
+---------------------------------------------------------------------
+</pre></li><li class="step"><div class="para">
+					Reload the <code class="systemitem">httpd</code> service.
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># service httpd reload</code></pre>
+
+				</div></li></ol></div><div class="para">
+			This configures IPA to run on port 8089, leaving port 80 free for your normal web site.
+		</div></div><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">12.10. Using IPA in a Cluster</h2></div></div></div><div class="para">
+			The IPA server currently does not specifically handle the case of a service running in a cluster. That is, the IPA server is not <em class="firstterm">cluster aware</em>. It is possible to configure a clustered service to be part of IPA, although a certain amount of manual configuration is required. This involves sharing and synchronizing Kerberos keys across all of the participating hosts, and also configuring services running on the hosts to respond to whatever names the clients want to use.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">12.10.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
+				Use the following procedure to set up the Kerberos credentials for an environment where your managed host is a cluster of nodes.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><h6>Procedure 12.5. Configuring Kerberos Credentials for a Clustered Environment</h6><ol class="1"><li class="step"><div class="para">
+						Enroll all of the hosts in the IPA domain, and collect any keytabs that have been set up. At a minimum, this is <code class="filename">/etc/krb5.keytab</code>, although additional services may have their keys in other files.
+					</div></li><li class="step"><div class="para">
+						Use the <code class="command">ktutil</code> command to produce a single keytab file that contains the contents of all of the keytab files.
+					</div><ol class="a"><li class="step"><div class="para">
+								For each file, use the <code class="command">rkt</code> command to read the keys from that file.
+							</div></li><li class="step"><div class="para">
+								Use the <code class="command">wkt</code> command to write all of the keys which have been read to a new keytab file.
+							</div></li></ol></li><li class="step"><div class="para">
+						Replace the keytab files on each host with the newly-created keytab file.
+					</div></li></ol></div><div class="para">
+				Each host in this cluster should now be able to impersonate any other host.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">12.10.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
+					Additional service-specific configuration may be required if cluster members do not reset their hostnames when they take over for a failed service. 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								For <code class="systemitem">sshd</code>, set <em class="parameter"><code>GSSAPIStrictAcceptorCheck no</code></em> in <code class="filename">/etc/ssh/sshd_config</code>
+							</div></li><li class="listitem"><div class="para">
+								For <code class="systemitem">mod_auth_kerb</code>, set <em class="parameter"><code>KrbServiceName Any</code></em> in <code class="filename">/etc/httpd/conf.d/auth_kerb.conf</code>
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">12.10.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
+					For SSL servers, it is important that the subject name or a <em class="parameter"><code>subjectAlternativeName</code></em> value for the server's certificate look correct when a client connects to the clustered item. The simplest way to do this is to keep the private key and certificate synchronized across all of the hosts, but it is better to share the private key if possible. Ensuring that certificates issued to each cluster member contain <em class="parameter"><code>subjectAlternativeName</code></em> values naming all of the cluster members should satisfy any client connection requirements.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">12.10.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
+				One aspect of applying IPA in a cluster use case is using the same service principal for multiple services, spread across different machines. This is a simple procedure and could be implemented as follows: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Retrieve a service principal in the normal way, using the <code class="command">ipa-getkeytab</code> command, or use the keytab that is set up when the host joins the realm. That is, by using <code class="command">ipa-join</code>, which creates or updates the <code class="filename">/etc/krb5.keytab</code> file with a host/principal.
+						</div></li><li class="listitem"><div class="para">
+							When you have the principal in a keytab on the system, you can direct multiple servers or services to use the same file, or you can copy the file to discrete locations as required.
+						</div></li></ol></div>
+
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">12.11. Creating DNS Entries for FreeIPA Replicas</h2></div></div></div><div class="para">
+			You can use the <code class="option">--ip-address</code> option with the <code class="command">ipa-replica-prepare</code> command to pre-create DNS entries for a replica. If you include this option, FreeIPA will add the A and PTR records for the replica to the DNS. For example: 
+<pre class="screen"><code class="command">$ ipa-replica-prepare master2.example.com --ip-address 192.168.1.2</code></pre>
+
+		</div></div><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">12.12. Promoting a Read-Only Replica to an IPA Server</h2></div></div></div><div class="para">
+			The only difference between a replica and the master server is that the master owns the self-signed CA. If you copy the appropriate files from the master to the replica, import the CA into the replica directory server, and delete the existing replication agreements, that replica will then appear as a master server.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				If you install with the <code class="option">--selfsign</code> option, follow this procedure if you want to promote a replica to a master. This is because the private key for the self-signed CA is stored in the Apache database (<code class="filename">/etc/httpd/alias</code>). The private key for a Dogtag Certificate System CA is stored in its own security database.
+			</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Promoting_Replicas_to_Function_as_Master_Servers-To_promote_a_replica_to_a_master_server"><h6>Procedure 12.6. To promote a replica to a master server:</h6><ol class="1"><li class="step"><div class="para">
+					Copy the <code class="filename">/var/lib/ipa/ca_serialno</code> file from the master to the replica.
+				</div></li><li class="step"><div class="para">
+					Import the CA into the replica DS NSS database, as follows: 
+<pre class="screen"># cd /etc/dirsrv/slapd-REALM
+# pk12util -i /path/to/cacert.p12 -d .
+</pre>
+
+				</div><div class="para">
+					The password on the <code class="filename">PKCS#12</code> file is stored as <code class="filename">/etc/dirsrv/slapd-REALM/pwdfile.txt</code> on the original server.
+				</div></li><li class="step"><div class="para">
+					Delete the existing replication agreements, as follows: 
+<pre class="screen"># ipa-replica-manage del master.example.com
+</pre>
+
+				</div></li></ol></div><div class="para">
+			You now have two identical IPA servers, neither of which know about the other. You can shut down the old master and bring up the new machine (if you are introducing a new replica into your network). Create a replica file on the new master and install it on the new machine.
+		</div></div><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">12.13. IPA Server Logging</h2></div></div></div><div class="para">
+			If you are using the IPA command-line tools or the WebUI to manage IPA data then you should refer to the following sections to help troubleshoot any problems.
+		</div><div class="para">
+			You should first check the <code class="filename">/var/log/httpd/error_log</code> file. This may contain more information on the error and/or a python stacktrace.
+		</div><div class="para">
+			To see the LDAP queries that are being made by the framework you can inspect the <code class="filename">/var/log/dirsrv/slapd-INSTANCE/access</code> file. Note that this file is buffered and so it only writes to disk about every 30 seconds.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Server_Debugging_Output"><h5 class="formalpara">Increasing Server Debugging Output</h5>
+				To increase the server debugging output you can create the <code class="filename">/etc/ipa/server.conf</code> file and include the following entry: 
+<pre class="programlisting">[global]
+debug=True</pre>
+				 You need to restart the <code class="systemitem">httpd</code> daemon for this change to take effect.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Client_Debugging_Output"><h5 class="formalpara">Increasing Client Debugging Output</h5>
+				You can increase debugging output on the client with the <code class="option">-v</code> global option: 
+<pre class="screen"><code class="command">$ ipa -v user-show admin</code></pre>
+				 You can use the <code class="option">-v</code> option twice to display the XML-RPC exchange: 
+<pre class="screen"><code class="command">$ ipa -vv user-show admin</code></pre>
+
+			</div></div></div><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="#id3189393">
+					Is it possible to change the IP address of the master server?
+				</a></dt><dt>Q: <a href="#id3415208">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</a></dt><dt>Q: <a href="#id3411005">
+					What is the difference between a replica and a master server?
+				</a></dt><dt>Q: <a href="#id3380569">
+					Can I promote a replica to function as the master? How?
+				</a></dt><dt>Q: <a href="#id3271382">
+					Why does the ipa-client-install script fail to find the IPA server on a network that uses Active Directory DNS?
+				</a></dt><dt>Q: <a href="#id3278653">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</a></dt></dl><div class="qandaset"><div id="id3189393" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Is it possible to change the IP address of the master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. If you are only changing the IP address then it is sufficient to update the <code class="filename">/etc/hosts</code> file, the system configuration and the DNS entry.
+				</div></div></div></div><div id="id3415208" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					User and group name lengths are specified in the policy. The default maximum username length is 32 characters. The maximum configurable length for user or group names is 255 characters. This restriction was introduced because some non-Linux operating systems have limitations on the length of username that they can support.
+				</div><div class="para">
+					You can modify these settings either in the user interface or on the command line. For example, to specify the maximum username length, run the following command: <code class="command">ipa config-mod  --maxusername=INT</code>
+				</div></div></div></div><div id="id3411005" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					What is the difference between a replica and a master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					The only difference between a replica and the initial IPA install (the "master") is that the first server owns the self-signed CA.
+				</div></div></div></div><div id="id3380569" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can I promote a replica to function as the master? How?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. Refer to <a class="xref" href="#promoting-replica">Section 12.12, “Promoting a Read-Only Replica to an IPA Server”</a>.
+				</div></div></div></div><div id="id3271382" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why does the <code class="command">ipa-client-install</code> script fail to find the IPA server on a network that uses Active Directory DNS?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					This is probably due to the fact that Active Directory has its own SRV records for Kerberos and LDAP, and so the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
+				</div></div></div></div><div id="id3278653" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes, assuming that Servers A and B contain non-cloned CAs whose portion of internal storage has been replicated to share revocation information only.
+				</div></div></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Services: Working with certmonger</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</h2></div></div></div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon, together with its command line clients, attempts to simplify the process of generating public/private key pairs and Certificate Signing Requests (CSRs), and submitting CSRs to Certificate Authorities (CAs) for signing.
+		</div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon also monitors certificates for imminent expiration and, with the help of a CA, can optionally refresh certificates that are about to expire. It can also drive the entire IPA enrollment process, from key generation through to enrollment itself and refreshing certificates.
+		</div><div class="para">
+			The set of certificates that <code class="systemitem">certmonger</code> monitors is tracked in files stored in a user-configurable directory. The default location is <code class="filename">/var/lib/certmonger/requests</code>.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger">B.2. Using certmonger</h2></div></div></div><div class="para">
+			Probably the simplest use case is to generate a certificate which is signed by the subject itself. These are not typically used in production, but are suitable for demonstration and testing purposes. Consider the following command:
+		</div><pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/server.crt -k /tmp/server.key</code></pre><div class="para">
+			This informs <code class="systemitem">certmonger</code> that we want a key to be stored in the file <code class="filename">/tmp/server.key</code>, to generate a corresponding certificate, and to store that certificate in the file <code class="filename">/tmp/server.crt</code>. Using <code class="command">selfsign-getcert</code> also implicitly tells <code class="systemitem">certmonger</code> to <span class="emphasis"><em>self-sign</em></span> the CSR, which it generates and uses internally, with the subject's own key. During this process, certmonger:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					checked for the existence of a key in the specified location
+				</div></li><li class="listitem"><div class="para">
+					having determined that no such key existed, proceeded to create one
+				</div></li><li class="listitem"><div class="para">
+					created the CSR
+				</div></li><li class="listitem"><div class="para">
+					used the same key to produce a signed certificate.
+				</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS">B.3. Using certmonger with NSS</h2></div></div></div><div class="para">
+			The previous example used plain files for holding the key and the certificate, but certmonger can also take advantage of NSS database storage. In this scenario, you need to pass the database's location and a nickname for the certificate to certmonger. Consider the following example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -d /tmp -n Test-Certificate</code></pre>
+
+		</div><div class="para">
+			You can specify a number of options on the command line for the CSR, such as the subject name and different types of SAN values, or you can accept the default values. For example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/babs.crt -k /tmp/babs.key \</code>
+<code class="command">-N "CN=Bob Diddley" -K bdiddley at EXAMPLE.COM -E bob at example.com</code></pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">getcert</code> man page for more information about the available command options.
+		</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA">B.4. Using certmonger with IPA</h2></div></div></div><div class="para">
+			The only difference between using <code class="systemitem">certmonger</code> with the IPA CA and producing a self-signed certificate is changing the command prefix. Instead of using <code class="command">selfsign-getcert</code>, use the <code class="command">ipa-getcert</code> command. For example: 
+<pre class="screen"><code class="command">ipa-getcert request -r \</code>
+  <code class="command">-f /etc/httpd/conf/ssl.crt/server.crt \</code>
+  <code class="command">-k /etc/httpd/conf/ssl.key/server.key \</code>
+  <code class="command">-N CN=`hostname --fqdn` \</code>
+  <code class="command">-D `hostname --fqdn` \</code>
+  <code class="command">-U id-kp-serverAuth</code></pre>
+
+		</div></div></div><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</h2></div></div></div><div class="para">
+			This appendix addresses the situation where a customer has previously deployed an internal Directory Server (DS) and is planning to use IPA instead. The customer needs to transfer all user data from the DS to IPA so that IPA can function fully and correctly. The goal is to perform this migration without requiring that users change their passwords or perform some other specific action.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</h3></div></div></div><div class="para">
+				It is not practical to identify and address each of the scenarios in which a DS and IPA might be deployed, and where migration might be required. Consequently, the following assumptions are made:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						This is a one-to-one transition from one DS realm to one IPA realm. No consolidation is involved.
+					</div></li><li class="listitem"><div class="para">
+						User passwords are stored as a hash in the source DS in a form that the IPA DS can understand
+					</div></li><li class="listitem"><div class="para">
+						You are using LDAP as the central authentication service, and the client machines are configured to use <code class="systemitem">pam_ldap</code> and <code class="systemitem">nss_ldap</code>
+					</div></li><li class="listitem"><div class="para">
+						Some machines might be present that are managed by <code class="systemitem">NIS</code> or are not part of the DS deployment, but are planned to be part of the IPA domain
+					</div><div class="para">
+						Machines that cannot be moved from the <code class="systemitem">NIS</code> domain to LDAP or IPA because they are old and do not support <code class="systemitem">nss_ldap</code> are assumed to remain in and be served by the <code class="systemitem">NIS</code> domain. The migration of such machines to the IPA domain, while possible, is a challenging task and is out of the scope of the current use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</h3></div></div></div><div class="para">
+				A number of issues exist that need to be considered when planning the migration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A generic DS uses a different schema and <em class="firstterm">Directory Information Tree (DIT)</em> when compared to IPA. No known DS uses the same flat DIT structure that IPA uses. IPA is optimized for performance, and attempts to avoid any architectural design flaws that have occurred in the past.
+					</div></li><li class="listitem"><div class="para">
+						IPA uses Kerberos for authentication, and so each user requires that Kerberos keys be stored in the IPA DS, in addition to the standard LDAP hashes used by the DS
+					</div><div class="para">
+						In order to generate these keys, the password needs to be available in clear text to IPA's DS password plug-in. It is available when the user is created in IPA using IPA tools or LDAP, but this is not the case when the user is migrated from other external storage such as another DS. Consequently, the existing password hashes can be reloaded, but the Kerberos hashes cannot be generated. IPA provides a number of solutions to overcome this issue; these are described later in this appendix.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</h3></div></div></div><div class="para">
+				The following have been identified as typical migration scenarios:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA but do not use its Kerberos features for now
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features using only IPA v1 functionality. That is, do not use SSSD.
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features on some machines, while some machines will use SSSD and some will not; this is the primary use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</h3></div></div></div><div class="para">
+				The following sections describe the initial, pre‐migration state, and the final, post‐migration state of a DS deployment when migrating to a single IPA domain.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</h4></div></div></div><div class="para">
+					In the initial state, there is a single data source (the Directory Server) and a single client machine configuration. This client configuration uses <code class="systemitem">LDAP</code> to connect to the Directory Server and retrieve information about users and groups. This configuration uses <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> for authentication and identity lookups. These modules enable the client systems to use data retrieved from the DS just as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. The following diagram illustrates this type of implementation, where <code class="systemitem">LDAP</code> is used to connect to the DS for both authentication and authorization. The case where <code class="systemitem">Kerberos</code> is used for authentication and <code class="systemitem">LDAP</code> for identity, and where these two data stores are synchronized, is not
  described here. Consequently, the initial state may not be as simple or as straightforward as displayed here, however the approach and the final state will be similar.
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure C.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</h4></div></div></div><div class="para">
+					In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure C.2, “Final state of deployment after migrating to IPA”</a>
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure C.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">C.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
+							Clients connect to IPA via SSSD. SSSD is integrated into the PAM and NSS stacks by means of PAM_SSS and NSS_SSS, respectively. SSSD's LDAP back end is configured for both authentication and for identity lookups. In this use case, IPA functions like a normal DS.
+						</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Kerberos authentication can be configured instead of LDAP authentication. In this case, IPA acts as a normal DS for identity lookups and a normal KDC for Kerberos authentication.
+						</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_IPAs_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using IPA's Back End</h5>
+							This configuration is similar to that described above, except that SSSD has a special back end that is more IPA-aware. If this back end is configured, then SSSD can take advantage of specific IPA features, such as silent password migration and host-based access control.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-LDAP_connected_Machines"><h5 class="formalpara">LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_LDAP and NSS_LDAP. In this use case, too, IPA functions like a normal Directory Server.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-KRB5LDAP_connected_Machines"><h5 class="formalpara">KRB5/LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_KRB5 and NSS_LDAP. This is the same configuration as that provided for IPA v1.x
+						</div><div class="para">
+						In the initial state, clients use LDAP to communicate with the Directory Server to retrieve information about users and groups. <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> are modules that enable the client systems to use data retrieved from the Directory Server as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. In the final state, IPA provides all of the same functionality and many more features besides.
+					</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
+				The migration from DS to IPA requires:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Installing IPA on a suitable machine
+					</div></li><li class="listitem"><div class="para">
+						Migrating the user data. This step is performed by an IPA command which:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dumps the data from DS
+							</div></li><li class="listitem"><div class="para">
+								Converts the data into a format suitable for IPA
+							</div></li><li class="listitem"><div class="para">
+								Loads the converted data into IPA
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						Reconfiguring clients to connect to IPA. This is required because the IPA Directory Information Tree (DIT) is different from the DS DIT.
+					</div></li></ol></div><div class="para">
+				To achieve a successful migration, changes are required both on the client and on the server machines. Reconfiguration of the clients is not required immediately after changes are made to the server. This allows for a transition period, without which it would not be possible to deploy the solution.
+			</div><div class="para">
+				At present the only option is to run IPA and DS concurrently until all the clients are reconfigured to point to IPA. Two main migration strategies currently exist:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate the server first
+					</div></li><li class="listitem"><div class="para">
+						Deploy SSSD first
+					</div></li></ul></div><div class="para">
+				Each approach is valid and accomplishes the same goal, but using a different sequence of operations.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
+					Each approach has a different impact on the IT team and the users. You need to select the approach that best suits your deployment. These scenarios can be modified to meet the needs of your enterprise. Provided you understand the implications and reasoning behind each step, there is no requirement to follow the steps in the given order. It is important to understand that until the Kerberos keys are generated in IPA, users will not be able to authenticate with Kerberos credentials using <code class="systemitem">PAM_KRB5</code> or <code class="command">kinit</code>.
+				</div><div class="para">
+					You should also consider an alternative migration scenario, where passwords are not migrated. In this scenario, users are not migrated into IPA but rather added as new users with new passwords. Users would then change their password the first time they authenticate. The initial password would be defined by IT and sent to users by email or communicated in some other way.
+				</div><div class="para">
+					Migrating users from an existing system provides a smoother transition but also requires parallel management of DS and IPA during the migration. If you do not preserve passwords, the migration can be performed more quickly and you can avoid the period of double management of IPA and DS.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</h3></div></div></div><div class="para">
+				The following sequence of operations occurs when users are migrated using SSSD:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A user tries to log in to the machine.
+					</div></li><li class="listitem"><div class="para">
+						SSSD passes authentication to the IPA identity provider back end.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end attempts Kerberos authentication.
+					</div></li><li class="listitem"><div class="para">
+						Even though the user exists in the system, the authentication will fail with the error "key type is not supported", because the Kerberos keys do not yet exist.
+					</div></li><li class="listitem"><div class="para">
+						If SSSD is configured to migrate users, it will continue to the next step. Otherwise, it will fail authentication.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end then attempts to perform an LDAP bind. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Because it is going to perform a simple bind and send the password in the clear, this LDAP bind operation must use startTLS.
+								</div></li><li class="listitem"><div class="para">
+									Perform a simple bind.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The server-side plug-in will intercept this bind request and if the user has a Kerberos principal but no Kerberos keys, then the plug-in will generate the keys and store them in the user entry.
+					</div></li><li class="listitem"><div class="para">
+						If the bind operation fails for any reason, the IPA identity provider back end will fail authentication, otherwise it will continue.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end will unbind and try Kerberos authentication again. This time it is expected to succeed because the keys already exist in the entry.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Each phase of the migration should be performed as a single step.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				The first phase of the migration consists of setting up IPA and migrating data from the existing DS to that used by IPA. This involves the use of the <code class="command">ipa migrate-ds</code> command, which dumps the user data from the original DS, converts it into a format suitable for use by IPA, and then loads the converted data into IPA.
+			</div><div class="para">
+				The <code class="command">ipa migrate-ds</code> command connects to the DS and binds as the <code class="systemitem">Directory Manager</code>, and then extracts all objectClass=person objects from ou=People. This can be changed using the <code class="option">--user-container</code> option. It also extracts all objects from ou=Groups. This can be changed using the <code class="option">--group-container</code> option. It adds all object classes and attributes required by IPA (if they are missing) and coverts DNs in attributes to match the IPA Directory Information Tree (DIT). The command returns an error if migration is not enabled.
+			</div><div class="para">
+				Refer to the <code class="command">ipa migrate-ds</code> help page for more details about this command (<code class="command">ipa help migrate-ds</code>).
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure C.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
+						Install IPA, including any custom DS schema, on a different machine from the existing DS. Refer to 
+					</div></li><li class="step"><div class="para">
+						Use the following command to enable IPA migration mode:
+					</div><div class="para">
+						<code class="command"># ipa config-mod --enable-migration=TRUE</code>
+					</div></li><li class="step"><div class="para">
+						To migrate users and groups from an existing Directory Server using a default configuration, reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						To migrate users and groups from an existing IPAv1 installation using a default configuration, whose DS is reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds --user-container=cn=users,cn=accounts \</code> <code class="command">--group-container=cn=groups,cn=accounts <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						In this example, <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code> is the LDAP-URI and port number of the existing directory server from which you want to migrate your data. Update this URI to suit your own environment.
+					</div><div class="para">
+						Enter the <code class="systemitem">Directory Manager</code> password for the DS when prompted.
+					</div></li><li class="step"><div class="para">
+						Check the log file for errors and instructions on how to address them. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								The migration log file is currently not implemented. Instead, any error messages are printed to standard output.
+							</div></div></div>
+
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure C.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
+						Update the client configuration to use PAM_LDAP and NSS_LDAP to connect to IPA instead of connecting to DS, NIS, or using local files. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									If the intention is to automatically generate the Kerberos keys when a user authenticates, the configuration should use startTLS and simple bind authentication. For this to occur, the IT department needs to ensure the IPA server certificate is copied to the client.
+								</div></li><li class="listitem"><div class="para">
+									If the intention is to install SSSD on a client at a later date, the startTLS and certificate requirements do not apply.
+								</div></li></ul></div>
+
+					</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+					You should not update your client configuration to use PAM_KRB5 and NSS_LDAP (that is, the equivalent of IPA v1) at this stage unless absolutely necessary. This is because the Kerberos keys will not yet exist in the IPA user entries, and consequently users will not be able to log in. If such a configuration is required, users can be directed to a specific web page on the IPA server after the data has been loaded into the IPA server. This page will prompt the user for their password and perform an LDAP bind. The DS password plug-in will capture these passwords and generate the Kerberos keys.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Install SSSD on the machines that can support it:
+							</div><div class="para">
+								<code class="command"># yum install sssd</code>
+							</div></li><li class="listitem"><div class="para">
+								Configure SSSD to use IPA as a back end (Kerberos and LDAP). Installing SSSD and enrolling the client with IPA will ensure delivery of the machine Kerberos key and server certificate to the client. Refer to 
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section C.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
+							</div></li><li class="listitem"><div class="para">
+								As the migration of the user population progresses (that is, as the Kerberos keys are generated on the IPA server), you can begin to configure other, non-SSSD clients to suit your requirements.
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of all clients and users is complete, decommission the DS.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Install SSSD first on the machines that can support it:
+					</div><div class="para">
+						<code class="command"># yum install sssd</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure SSSD with the LDAP back end and point it to the existing DS deployment.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				Install IPA and migrate the existing DS data as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section C.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Start moving clients that have SSSD installed from the LDAP back end to the IPA back end, and enroll them with IPA. This will download the required keys and certificates.
+					</div></li><li class="listitem"><div class="para">
+						Instruct users to use (that is, to log in at least once) the machines with SSSD and IPA back end, or go to the web page and authenticate.
+					</div></li><li class="listitem"><div class="para">
+						Monitor the user migration process using the following LDAP query. This query detects the state of the migration by determining which users do not have a Kerberos principal key but do have a password.
+					</div><div class="para">
+						This query will prompt for the Directory Manager password. 
+<pre class="screen"><code class="command">$ ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'cn=users,cn=accounts,dc=example,dc=com' \</code>
+<code class="command">'(&amp;(!(krbprincipalkey=*))(userpassword=*))' uid</code></pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							It is important to include the quotes around the filter so that it is not interpreted by the shell.
+						</div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						As the user population is migrated (the Kerberos keys are generated), you can start reconfiguring other (non‐SSSD) clients as required. The clients can be set up in any state shown on the diagram above.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of the clients is complete, decommission the DS.
+					</div></li></ul></div></div></div></div><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
+	In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
+</div></dd><dt>account inactivation</dt><dd><div class="para">
+	Disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
+</div></dd><dt>ACI</dt><dd><div class="para">
+	An instruction that grants or denies permissions to entries in the directory.
+</div><p>See Also <a class="glossseealso" href="#access-control-instruction">access control instruction</a>.</p></dd><dt>ACL</dt><dd><div class="para">
+	The mechanism for controlling access to your directory.
+</div><p>See Also <a class="glossseealso" href="#access-control-list">access control list</a>.</p></dd><dt>All IDs Threshold</dt><dd><div class="para">
+	<span class="emphasis"><em>Replaced with the ID list scan limit in Directory Server version 7.1.</em></span> A size limit which is globally applied to every index key managed by the server. When the size of an individual ID list reaches this limit, the server replaces that ID list with an All IDs token.
+</div><p>See Also <a class="glossseealso" href="#IDList-scan-limit">ID list scan limit</a>.</p></dd><dt>All IDs token</dt><dd><div class="para">
+	A mechanism which causes the server to assume that all directory entries match the index key. In effect, the All IDs token causes the server to behave as if no index was available for the search request.
+</div></dd><dt>anonymous access</dt><dd><div class="para">
+	When granted, allows anyone to access directory information without providing credentials, and regardless of the conditions of the bind.
+</div></dd><dt>approximate index</dt><dd><div class="para">
+	Allows for efficient approximate or "sounds-like" searches.
+</div></dd><dt>attribute</dt><dd><div class="para">
+	Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.
+</div></dd><dt>attribute list</dt><dd><div class="para">
+	A list of required and optional attributes for a given entry type or object class.
+</div></dd><dt>authenticating directory server</dt><dd><div class="para">
+	In pass-through authentication (PTA), the authenticating Directory Server is the Directory Server that contains the authentication credentials of the requesting client. The PTA-enabled host sends PTA requests it receives from clients to the host.
+</div></dd><dt>authentication</dt><dd><div class="para">
+	(1) Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.
+</div><div class="para">
+	(2) Allows a <a class="xref" href="#client">client</a> to make sure they are connected to a secure server, preventing another computer from impersonating the server or attempting to appear secure when it is not.
+</div></dd><dt>authentication certificate</dt><dd><div class="para">
+	Digital file that is not transferable and not forgeable and is issued by a third party. Authentication certificates are sent from server to client or client to server in order to verify and authenticate the other party.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">B</h3><dl><dt>base distinguished name</dt><dd><p>See <a class="glosssee" href="#base-DN">base DN</a>.</p></dd><dt>base DN</dt><dd><div class="para">
+	Base distinguished name. A search operation is performed on the base DN, the DN of the entry and all entries below it in the directory tree.
+</div></dd><dt>bind distinguished name</dt><dd><p>See <a class="glosssee" href="#bind-DN">bind DN</a>.</p></dd><dt>bind DN</dt><dd><div class="para">
+	Distinguished name used to authenticate to Directory Server when performing an operation.
+</div></dd><dt>bind rule</dt><dd><div class="para">
+	In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information.
+</div></dd><dt>branch entry</dt><dd><div class="para">
+	An entry that represents the top of a subtree in the directory.
+</div></dd><dt>browser</dt><dd><div class="para">
+	Software, such as Mozilla Firefox, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server.
+</div></dd><dt>browsing index</dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="#virtual-list-view-index">virtual list view index </a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">C</h3><dl><dt>CA</dt><dd><p>See <a class="glosssee" href="#Certificate-Authority">Certificate Authority</a>.</p></dd><dt>cascading replication</dt><dd><div class="para">
+	In a cascading replication scenario, one server, often called the hub supplier, acts both as a consumer and a supplier for a particular replica. It holds a read-only replica and maintains a changelog. It receives updates from the supplier server that holds the master copy of the data and in turn supplies those updates to the consumer.
+</div></dd><dt>certificate</dt><dd><div class="para">
+	A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes.
+</div></dd><dt>Certificate Authority</dt><dd><div class="para">
+	Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Authority that you trust. Also known as a <a class="xref" href="#CA">CA</a>.
+</div></dd><dt>CGI</dt><dd><div class="para">
+	Common Gateway Interface. An interface for external programs to communicate with the HTTP server. Programs written to use CGI are called CGI programs or CGI scripts and can be written in many of the common programming languages. CGI programs handle forms or perform output parsing that is not done by the server itself.
+</div></dd><dt>chaining</dt><dd><div class="para">
+	A method for relaying requests to another server. Results for the request are collected, compiled, and then returned to the client.
+</div></dd><dt>changelog</dt><dd><div class="para">
+	A changelog is a record that describes the modifications that have occurred on a replica. The supplier server then replays these modifications on the replicas stored on replica servers or on other masters, in the case of multi-master replication.
+</div></dd><dt>character type</dt><dd><div class="para">
+	Distinguishes alphabetic characters from numeric or other characters and the mapping of upper-case to lower-case letters.
+</div></dd><dt>ciphertext</dt><dd><div class="para">
+	Encrypted information that cannot be read by anyone without the proper key to decrypt the information.
+</div></dd><dt>class definition</dt><dd><div class="para">
+	Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory.
+</div></dd><dt>class of service</dt><dd><p>See <a class="glosssee" href="#CoS">CoS</a>.</p></dd><dt>classic CoS</dt><dd><div class="para">
+	A classic CoS identifies the template entry by both its DN and the value of one of the target entry's attributes.
+</div></dd><dt>client</dt><dd><p>See <a class="glosssee" href="#LDAP-client">LDAP client</a>.</p></dd><dt>code page</dt><dd><div class="para">
+	An internal table used by a locale in the context of the internationalization plug-in that the operating system uses to relate keyboard keys to character font screen displays.
+</div></dd><dt>collation order</dt><dd><div class="para">
+	Provides language and cultural-specific information about how the characters of a given language are to be sorted. This information might include the sequence of letters in the alphabet or how to compare letters with accents to letters without accents.
+</div></dd><dt>consumer</dt><dd><div class="para">
+	Server containing replicated directory trees or subtrees from a supplier server.
+</div></dd><dt>consumer server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server is called a consumer for that replica.
+</div></dd><dt>CoS</dt><dd><div class="para">
+	A method for sharing attributes between entries in a way that is invisible to applications.
+</div></dd><dt>CoS definition entry</dt><dd><div class="para">
+	Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects.
+</div></dd><dt>CoS template entry</dt><dd><div class="para">
+	Contains a list of the shared attribute values.
+</div><p>See Also <a class="glossseealso" href="#template-entry">template entry</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">D</h3><dl><dt>daemon</dt><dd><div class="para">
+	A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning.
+</div></dd><dt>DAP</dt><dd><div class="para">
+	Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory.
+</div></dd><dt>data master</dt><dd><div class="para">
+	The server that is the master source of a particular piece of data.
+</div></dd><dt>database link</dt><dd><div class="para">
+	An implementation of chaining. The database link behaves like a database but has no persistent storage. Instead, it points to data stored remotely.
+</div></dd><dt>default index</dt><dd><div class="para">
+	One of a set of default indexes created per database instance. Default indexes can be modified, although care should be taken before removing them, as certain plug-ins may depend on them.
+</div></dd><dt>definition entry</dt><dd><p>See <a class="glosssee" href="#CoS-definition-entry">CoS definition entry</a>.</p></dd><dt>Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="#DAP">DAP</a>.</p></dd><dt>Directory Manager</dt><dd><div class="para">
+	The privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager.
+</div></dd><dt>directory service</dt><dd><div class="para">
+	A database application designed to manage descriptive, attribute-based information about people and resources within an organization.
+</div></dd><dt>directory tree</dt><dd><div class="para">
+	The logical representation of the information stored in the directory. It mirrors the tree model used by most filesystems, with the tree's root point appearing at the top of the hierarchy. Also known as <a class="xref" href="#DIT">DIT</a>.
+</div></dd><dt>distinguished name</dt><dd><div class="para">
+	String representation of an entry's name and location in an LDAP directory.
+</div></dd><dt>DIT</dt><dd><p>See <a class="glosssee" href="#directory-tree">directory tree</a>.</p></dd><dt>DM</dt><dd><p>See <a class="glosssee" href="#Directory-Manager">Directory Manager</a>.</p></dd><dt>DN</dt><dd><p>See <a class="glosssee" href="#distinguished-name">distinguished name</a>.</p></dd><dt>DNS</dt><dd><div class="para">
+	Domain Name System. The system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as <code class="command">www.example.com</code>). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems.
+</div></dd><dt>DNS alias</dt><dd><div class="para">
+	A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as <code class="command">www.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain </em></span>might point to a real machine called <code class="command">realthing.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain</em></span> where the server currently exists.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">E</h3><dl><dt>entry</dt><dd><div class="para">
+	A group of lines in the LDIF file that contains information about an object.
+</div></dd><dt>entry distribution</dt><dd><div class="para">
+	Method of distributing directory entries across more than one server in order to scale to support large numbers of entries.
+</div></dd><dt>entry ID list</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists. The entry ID list is used by the directory to build a list of candidate entries that may match the client application's search request.
+</div></dd><dt>equality index</dt><dd><div class="para">
+	Allows you to search efficiently for entries containing a specific attribute value.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">F</h3><dl><dt>file extension</dt><dd><div class="para">
+	The section of a filename after the period or dot (.) that typically defines the type of file (for example, .GIF and .HTML). In the filename <code class="command">index.html</code> the file extension is <code class="command">html</code>.
+</div></dd><dt>file type</dt><dd><div class="para">
+	The format of a given file. For example, graphics files are often saved in GIF format, while a text file is usually saved as ASCII text format. File types are usually identified by the file extension (for example, .GIF or .HTML).
+</div></dd><dt>filter</dt><dd><div class="para">
+	A constraint applied to a directory query that restricts the information returned.
+</div></dd><dt>filtered role</dt><dd><div class="para">
+	Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter. Entries that match the filter are said to possess the role.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">G</h3><dl><dt>general access</dt><dd><div class="para">
+	When granted, indicates that all authenticated users can access directory information.
+</div></dd><dt>GSS-API</dt><dd><div class="para">
+	Generic Security Services. The generic access protocol that is the native way for UNIX-based systems to access and authenticate Kerberos services; also supports session encryption.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">H</h3><dl><dt>hostname</dt><dd><div class="para">
+	A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, <code class="command">www.example.com </code>is the machine <code class="command">www</code> in the subdomain <code class="command">example</code> and <code class="command">com</code> domain.
+</div></dd><dt>HTML</dt><dd><div class="para">
+	Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Mozilla Firefox how to display text, position graphics, and form items and to display links to other pages.
+</div></dd><dt>HTTP</dt><dd><div class="para">
+	Hypertext Transfer Protocol. The method for exchanging information between HTTP servers and clients.
+</div></dd><dt>HTTPD</dt><dd><div class="para">
+	An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol. The daemon or service is often called an httpd.
+</div></dd><dt>HTTPS</dt><dd><div class="para">
+	A secure version of HTTP, implemented using the Secure Sockets Layer, SSL.
+</div></dd><dt>hub</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server, and, in turn, replicates it to a third server.
+</div><p>See Also <a class="glossseealso" href="#cascading-replication">cascading replication</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">I</h3><dl><dt>ID list scan limit</dt><dd><div class="para">
+	A size limit which is globally applied to any indexed search operation. When the size of an individual ID list reaches this limit, the server replaces that ID list with an all IDs token.
+</div></dd><dt>index key</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
+</div></dd><dt>indirect CoS</dt><dd><div class="para">
+	An indirect CoS identifies the template entry using the value of one of the target entry's attributes.
+</div></dd><dt>international index</dt><dd><div class="para">
+	Speeds up searches for information in international directories.
+</div></dd><dt>International Standards Organization</dt><dd><p>See <a class="glosssee" href="#ISO">ISO</a>.</p></dd><dt>IP address</dt><dd><div class="para">
+	<span class="emphasis"><em>Also Internet Protocol address.</em></span> A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10). Directory Server supports both IPv4 and IPv6 IP addresses.
+</div></dd><dt>ISO</dt><dd><div class="para">
+	International Standards Organization.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">K</h3><dl><dt>knowledge reference</dt><dd><div class="para">
+	Pointers to directory information stored in different databases.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">L</h3><dl><dt>LDAP</dt><dd><div class="para">
+	Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms.
+</div></dd><dt>LDAP client</dt><dd><div class="para">
+	Software used to request and view LDAP entries from an LDAP Directory Server.
+</div><p>See Also <a class="glossseealso" href="#browser">browser</a>.</p></dd><dt>LDAP Data Interchange Format</dt><dd><p>See <a class="glosssee" href="#LDAP-Data-Interchange-Format">LDAP Data Interchange Format</a>.</p></dd><dt>LDAP URL</dt><dd><div class="para">
+	Provides the means of locating Directory Servers using DNS and then completing the query via LDAP. A sample LDAP URL is <code class="command">ldap://ldap.example.com</code>.
+</div></dd><dt>LDAPv3</dt><dd><div class="para">
+	Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.
+</div></dd><dt>LDBM database</dt><dd><div class="para">
+	A high-performance, disk-based database consisting of a set of large files that contain all of the data assigned to it. The primary data store in Directory Server.
+</div></dd><dt>LDIF</dt><dd><div class="para">
+	LDAP Data Interchange Format. Format used to represent Directory Server entries in text form.
+</div></dd><dt>leaf entry</dt><dd><div class="para">
+	An entry under which there are no other entries. A leaf entry cannot be a branch point in a directory tree.
+</div></dd><dt>Lightweight Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="#LDAP">LDAP</a>.</p></dd><dt>locale</dt><dd><div class="para">
+	Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom. This includes information on how data of a given language is interpreted, stored, or collated. The locale also indicates which code page should be used to represent a given language.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">M</h3><dl><dt>managed object</dt><dd><div class="para">
+	A standard value which the SNMP agent can access and send to the NMS. Each managed object is identified with an official name and a numeric identifier expressed in dot-notation.
+</div></dd><dt>managed role</dt><dd><div class="para">
+	Allows creation of an explicit enumerated list of members.
+</div></dd><dt>management information base</dt><dd><p>See <a class="glosssee" href="#MIB">MIB</a>.</p></dd><dt>mapping tree</dt><dd><div class="para">
+	A data structure that associates the names of suffixes (subtrees) with databases.
+</div></dd><dt>master</dt><dd><p>See <a class="glosssee" href="#supplier">supplier</a>.</p></dd><dt>master agent</dt><dd><p>See <a class="glosssee" href="#SNMP-master-agent">SNMP master agent</a>.</p></dd><dt>matching rule</dt><dd><div class="para">
+	Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use.
+</div></dd><dt>MD5</dt><dd><div class="para">
+	A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest.
+</div></dd><dt>MD5 signature</dt><dd><div class="para">
+	A message digest produced by the MD5 algorithm.
+</div></dd><dt>MIB</dt><dd><div class="para">
+	Management Information Base. All data, or any portion thereof, associated with the SNMP network. We can think of the MIB as a database which contains the definitions of all SNMP managed objects. The MIB has a tree-like hierarchy, where the top level contains the most general information about the network and lower levels deal with specific, separate network areas.
+</div></dd><dt>MIB namespace</dt><dd><div class="para">
+	Management Information Base namespace. The means for directory data to be named and referenced. Also called the <a class="xref" href="#directory-tree">directory tree</a>.
+</div></dd><dt>monetary format</dt><dd><div class="para">
+	Specifies the monetary symbol used by specific region, whether the symbol goes before or after its value, and how monetary units are represented.
+</div></dd><dt>multi-master replication</dt><dd><div class="para">
+	An advanced replication scenario in which two servers each hold a copy of the same read-write replica. Each server maintains a changelog for the replica. Modifications made on one server are automatically replicated to the other server. In case of conflict, a time stamp is used to determine which server holds the most recent version.
+</div></dd><dt>multiplexor</dt><dd><div class="para">
+	The server containing the database link that communicates with the remote server.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">N</h3><dl><dt>n + 1 directory problem</dt><dd><div class="para">
+	The problem of managing multiple instances of the same information in different directories, resulting in increased hardware and personnel costs.
+</div></dd><dt>name collisions</dt><dd><div class="para">
+	Multiple entries with the same distinguished name.
+</div></dd><dt>nested role</dt><dd><div class="para">
+	Allows the creation of roles that contain other roles.
+</div></dd><dt>network management application</dt><dd><div class="para">
+	Network Management Station component that graphically displays information about SNMP managed devices, such as which device is up or down and which and how many error messages were received.
+</div></dd><dt>network management station</dt><dd><p>See <a class="glosssee" href="#NMS">NMS</a>.</p></dd><dt>NIS</dt><dd><div class="para">
+	Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, filesystems, and network parameters throughout a network of computers.
+</div></dd><dt>NMS</dt><dd><div class="para">
+	Powerful workstation with one or more network management applications installed. Also <a class="xref" href="#network-management-station">network management station</a>.
+</div></dd><dt>ns-slapd</dt><dd><div class="para">
+	Red Hat's LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server.
+</div><p>See Also <a class="glossseealso" href="#slapd">slapd</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">O</h3><dl><dt>object class</dt><dd><div class="para">
+	Defines an entry type in the directory by defining which attributes are contained in the entry.
+</div></dd><dt>object identifier</dt><dd><div class="para">
+	A string, usually of decimal numbers, that uniquely identifies a schema element, such as an object class or an attribute, in an object-oriented system. Object identifiers are assigned by ANSI, IETF or similar organizations.
+</div><p>See Also <a class="glossseealso" href="#OID">OID</a>.</p></dd><dt>OID</dt><dd><p>See <a class="glosssee" href="#object-identifier">object identifier</a>.</p></dd><dt>operational attribute</dt><dd><div class="para">
+	Contains information used internally by the directory to keep track of modifications and subtree properties. Operational attributes are not returned in response to a search unless explicitly requested.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">P</h3><dl><dt>parent access</dt><dd><div class="para">
+	When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry.
+</div></dd><dt>pass-through authentication</dt><dd><p>See <a class="glosssee" href="#PTA">PTA</a>.</p></dd><dt>pass-through subtree</dt><dd><div class="para">
+	In pass-through authentication, the <a class="xref" href="#PTA-directory-server">PTA directory server</a> will pass through bind requests to the <a class="xref" href="#authenticating-directory-server">authenticating directory server</a> from all clients whose DN is contained in this subtree.
+</div></dd><dt>password file</dt><dd><div class="para">
+	A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as <code class="command">/etc/passwd</code> because of where it is kept.
+</div></dd><dt>password policy</dt><dd><div class="para">
+	A set of rules that governs how passwords are used in a given directory.
+</div></dd><dt>PDU</dt><dd><div class="para">
+	Encoded messages which form the basis of data exchanges between SNMP devices. Also <a class="xref" href="#protocol-data-unit">protocol data unit</a>.
+</div></dd><dt>permission</dt><dd><div class="para">
+	In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied.
+</div><p>See Also <a class="glossseealso" href="#access-rights">access rights</a>.</p></dd><dt>pointer CoS</dt><dd><div class="para">
+	A pointer CoS identifies the template entry using the template DN only.
+</div></dd><dt>presence index</dt><dd><div class="para">
+	Allows searches for entries that contain a specific indexed attribute.
+</div></dd><dt>protocol</dt><dd><div class="para">
+	A set of rules that describes how devices on a network exchange information.
+</div></dd><dt>protocol data unit</dt><dd><p>See <a class="glosssee" href="#PDU">PDU</a>.</p></dd><dt>proxy authentication</dt><dd><div class="para">
+	A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN.
+</div></dd><dt>proxy DN</dt><dd><div class="para">
+	Used with proxied authorization. The proxy DN is the DN of an entry that has access permissions to the target on which the client-application is attempting to perform an operation.
+</div></dd><dt>PTA</dt><dd><div class="para">
+	Mechanism by which one Directory Server consults another to check bind credentials. Also <a class="xref" href="#pass-through-authentication">pass-through authentication</a>.
+</div></dd><dt>PTA directory server</dt><dd><div class="para">
+	In pass-through authentication (<a class="xref" href="#PTA">PTA</a>), the PTA Directory Server is the server that sends (passes through) bind requests it receives to the <a class="xref" href="#authenticating-directory-server">authenticating directory server</a>.
+</div></dd><dt>PTA LDAP URL</dt><dd><div class="para">
+	In pass-through authentication, the URL that defines the <a class="xref" href="#authenticating-directory-server">authenticating directory server</a>, pass-through subtree(s), and optional parameters.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">R</h3><dl><dt>RAM</dt><dd><div class="para">
+	Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down.
+</div></dd><dt>rc.local</dt><dd><div class="para">
+	A file on Unix machines that describes programs that are run when the machine starts. It is also called <code class="filename">/etc/rc.local</code> because of its location.
+</div></dd><dt>RDN</dt><dd><div class="para">
+	The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name. Also <a class="xref" href="#relative-distinguished-name">relative distinguished name</a>.
+</div></dd><dt>read-only replica</dt><dd><div class="para">
+	A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas.
+</div></dd><dt>read-write replica </dt><dd><div class="para">
+	A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas.
+</div></dd><dt>referential integrity</dt><dd><div class="para">
+	Mechanism that ensures that relationships between related entries are maintained within the directory.
+</div></dd><dt>referral</dt><dd><div class="para">
+	(1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
+</div><div class="para">
+	(2) In the context of replication, when a read-only replica receives an update request, it forwards it to the server that holds the corresponding read-write replica. This forwarding process is called a referral.
+</div></dd><dt>relative distinguished name</dt><dd><p>See <a class="glosssee" href="#RDN">RDN</a>.</p></dd><dt>replica</dt><dd><div class="para">
+	A database that participates in replication.
+</div></dd><dt>replica-initiated replication</dt><dd><div class="para">
+	Replication configuration where replica servers, either hub or consumer servers, pull directory data from supplier servers. This method is available only for legacy replication.
+</div></dd><dt>replication</dt><dd><div class="para">
+	Act of copying directory trees or subtrees from supplier servers to replica servers.
+</div></dd><dt>replication agreement</dt><dd><div class="para">
+	Set of configuration parameters that are stored on the supplier server and identify the databases to replicate, the replica servers to which the data is pushed, the times during which replication can occur, the DN and credentials used by the supplier to bind to the consumer, and how the connection is secured.
+</div></dd><dt>RFC</dt><dd><div class="para">
+	Request for Comments. Procedures or standards documents submitted to the Internet community. People can send comments on the technologies before they become accepted standards.
+</div></dd><dt>role</dt><dd><div class="para">
+	An entry grouping mechanism. Each role has <span class="emphasis"><em>members</em></span>, which are the entries that possess the role.
+</div></dd><dt>role-based attributes</dt><dd><div class="para">
+	Attributes that appear on an entry because it possesses a particular role within an associated CoS template.
+</div></dd><dt>root</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.
+</div></dd><dt>root suffix</dt><dd><div class="para">
+	The parent of one or more sub suffixes. A directory tree can contain more than one root suffix.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">S</h3><dl><dt>SASL</dt><dd><div class="para">
+	An authentication framework for clients as they attempt to bind to a directory. Also <a class="xref" href="#Simple-Authentication-and-Security-Layer">Simple Authentication and Security Layer </a>.
+</div></dd><dt>schema</dt><dd><div class="para">
+	Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
+</div></dd><dt>schema checking</dt><dd><div class="para">
+	Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default, and users will receive an error if they try to save an entry that does not conform to the schema.
+</div></dd><dt>Secure Sockets Layer</dt><dd><p>See <a class="glosssee" href="#SSL">SSL</a>.</p></dd><dt>self access</dt><dd><div class="para">
+	When granted, indicates that users have access to their own entries if the bind DN matches the targeted entry.
+</div></dd><dt>Server Console</dt><dd><div class="para">
+	Java-based application that allows you to perform administrative management of your Directory Server from a GUI.
+</div></dd><dt>server daemon</dt><dd><div class="para">
+	The server daemon is a process that, once running, listens for and accepts requests from clients.
+</div></dd><dt>Server Selector</dt><dd><div class="para">
+	Interface that allows you select and configure servers using a browser.
+</div></dd><dt>server service</dt><dd><div class="para">
+	A process on Windows that, once running, listens for and accepts requests from clients. It is the SMB server on Windows NT.
+</div></dd><dt>service</dt><dd><div class="para">
+	A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning.
+</div></dd><dt>SIE</dt><dd><div class="para">
+	Server Instance Entry. The ID assigned to an instance of Directory Server during installation.
+</div></dd><dt>Simple Authentication and Security Layer </dt><dd><p>See <a class="glosssee" href="#glSASL">SASL</a>.</p></dd><dt>Simple Network Management Protocol</dt><dd><p>See <a class="glosssee" href="#SNMP">SNMP</a>.</p></dd><dt>single-master replication</dt><dd><div class="para">
+	The most basic replication scenario in which multiple servers, up to four, each hold a copy of the same read-write replicas to replica servers. In a single-master replication scenario, the supplier server maintains a changelog.
+</div></dd><dt>SIR</dt><dd><p>See <a class="glosssee" href="#supplier-initiated-replication">supplier-initiated replication</a>.</p></dd><dt>slapd</dt><dd><div class="para">
+	LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
+</div><p>See Also <a class="glossseealso" href="#ns-slapd">ns-slapd</a>.</p></dd><dt>SNMP</dt><dd><div class="para">
+	Used to monitor and manage application processes running on the servers by exchanging data about network activity. Also <a class="xref" href="#Simple-Network-Management-Protocol">Simple Network Management Protocol</a>.
+</div></dd><dt>SNMP master agent</dt><dd><div class="para">
+	Software that exchanges information between the various subagents and the NMS.
+</div></dd><dt>SNMP subagent</dt><dd><div class="para">
+	Software that gathers information about the managed device and passes the information to the master agent. Also called a <a class="xref" href="#subagent">subagent</a>.
+</div></dd><dt>SSL</dt><dd><div class="para">
+	A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP. Also called <a class="xref" href="#Secure-Sockets-Layer">Secure Sockets Layer</a>.
+</div></dd><dt>standard index</dt><dd><div class="para">
+	index maintained by default.
+</div></dd><dt>sub suffix</dt><dd><div class="para">
+	A branch underneath a root suffix.
+</div></dd><dt>subagent</dt><dd><p>See <a class="glosssee" href="#SNMP-subagent">SNMP subagent</a>.</p></dd><dt>substring index</dt><dd><div class="para">
+	Allows for efficient searching against substrings within entries. Substring indexes are limited to a minimum of two characters for each entry.
+</div></dd><dt>suffix</dt><dd><div class="para">
+	The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix.
+</div></dd><dt>superuser</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called <a class="xref" href="#root">root</a>.
+</div></dd><dt>supplier</dt><dd><div class="para">
+	Server containing the master copy of directory trees or subtrees that are replicated to replica servers.
+</div></dd><dt>supplier server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica.
+</div></dd><dt>supplier-initiated replication</dt><dd><div class="para">
+	Replication configuration where <a class="xref" href="#supplier">supplier</a> servers replicate directory data to any replica servers.
+</div></dd><dt>symmetric encryption</dt><dd><div class="para">
+	Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm.
+</div></dd><dt>system index</dt><dd><div class="para">
+	Cannot be deleted or modified as it is essential to Directory Server operations.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">T</h3><dl><dt>target</dt><dd><div class="para">
+	In the context of access control, the target identifies the directory information to which a particular ACI applies.
+</div></dd><dt>target entry</dt><dd><div class="para">
+	The entries within the scope of a CoS.
+</div></dd><dt>TCP/IP</dt><dd><div class="para">
+	Transmission Control Protocol/Internet Protocol. The main network protocol for the Internet and for enterprise (company) networks.
+</div></dd><dt>template entry</dt><dd><p>See <a class="glosssee" href="#CoS-template-entry">CoS template entry</a>.</p></dd><dt>time/date format</dt><dd><div class="para">
+	Indicates the customary formatting for times and dates in a specific region.
+</div></dd><dt>TLS</dt><dd><div class="para">
+	The new standard for secure socket layers; a public key based protocol. Also <a class="xref" href="#Transport-Layer-Security">Transport Layer Security</a>.
+</div></dd><dt>topology</dt><dd><div class="para">
+	The way a directory tree is divided among physical servers and how these servers link with one another.
+</div></dd><dt>Transport Layer Security</dt><dd><p>See <a class="glosssee" href="#TLS">TLS</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">U</h3><dl><dt>uid</dt><dd><div class="para">
+	A unique number associated with each user on a Unix system.
+</div></dd><dt>URL</dt><dd><div class="para">
+	Uniform Resource Locater. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is <span class="emphasis"><em>protocol</em></span>://<span class="emphasis"><em>machine</em></span>:<span class="emphasis"><em>port</em></span>/<span class="emphasis"><em>document</em></span>. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">V</h3><dl><dt>virtual list view index </dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="#browsing-index">browsing index</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">X</h3><dl><dt>X.500 standard</dt><dd><div class="para">
+	The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementation.
+</div></dd></dl></div></div><div class="index" id="id3129987"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div class="index"></div></div></div></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/common.css b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/common.css
new file mode 100644
index 0000000..e0090e2
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/common.css
@@ -0,0 +1,1504 @@
+body, h1, h2, h3, h4, h5, h6, pre, li, div {
+	line-height: 1.29em;
+}
+
+body {
+	background-color: white;
+	margin:0 auto;
+	font-family: "liberation sans", "Myriad ", "Bitstream Vera Sans", "Lucida Grande", "Luxi Sans", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size:12px;
+	max-width:55em;
+	color:black;
+}
+
+body.toc_embeded {
+	/*for web hosting system only*/
+	margin-left: 300px;
+}
+
+object.toc, iframe.toc {
+	/*for web hosting system only*/
+	border-style:none;
+	position:fixed;
+	width:290px;
+	height:99.99%;
+	top:0;
+	left:0;
+	z-index: 100;
+	border-style:none;
+	border-right:1px solid #999;
+}
+
+/* Hide web menu */
+
+body.notoc {
+	margin-left: 3em;
+}
+
+iframe.notoc {
+	border-style:none;
+	border: none;
+	padding: 0em;
+	position:fixed;
+	width: 21px;
+	height: 29px;
+	top: 0px;
+	left:0;
+	overflow: hidden;
+	margin: 0em;
+	margin-left: -3px;
+}
+/* End hide web menu */
+
+/* desktop styles */
+body.desktop {
+	margin-left: 26em;
+}
+
+body.desktop .book > .toc {
+	display:block;
+	width:24em;
+	height:99%;
+	position:fixed;
+	overflow:auto;
+	top:0px;
+	left:0px;
+	padding-left:1em;
+	background-color:#EEEEEE;
+}
+
+.toc {
+	line-height:1.35em;
+}
+
+.toc .glossary,
+.toc .chapter, .toc .appendix {
+	margin-top:1em;
+}
+
+.toc .part {
+	margin-top:1em;
+	display:block;
+}
+
+span.glossary,
+span.appendix {
+	display:block;
+	margin-top:0.5em;
+}
+
+div {
+	padding-top:0px;
+}
+
+div.section {
+	padding-top:1em;
+}
+
+p, div.para, div.formalpara {
+	padding-top:0px;
+	margin-top:0.3em;
+	padding-bottom:0px;
+	margin-bottom:1em;
+}
+
+/*Links*/
+a {
+	outline: none;
+}
+
+a:link {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#3366cc;
+}
+
+a:visited {
+	text-decoration:none;
+	border-bottom: 1px dotted ;
+	color:#003366;
+}
+
+div.longdesc-link {
+	float:right;
+	color:#999;
+}
+
+.toc a, .qandaset a {
+	font-weight:normal;
+}
+
+/*headings*/
+h1, h2, h3, h4, h5, h6 {
+	color: #336699;
+	margin-top: 0em;
+	margin-bottom: 0em;
+	background-color: transparent;
+}
+
+h1 {
+	font-size:2.0em;
+}
+
+.titlepage h1.title {
+	font-size: 3.0em;
+	padding-top: 1em;
+	text-align:left;
+}
+
+.book > .titlepage h1.title {
+	text-align:center;
+}
+
+.article > .titlepage h1.title {
+	text-align:center;
+}
+
+.set .titlepage > div > div > h1.title {
+	text-align:center;
+}
+
+.producttitle {
+	margin-top: 0em;
+	margin-bottom: 0em;
+	font-size: 3.0em;
+	font-weight: bold;
+	background: #003d6e url(../images/h1-bg.png) top left repeat-x;
+	color: white;
+	text-align: center;
+	padding: 0.7em;
+}
+
+.titlepage .corpauthor {
+	margin-top: 1em;
+	text-align: center;
+}
+
+.section h1.title {
+	font-size: 1.6em;
+	padding: 0em;
+	color: #336699;
+	text-align: left;
+	background: white;
+}
+
+h2 {
+	font-size:1.6em;
+}
+
+
+h2.subtitle, h3.subtitle {
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	text-align: center;
+}
+
+.preface > div > div > div > h2.title {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+.appendix h2 {
+	margin-top: 1em;
+	font-size: 2.0em;
+}
+
+
+
+h3 {
+	font-size:1.3em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+h4 {
+	font-size:1.1em;
+	padding-top:0em;
+	padding-bottom:0em;
+}
+
+h5 {
+	font-size:1em;
+}
+
+h6 {
+	font-size:1em;
+}
+
+h5.formalpara {
+	font-size:1em;
+	margin-top:2em;
+	margin-bottom:.8em;
+}
+
+.abstract h6 {
+	margin-top:1em;
+	margin-bottom:.5em;
+	font-size:2em;
+}
+
+/*element rules*/
+hr {
+	border-collapse: collapse;
+	border-style:none;
+	border-top: 1px dotted #ccc;
+	width:100%;
+	margin-top: 3em;
+}
+
+/* web site rules */
+ul.languages, .languages li {
+	display:inline;
+	padding:0em;
+}
+
+.languages li a {
+	padding:0em .5em;
+	text-decoration: none;
+}
+
+.languages li p, .languages li div.para {
+	display:inline;
+}
+
+.languages li a:link, .languages li a:visited {
+	color:#444;
+}
+
+.languages li a:hover, .languages li a:focus, .languages li a:active {
+	color:black;
+}
+
+ul.languages {
+	display:block;
+	background-color:#eee;
+	padding:.5em;
+}
+
+/*supporting stylesheets*/
+
+/*unique to the webpage only*/
+.books {
+	position:relative;
+}
+
+.versions li {
+	width:100%;
+	clear:both;
+	display:block;
+}
+
+a.version {
+	font-size:2em;
+	text-decoration:none;
+	width:100%;
+	display:block;
+	padding:1em 0em .2em 0em;
+	clear:both;
+}
+
+a.version:before {
+	content:"Version";
+	font-size:smaller;
+}
+
+a.version:visited, a.version:link {
+	color:#666;
+}
+
+a.version:focus, a.version:hover {
+	color:black;
+}
+
+.books {
+	display:block;
+	position:relative;
+	clear:both;
+	width:100%;
+}
+
+.books li {
+	display:block;
+	width:200px;
+	float:left;
+	position:relative;
+	clear: none ;
+}
+
+.books .html {
+	width:170px;
+	display:block;
+}
+
+.books .pdf {
+	position:absolute;
+	left:170px;
+	top:0px;
+	font-size:smaller;
+}
+
+.books .pdf:link, .books .pdf:visited {
+	color:#555;
+}
+
+.books .pdf:hover, .books .pdf:focus {
+	color:#000;
+}
+
+.books li a {
+	text-decoration:none;
+}
+
+.books li a:hover {
+	color:black;
+}
+
+/*products*/
+.products li {
+	display: block;
+	width:300px;
+	float:left;
+}
+
+.products li a {
+	width:300px;
+	padding:.5em 0em;
+}
+
+.products ul {
+	clear:both;
+}
+
+/*revision history*/
+.revhistory {
+	display:block;
+}
+
+.revhistory table {
+	background-color:transparent;
+	border-color:#fff; 
+	padding:0em;
+	margin: 0;
+	border-collapse:collapse;
+	border-style:none; 
+}
+
+.revhistory td {
+	text-align :left;
+	padding:0em;
+	border: none; 
+	border-top: 1px solid #fff;
+	font-weight: bold;
+}
+
+.revhistory .itemizedlist {
+	font-weight: normal;
+}
+
+.revhistory ul {
+	margin-top: 0;
+	margin-left: 1em;
+}
+
+.revhistory .simplelist td {
+	font-weight: normal;
+}
+
+.revhistory .simplelist {
+	margin-bottom: 0em;
+	margin-left: 1em;
+}
+
+.revhistory table th {
+	display: none;
+}
+
+
+/*credits*/
+.authorgroup div {
+	clear:both;
+	text-align: center;
+}
+
+h3.author {
+	margin: 0em;
+	padding: 0em;
+	padding-top: 1em;
+}
+
+.authorgroup h4 {
+	padding: 0em;
+	margin: 0em;
+	padding-top: 1em;
+	margin-top: 1em;
+}
+
+.author, 
+.editor, 
+.translator, 
+.othercredit,
+.contrib {
+	display: block;
+}
+
+.revhistory .author {
+	display: inline;
+}
+
+.othercredit h3 {
+	padding-top: 1em;
+}
+
+
+.othercredit {
+	margin:0em;
+	padding:0em;
+}
+
+.releaseinfo {
+	clear: both;
+}
+
+.copyright {
+	margin-top: 1em;
+}
+
+/* qanda sets */
+.answer {
+	margin-bottom:1em;
+	border-bottom:1px dotted #ccc;
+}
+
+.qandaset .toc {
+	border-bottom:1px dotted #ccc;
+}
+
+.question {
+	font-weight:bold;
+}
+
+.answer .data, .question .data {
+	padding-left: 2.6em;
+}
+
+.answer label, .question label {
+	float:left;
+	font-weight:bold;
+}
+
+/* inline syntax highlighting */
+.perl_Alert {
+	color: #0000ff;
+}
+
+.perl_BaseN {
+	color: #007f00;
+}
+
+.perl_BString {
+	color: #5C3566;
+}
+
+.perl_Char {
+	color: #ff00ff;
+}
+
+.perl_Comment {
+	color: #FF00FF;
+}
+
+
+.perl_DataType {
+	color: #0000ff;
+}
+
+
+.perl_DecVal {
+	color: #00007f;
+}
+
+
+.perl_Error {
+	color: #ff0000;
+}
+
+
+.perl_Float {
+	color: #00007f;
+}
+
+
+.perl_Function {
+	color: #007f00;
+}
+
+
+.perl_IString {
+	color: #5C3566;
+}
+
+
+.perl_Keyword {
+	color: #002F5D;
+}
+
+
+.perl_Operator {
+	color: #ffa500;
+}
+
+
+.perl_Others {
+	color: #b03060;
+}
+
+
+.perl_RegionMarker {
+	color: #96b9ff;
+}
+
+
+.perl_Reserved {
+	color: #9b30ff;
+}
+
+
+.perl_String {
+	color: #5C3566;
+}
+
+
+.perl_Variable {
+	color: #0000ff;
+}
+
+
+.perl_Warning {
+	color: #0000ff;
+}
+
+/*Lists*/
+ul {
+	padding-left:1.6em;
+	list-style-image:url(../images/dot.png);
+	list-style-type: circle;
+}
+
+ul ul {
+	list-style-image:url(../images/dot2.png);
+	list-style-type: circle;
+}
+
+ol {
+	list-style-image:none;
+	list-style-type: decimal;
+}
+
+ol ol {
+	list-style-type: lower-alpha;
+}
+
+ol.arabic {
+	list-style-type: decimal;
+}
+
+ol.loweralpha {
+	list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+	list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+	list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+	list-style-type: upper-roman;
+}
+
+dt {
+	font-weight:bold;
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+dd {
+	margin:0em;
+	margin-left:2em;
+	padding-top:0em;
+	padding-bottom: 1em;
+}
+
+li {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.4em;
+}
+
+li p, li div.para {
+	padding-top:0px;
+	margin-top:0em;
+	padding-bottom:0px;
+	margin-bottom:0.3em;
+}
+
+/*images*/
+img {
+	display:block;
+	margin: 2em 0;
+}
+
+.inlinemediaobject, .inlinemediaobject img {
+	display:inline;
+	margin:0em;
+}
+
+.figure img {
+	display:block;
+	margin:0;
+}
+
+.figure .title {
+	margin:0em;
+	margin-bottom:2em;
+	padding:0px;
+}
+
+/*document modes*/
+.confidential {
+	background-color:#900;
+	color:White;
+	padding:.5em .5em;
+	text-transform:uppercase;
+	text-align:center;
+}
+
+.longdesc-link {
+	display:none;
+}
+
+.longdesc {
+	display:none;
+}
+
+.prompt {
+	padding:0em .3em;
+}
+
+/*user interface styles*/
+.screen .replaceable {
+}
+
+.guibutton, .guilabel {
+	font-family: "liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight: bold;
+	white-space: nowrap;
+}
+
+.example {
+	background-color: #ffffff;
+	border-left: 3px solid #aaaaaa;
+	padding-top: 1em;
+	padding-bottom: 0.1em;
+}
+
+.example h6 {
+	padding-left: 10px;
+}
+
+.example-contents {
+	padding-left: 10px;
+	background-color: #ffffff;
+}
+
+.example-contents .para {
+/*	 padding: 10px;*/
+}
+
+/*terminal/console text*/
+.computeroutput, 
+.option {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+.replaceable {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-style: italic;
+}
+
+.command, .filename, .keycap, .classname, .literal {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	font-weight:bold;
+}
+
+/* no bold in toc */
+.toc * {
+	font-weight: inherit;
+}
+
+pre {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	display:block;
+	background-color: #f5f5f5;
+	color: #000000;
+	border: 1px solid #aaaaaa;
+	margin-bottom: 0.3em;
+	padding:.5em 1em;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+	font-size: 0.9em;
+}
+
+pre .replaceable, 
+pre .keycap {
+}
+
+code {
+	font-family:"liberation mono", "bitstream vera mono", "dejavu mono", monospace;
+	white-space: nowrap;
+	font-weight:bold;
+}
+
+.parameter code {
+	display: inline;
+	white-space: pre-wrap; /* css-3 */
+	white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
+	white-space: -pre-wrap; /* Opera 4-6 */
+	white-space: -o-pre-wrap; /* Opera 7 */
+	word-wrap: break-word; /* Internet Explorer 5.5+ */
+}
+
+/*Notifications*/
+div.warning:before {
+	content:url(../images/warning.png);
+	padding-left: 5px;
+}
+
+div.note:before {
+	content:url(../images/note.png);
+	padding-left: 5px;
+}
+
+div.important:before {
+	content:url(../images/important.png);
+	padding-left: 5px;
+}
+
+div.warning, div.note, div.important {
+	color: black;
+	margin: 0em;
+	padding: 0em;
+	background: none;
+	background-color: white;
+	margin-bottom: 1em;
+	border-bottom: 1px solid #aaaaaa;
+}
+
+div.warning h2, div.note h2,div.important h2 {
+	margin: 0em;
+	padding: 0em;
+	color: #eeeeec;
+	padding-top: 0px;
+	padding-bottom: 0px;
+	height: 1.4em;
+	line-height: 1.4em;
+	font-size: 1.4em;
+	display:inline;
+}
+
+div.admonition_header {
+	clear: both;
+	margin: 0em;
+	padding: 0em;
+	margin-top: -3.3em;
+	padding-left: 58px;
+	line-height: 1.0em;
+	font-size: 1.0em;
+}
+
+div.warning div.admonition_header {
+	background: url(../images/red.png) top left repeat-x;
+	background-color: #590000;
+}
+
+div.note div.admonition_header {
+	background: url(../images/green.png) top right repeat-x;
+	background-color: #597800;
+}
+
+div.important div.admonition_header {
+	background: url(../images/yellow.png) top right repeat-x;
+	background-color: #a6710f;
+}
+
+div.warning p, div.warning div.para,
+div.note p, div.note div.para,
+div.important p, div.important div.para {
+	padding: 0em;
+	margin: 0em;
+}
+
+div.admonition {
+	border: none;
+	border-left: 1px solid #aaaaaa;
+	border-right: 1px solid #aaaaaa;
+	padding:0em;
+	margin:0em;
+	padding-top: 1.5em;
+	padding-bottom: 1em;
+	padding-left: 2em;
+	padding-right: 1em;
+	background-color: #eeeeec;
+	-moz-border-radius: 0px;
+	-webkit-border-radius: 0px;
+	border-radius: 0px;
+}
+
+/*Page Title*/
+#title  {
+	display:block;
+	height:45px;
+	padding-bottom:1em;
+	margin:0em;
+}
+
+#title a.left{
+	display:inline;
+	border:none;
+}
+
+#title a.left img{
+	border:none;
+	float:left;
+	margin:0em;
+	margin-top:.7em;
+}
+
+#title a.right {
+	padding-bottom:1em;
+}
+
+#title a.right img {
+	border:none;
+	float:right;
+	margin:0em;
+	margin-top:.7em;
+}
+
+/*Table*/
+table {
+	border:1px solid #6c614b;
+	width:100%;
+	border-collapse:collapse;
+}
+
+table.simplelist, .calloutlist table {
+	border-style: none;
+}
+
+table th {
+	text-align:left;
+	background-color:#6699cc;
+	padding:.3em .5em;
+	color:white;
+}
+
+table td {
+	padding:.15em .5em;
+}
+
+table tr.even td {
+	background-color:#f5f5f5;
+}
+
+table th p:first-child, table td p:first-child, table  li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table  li div.para:first-child {
+	margin-top:0em;
+	padding-top:0em;
+	display:inline;
+}
+
+th, td {
+	border-style:none;
+	vertical-align: top;
+	border: 1px solid #000;
+}
+
+.simplelist th, .simplelist td {
+	border: none;
+}
+
+table table td {
+	border-bottom:1px dotted #aaa;
+	background-color:white;
+	padding:.6em 0em;
+}
+
+table table {
+	border:1px solid white;
+}
+
+td.remarkval {
+	color:#444;
+}
+
+td.fieldval {
+	font-weight:bold;
+}
+
+.lbname, .lbtype, .lbdescr, .lbdriver, .lbhost {
+	color:white;
+	font-weight:bold;
+	background-color:#999;
+	width:120px;
+}
+
+td.remarkval {
+	width:230px;
+}
+
+td.tname {
+	font-weight:bold;
+}
+
+th.dbfield {
+	width:120px;
+}
+
+th.dbtype {
+	width:70px;
+}
+
+th.dbdefault {
+	width:70px;
+}
+
+th.dbnul {
+	width:70px;
+}
+
+th.dbkey {
+	width:70px;
+}
+
+span.book {
+	margin-top:4em;
+	display:block;
+}
+
+span.chapter {
+	display:block;
+	margin-top:0.5em;
+}
+
+table.simplelist td, .calloutlist table td {
+	border-style: none;
+}
+
+/*Breadcrumbs*/
+#breadcrumbs ul li.first:before {
+	content:" ";
+}
+
+#breadcrumbs {
+	color:#900;
+	padding:3px;
+	margin-bottom:25px;
+}
+
+#breadcrumbs ul {
+	margin-left:0;
+	padding-left:0;
+	display:inline;
+	border:none;
+}
+
+#breadcrumbs ul li {
+	margin-left:0;
+	padding-left:2px;
+	border:none;
+	list-style:none;
+	display:inline;
+}
+
+#breadcrumbs ul li:before {
+	content:"\0020 \0020 \0020 \00BB \0020";
+	color:#333;
+}
+
+/*index*/
+.glossary h3, 
+.index h3 {
+	font-size: 2em;
+	color:#aaa;
+	margin:0em;
+}
+
+.indexdiv {
+	margin-bottom:1em;
+}
+
+.glossary dt,
+.index dt {
+	color:#444;
+	padding-top:.5em;
+}
+
+.glossary dl dl dt, 
+.index dl dl dt {
+	color:#777;
+	font-weight:normal;
+	padding-top:0em;
+}
+
+.index dl dl dt:before {
+	content:"- ";
+	color:#ccc;
+}
+
+/*changes*/
+.footnote {
+	font-size: .7em;
+	margin:0em;
+	color:#222;
+}
+
+table .footnote {
+}
+
+sup {
+	color:#999;
+	margin:0em;
+	padding:0em;
+	line-height: .4em;
+	font-size: 1em;
+	padding-left:0em;
+}
+
+.footnote {
+	position:relative;
+}
+
+.footnote sup  {
+	color:#e3dcc0;
+	position:absolute;
+	left: .4em;
+}
+
+.footnote sup a:link, 
+.footnote sup a:visited {
+	color:#92917d;
+	text-decoration:none;
+}
+
+.footnote:hover sup a {
+	text-decoration:none;
+}
+
+.footnote p,.footnote div.para {
+	padding-left:2em;
+}
+
+.footnote a:link, 
+.footnote a:visited {
+	color:#00537c;
+}
+
+.footnote a:hover {
+}
+
+/**/
+div.chapter {
+	margin-top:3em;
+}
+
+div.section {
+	margin-top:1em;
+}
+
+div.note .replaceable, 
+div.important .replaceable, 
+div.warning .replaceable, 
+div.note .keycap, 
+div.important .keycap, 
+div.warning .keycap
+{
+}
+
+ul li p:last-child, ul li div.para:last-child {
+	margin-bottom:0em;
+	padding-bottom:0em;
+}
+
+/*document navigation*/
+.docnav a, .docnav strong {
+	border:none;
+	text-decoration:none;
+	font-weight:normal;
+}
+
+.docnav {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	position:relative;
+	width:100%;
+	padding-bottom:2em;
+	padding-top:1em;
+	border-top:1px dotted #ccc;
+}
+
+.docnav li {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+	display:inline;
+	font-size:.8em;
+}
+
+.docnav li:before {
+	content:" ";
+}
+
+.docnav li.previous, .docnav li.next {
+	position:absolute;
+	top:1em;
+}
+
+.docnav li.up, .docnav li.home {
+	margin:0em 1.5em;
+}
+
+.docnav li.previous {
+	left:0px;
+	text-align:left;
+}
+
+.docnav li.next {
+	right:0px;
+	text-align:right;
+}
+
+.docnav li.previous strong, .docnav li.next strong {
+	height:22px;
+	display:block;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+.docnav li.next a strong {
+	background:  url(../images/stock-go-forward.png) top right no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-right:28px;
+	font-size:1.2em;
+}
+
+.docnav li.previous a strong {
+	background: url(../images/stock-go-back.png) top left no-repeat;
+	padding-top:3px;
+	padding-bottom:4px;
+	padding-left:28px;
+	padding-right:0.5em;
+	font-size:1.2em;
+}
+
+.docnav li.home a strong {
+	background: url(../images/stock-home.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav li.up a strong {
+	background: url(../images/stock-go-up.png) top left no-repeat;
+	padding:5px;
+	padding-left:28px;
+	font-size:1.2em;
+}
+
+.docnav a:link, .docnav a:visited {
+	color:#666;
+}
+
+.docnav a:hover, .docnav a:focus, .docnav a:active {
+	color:black;
+}
+
+.docnav a {
+	max-width: 10em;
+	overflow:hidden;
+}
+
+.docnav a:link strong {
+	text-decoration:none;
+}
+
+.docnav {
+	margin:0 auto;
+	text-align:center;
+}
+
+ul.docnav {
+	margin-bottom: 1em;
+}
+/* Reports */
+.reports ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.reports li{
+	margin:0em;
+	padding:0em;
+}
+
+.reports li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.reports dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.reports dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.reports h2, .reports h3{
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.reports div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/*uniform*/
+body.results, body.reports {
+	max-width:57em ;
+	padding:0em;
+}
+
+/*Progress Bar*/
+div.progress {
+	display:block;
+	float:left;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	height:1em;
+}
+
+div.progress span {
+	height:1em;
+	float:left;
+}
+
+div.progress span.translated {
+	background:#6c3 url(../images/shine.png) top left repeat-x;
+}
+
+div.progress span.fuzzy {
+	background:#ff9f00 url(../images/shine.png) top left repeat-x;
+}
+
+
+/*Results*/
+
+.results ul {
+	list-style:none;
+	margin:0em;
+	padding:0em;
+}
+
+.results li{
+	margin:0em;
+	padding:0em;
+}
+
+.results li.odd {
+	background-color: #eeeeee;
+	margin:0em;
+	padding:0em;
+}
+
+.results dl {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	float:right;
+	margin-right: 17em;
+	margin-top:-1.3em;
+}
+
+.results dt {
+	display:inline;
+	margin:0em;
+	padding:0em;
+}
+
+.results dd {
+	display:inline;
+	margin:0em;
+	padding:0em;
+	padding-right:.5em;
+}
+
+.results h2, .results h3 {
+	display:inline;
+	padding-right:.5em;
+	font-size:10pt;
+	font-weight:normal;
+}
+
+.results div.progress {
+	display:inline;
+	float:right;
+	width:16em;
+	background:#c00 url(../images/shine.png) top left repeat-x;
+	margin:0em;
+	margin-top:-1.3em;
+	padding:0em;
+	border:none;
+}
+
+/* Dirty EVIL Mozilla hack for round corners */
+pre {
+	-moz-border-radius:11px;
+	-webkit-border-radius:11px;
+	border-radius: 11px;
+}
+
+.example {
+	-moz-border-radius:0px;
+	-webkit-border-radius:0px;
+	border-radius: 0px;
+}
+
+.package, .citetitle {
+	font-style: italic;
+}
+
+.titlepage .edition {
+	color: #336699;
+	background-color: transparent;
+	margin-top: 1em;
+	margin-bottom: 1em;
+	font-size: 1.4em;
+	font-weight: bold;
+	text-align: center;
+}
+
+span.remark {
+	background-color: #ff00ff;
+}
+
+.draft {
+	background-image: url(../images/watermark-draft.png);
+	background-repeat: repeat-y;
+        background-position: center;
+}
+
+.foreignphrase {
+	font-style: inherit;
+}
+
+dt {
+	clear:both;
+}
+
+dt img {
+	border-style: none;
+	max-width: 112px;
+}
+
+dt object {
+	max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+	display: inline;
+	float: left;
+	margin-bottom: 1em;
+	padding-right: 1em;
+	width: 112px;
+}
+
+dl:after {
+	display: block;
+	clear: both;
+	content: "";
+}
+
+.toc dd {
+	padding-bottom: 0em;
+	margin-bottom: 1em;
+	padding-left: 1.3em;
+	margin-left: 0em;
+}
+
+div.toc > dl > dt {
+	padding-bottom: 0em;
+	margin-bottom: 0em;
+	margin-top: 1em;
+}
+
+
+.strikethrough {
+	text-decoration: line-through;
+}
+
+.underline {
+	text-decoration: underline;
+}
+
+.calloutlist img, .callout {
+	padding: 0em;
+	margin: 0em;
+	width: 12pt;
+	display: inline;
+	vertical-align: middle;
+}
+
+.stepalternatives {
+	list-style-image: none;
+	list-style-type: none;
+}
+
+
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/default.css
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/default.css
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/default.css
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/lang.css b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/lang.css
new file mode 100644
index 0000000..81c3115
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/lang.css
@@ -0,0 +1,2 @@
+/* place holder */
+
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/overrides.css b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/overrides.css
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/overrides.css
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/overrides.css
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/print.css
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/css/print.css
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/css/print.css
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/1.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/1.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/1.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/1.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/1.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/10.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/10.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/10.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/10.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/10.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/11.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/11.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/11.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/11.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/11.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/12.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/12.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/12.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/12.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/12.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/13.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/13.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/13.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/13.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/13.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/14.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/14.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/14.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/14.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/14.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/15.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/15.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/15.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/15.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/15.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/16.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/16.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/16.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/16.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/16.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/17.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/17.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/17.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/17.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/17.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/18.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/18.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/18.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/18.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/18.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/19.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/19.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/19.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/19.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/19.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/2.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/2.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/2.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/2.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/2.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/20.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/20.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/20.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/20.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/20.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/21.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/21.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/21.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/21.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/21.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/22.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/22.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/22.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/22.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/22.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/23.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/23.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/23.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/23.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/23.svg
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/24.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/24.png
new file mode 100644
index 0000000..863ce3b
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/24.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/24.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/24.svg
new file mode 100644
index 0000000..27e1d39
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/24.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/25.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/25.png
new file mode 100644
index 0000000..cc23b9b
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/25.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/25.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/25.svg
new file mode 100644
index 0000000..114e1a2
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/25.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/26.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/26.png
new file mode 100644
index 0000000..583fe34
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/26.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/26.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/26.svg
new file mode 100644
index 0000000..e9b5d23
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/26.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/27.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/27.png
new file mode 100644
index 0000000..d1c3dfa
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/27.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/27.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/27.svg
new file mode 100644
index 0000000..4a80177
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/27.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/28.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/28.png
new file mode 100644
index 0000000..f5db747
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/28.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/28.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/28.svg
new file mode 100644
index 0000000..d453f29
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/28.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/29.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/29.png
new file mode 100644
index 0000000..9a3141e
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/29.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/29.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/29.svg
new file mode 100644
index 0000000..04b5c50
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/29.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.257917,22.008438 -8.143066,0 0,-1.784668 2.8554687,-3.07959 c 0.3596963,-0.387364 0.6861933,-0.744297 0.9794923,-1.0708 0.293289,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373536,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437178,10e-6 -0.857751,0.10792 -1.2617183,0.323731 C 9.3422244,12.379541 8.918885,12.68667 8.4761791,13.085098 L 7.0816479,11.433243 C 7.3306704,11.206366 7.5907613,10.990545 7.8619213,10.785782 8.1330785,10.575507 8.4319063,10.390123 8.7584057,10.22963 9.0849004,10.06916 9.4446006,9.9418812 9.8375072,9.8477936 10.230407,9.7481965 10.670348,9.6983918 11.157331,9.6983795 c 0.58105,1.23e-5 1.101232,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860508,0.3901488 1.187012,0.6889648 0.32649,0.293305 0.575513,0.650239 0.74707,1.070801 0.177075,0.420583 0.265617,0.89
 3727 0.265625,1.419433 -8e-6,0.47592 -0.08302,0.932463 -0.249023,1.369629 -0.166024,0.431648 -0.392912,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622566,0.830083 -1.004395,1.245117 -0.376308,0.40951 -0.780279,0.827315 -1.211914,1.253418 l -1.460937,1.469238 0,0.116211 4.947265,0 0,2.158203"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/3.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/3.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/3.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/3.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/3.svg
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/30.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/30.png
new file mode 100644
index 0000000..9d3db24
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/30.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/30.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/30.svg
new file mode 100644
index 0000000..5cdcf65
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/30.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/31.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/31.png
new file mode 100644
index 0000000..9e2675d
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/31.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/31.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/31.svg
new file mode 100644
index 0000000..f0fdb29
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/31.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 22.579206,22.008438 -2.564941,0 0,-7.022461 c -4e-6,-0.143873 -4e-6,-0.315422 0,-0.514648 0.0055,-0.204745 0.01106,-0.415031 0.0166,-0.63086 0.01106,-0.221345 0.01936,-0.442699 0.0249,-0.664062 0.01106,-0.221345 0.01936,-0.423331 0.0249,-0.605957 -0.02767,0.03321 -0.07471,0.08302 -0.141113,0.149414 -0.06641,0.06642 -0.141117,0.141122 -0.224121,0.224121 -0.08301,0.07748 -0.168786,0.157724 -0.257324,0.240723 -0.08855,0.08302 -0.17432,0.157723 -0.257325,0.224121 l -1.394531,1.120605 -1.245117,-1.543945 3.909668,-3.1127931 2.108398,0 0,12.1357421"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/32.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/32.png
new file mode 100644
index 0000000..20f1bb2
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/32.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/32.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/32.svg
new file mode 100644
index 0000000..9382928
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/32.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.621199,22.008438 -8.143067,0 0,-1.784668 2.855469,-3.07959 c 0.359697,-0.387364 0.686194,-0.744297 0.979492,-1.0708 0.29329,-0.326492 0.54508,-0.644688 0.755371,-0.95459 0.210281,-0.309889 0.37353,-0.625318 0.489746,-0.946289 0.116205,-0.320956 0.174311,-0.666821 0.174317,-1.037598 -6e-6,-0.409496 -0.124518,-0.727692 -0.373535,-0.95459 -0.243495,-0.226878 -0.572759,-0.340322 -0.987793,-0.340332 -0.437179,10e-6 -0.857751,0.10792 -1.261719,0.323731 -0.403974,0.215829 -0.827314,0.522958 -1.27002,0.921386 l -1.394531,-1.651855 c 0.249023,-0.226877 0.509114,-0.442698 0.780274,-0.647461 0.271157,-0.210275 0.569985,-0.395659 0.896484,-0.556152 0.326495,-0.16047 0.686195,-0.2877488 1.079101,-0.3818364 0.3929,-0.099597 0.832841,-0.1494018 1.319825,-0.1494141 0.581049,1.23e-5 1.101231,0.080253 1.560547,0.2407227 0.464837,0.1604938 0.860507,0.3901488 1.187011,0.6889648 0.32649,0.293305 0.575513,0.650239 0.747071,1.070801 0.177075,0.420583 0.265616,0.893727 0.265625,1.419
 433 -9e-6,0.47592 -0.08302,0.932463 -0.249024,1.369629 -0.166024,0.431648 -0.392911,0.857754 -0.680664,1.278321 -0.287768,0.415044 -0.622565,0.830083 -1.004394,1.245117 -0.376309,0.40951 -0.78028,0.827315 -1.211914,1.253418 l -1.460938,1.469238 0,0.116211 4.947266,0 0,2.158203"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/33.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/33.png
new file mode 100644
index 0000000..01407e6
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/33.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/33.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/33.svg
new file mode 100644
index 0000000..f46815f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/33.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.148054,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.207519,1.137207 -0.132821,0.33204 -0.318205,0.625334 -0.556153,0.879883 -0.232429,0.249031 -0.509121,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979486,0.121751 1.721021,0.420579 2.22461,0.896485 0.503572,0.470382 0.755362,1.106775 0.755371,1.909179 -9e-6,0.531253 -0.09685,1.023766 -0.290528,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879882,1.170411 -0.392911,0.332031 -0.890958,0.592122 -1.494141,0.780273 -0.597662,0.182617 -1.303227,0.273926 -2.116699,0.273926 -0.652998,0 -1.267256,-0.05534 -1.842774,-0.166016 -0.575522,-0.105143 -1.112305,-0.268392 -1.610351,-0.489746 l 0,-2.183105 c 0.249022,0.132815 0.51188,0.249025 0.788574,0.348632 0.276691,0.09961 0.553384,0.185387 0.830078,0.257325 0.27669,0.06641 0.547849,0.116212 0.813477,0.149414 0.271155,0.0332 0.525712,0.04981 0.763671,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132812 0.315425,
 -0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188146,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124512,-0.73877 -7e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.20474 -0.265631,-0.376289 -0.498047,-0.51464 -0.226893,-0.143876 -0.525721,-0.254553 -0.896485,-0.332032 -0.370772,-0.07747 -0.827315,-0.116205 -1.369628,-0.116211 l -0.863282,0 0,-1.801269 0.84668,0 c 0.509111,7e-6 0.93245,-0.04426 1.270019,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124512,-0.672363 -6e-6,-0.431632 -0.135585,-0.769197 -0.406739,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,1e-5 -0.514652,0.02768 -0.747071,0.08301 -0.226891,0.04981 -0.439944,0.116221 -0.63916,0.199218 -0.193687,0.07748 -0.373537,0.166026 -0.53955,0.265625 -0.160484,0.09409 -0.307131,0.188161 -0.439942,0.282227 l -1.294922,-1.7
 09961 c 0.232421,-0.171538 0.484212,-0.329253 0.755371,-0.473145 0.276692,-0.143868 0.575519,-0.26838 0.896485,-0.373535 0.320961,-0.1106647 0.666826,-0.1964393 1.037597,-0.2573239 0.370765,-0.06086 0.766435,-0.091296 1.187012,-0.091309 0.597651,1.23e-5 1.139969,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/34.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/34.png
new file mode 100644
index 0000000..ba44352
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/34.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/34.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/34.svg
new file mode 100644
index 0000000..7bbdf5b
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/34.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.803816,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.013672,0 0,-1.784668 5.154785,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262862,0.520191 -0.42334,0.780274 l -2.02539,3.071289 2.755859,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/35.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/35.png
new file mode 100644
index 0000000..21d4575
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/35.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/35.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/35.svg
new file mode 100644
index 0000000..8e19553
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/35.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.761335,14.255508 c 0.520177,8e-6 1.004389,0.08025 1.452637,0.240723 0.448235,0.160489 0.838372,0.395678 1.17041,0.705566 0.332024,0.309903 0.592114,0.697272 0.780274,1.16211 0.188142,0.459315 0.282218,0.987797 0.282226,1.585449 -8e-6,0.658532 -0.102385,1.250654 -0.307129,1.776367 -0.20476,0.520184 -0.506355,0.962892 -0.904785,1.328125 -0.398444,0.359701 -0.893724,0.636394 -1.48584,0.830078 -0.586594,0.193685 -1.261723,0.290528 -2.02539,0.290528 -0.304366,0 -0.605961,-0.01384 -0.904785,-0.0415 -0.298831,-0.02767 -0.586591,-0.06917 -0.863282,-0.124512 -0.27116,-0.04981 -0.531251,-0.116211 -0.780273,-0.199219 -0.243491,-0.08301 -0.464845,-0.17985 -0.664063,-0.290527 l 0,-2.216309 c 0.193684,0.11068 0.417805,0.215823 0.672364,0.31543 0.254555,0.09408 0.517413,0.177086 0.788574,0.249024 0.27669,0.06641 0.553383,0.121746 0.830078,0.166015 0.276689,0.03874 0.539547,0.05811 0.788574,0.05811 0.741532,2e-6 1.305985,-0.152179 1.69336,-0.456543 0.387364,-0.309893 0.581048
 ,-0.799639 0.581054,-1.469239 -6e-6,-0.597651 -0.190924,-1.051427 -0.572754,-1.361328 -0.376307,-0.315424 -0.960128,-0.473139 -1.751464,-0.473144 -0.143884,5e-6 -0.298832,0.0083 -0.464844,0.0249 -0.160485,0.01661 -0.320967,0.03874 -0.481446,0.06641 -0.15495,0.02768 -0.304364,0.05811 -0.448242,0.09131 -0.143882,0.02767 -0.268394,0.05811 -0.373535,0.09131 l -1.020996,-0.547852 0.456543,-6.1840821 6.408203,0 0,2.1748051 -4.183594,0 -0.199218,2.382324 c 0.177079,-0.03873 0.381832,-0.07747 0.614257,-0.116211 0.237952,-0.03873 0.542314,-0.0581 0.913086,-0.05811"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/36.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/36.png
new file mode 100644
index 0000000..b5402b5
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/36.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/36.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/36.svg
new file mode 100644
index 0000000..d364dbf
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/36.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 16.428328,16.853653 c -1e-6,-0.581049 0.03044,-1.159336 0.09131,-1.734863 0.06641,-0.575514 0.17985,-1.126132 0.340332,-1.651856 0.166015,-0.531241 0.387369,-1.023753 0.664063,-1.477539 0.282224,-0.453765 0.636391,-0.846669 1.0625,-1.178711 0.431637,-0.337553 0.946285,-0.600411 1.543945,-0.788574 0.603185,-0.1936727 1.305984,-0.2905151 2.108398,-0.2905274 0.116205,1.23e-5 0.243483,0.00278 0.381836,0.0083 0.13834,0.00555 0.276686,0.013847 0.415039,0.024902 0.143873,0.00555 0.282219,0.016614 0.415039,0.033203 0.132805,0.016614 0.251783,0.035982 0.356934,0.058105 l 0,2.0502924 c -0.210294,-0.04979 -0.434415,-0.08853 -0.672363,-0.116211 -0.232429,-0.03319 -0.467618,-0.04979 -0.705567,-0.0498 -0.747076,1e-5 -1.361333,0.09408 -1.842773,0.282226 -0.48145,0.182627 -0.863285,0.439951 -1.145508,0.771973 -0.28223,0.33204 -0.484215,0.730477 -0.605957,1.195312 -0.116214,0.464852 -0.188154,0.9795 -0.21582,1.543946 l 0.09961,0 c 0.110674,-0.199212 0.243487,-0.384596 0.398438,-0
 .556153 0.160478,-0.177076 0.345862,-0.32649 0.556152,-0.448242 0.210282,-0.127271 0.445471,-0.22688 0.705566,-0.298828 0.265621,-0.07193 0.561681,-0.107902 0.888184,-0.10791 0.52571,8e-6 0.998854,0.08578 1.419434,0.257324 0.420565,0.171557 0.774732,0.42058 1.0625,0.74707 0.293286,0.326504 0.517407,0.727708 0.672363,1.203614 0.154939,0.475916 0.232413,1.021 0.232422,1.635254 -9e-6,0.658532 -0.09408,1.247887 -0.282227,1.768066 -0.182625,0.520184 -0.445483,0.962892 -0.788574,1.328125 -0.343106,0.359701 -0.758145,0.636394 -1.245117,0.830078 -0.486985,0.188151 -1.034836,0.282227 -1.643555,0.282227 -0.59766,0 -1.156579,-0.105144 -1.676758,-0.31543 -0.520185,-0.21582 -0.97396,-0.542317 -1.361328,-0.979492 -0.381837,-0.437173 -0.683432,-0.987791 -0.904785,-1.651856 -0.215821,-0.669593 -0.323731,-1.460933 -0.32373,-2.374023 m 4.216796,3.270508 c 0.226883,2e-6 0.431636,-0.0415 0.614258,-0.124512 0.188146,-0.08854 0.348627,-0.218585 0.481446,-0.390137 0.13834,-0.17708 0.243483,-0.3984
 34 0.315429,-0.664062 0.07747,-0.265622 0.116205,-0.581051 0.116211,-0.946289 -6e-6,-0.592118 -0.124518,-1.056961 -0.373535,-1.394531 -0.243495,-0.343094 -0.61703,-0.514643 -1.120605,-0.514649 -0.254562,6e-6 -0.486984,0.04981 -0.697266,0.149414 -0.21029,0.09962 -0.390141,0.229661 -0.539551,0.390137 -0.149417,0.160487 -0.265628,0.340337 -0.348633,0.539551 -0.07748,0.199223 -0.116214,0.401209 -0.116211,0.605957 -3e-6,0.28223 0.0332,0.564456 0.09961,0.846679 0.07194,0.276696 0.17708,0.528486 0.315429,0.755371 0.143877,0.221357 0.318193,0.401207 0.52295,0.539551 0.210282,0.138349 0.453771,0.207522 0.730468,0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/37.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/37.png
new file mode 100644
index 0000000..9fd99d2
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/37.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/37.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/37.svg
new file mode 100644
index 0000000..771fa4d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/37.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 17.51573,22.008438 4.316406,-9.960937 -5.578125,0 0,-2.1582035 8.367188,0 0,1.6103515 -4.424317,10.508789 -2.681152,0"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/38.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/38.png
new file mode 100644
index 0000000..3ce6027
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/38.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/38.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/38.svg
new file mode 100644
index 0000000..487e0ef
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/38.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 20.48741,9.7149811 c 0.503575,1.23e-5 0.979486,0.060885 1.427734,0.1826172 0.448236,0.1217567 0.841139,0.3043737 1.178711,0.5478517 0.337557,0.243501 0.605949,0.547862 0.805176,0.913086 0.19921,0.365244 0.298819,0.794118 0.298828,1.286621 -9e-6,0.365243 -0.05535,0.697274 -0.166016,0.996094 -0.110685,0.293302 -0.262866,0.561694 -0.456543,0.805175 -0.193692,0.237963 -0.423347,0.451017 -0.688965,0.639161 -0.265631,0.188157 -0.553392,0.359707 -0.863281,0.514648 0.320957,0.171556 0.63362,0.362473 0.937988,0.572754 0.309889,0.210292 0.583814,0.448247 0.821778,0.713867 0.237947,0.260096 0.428865,0.55339 0.572754,0.879883 0.143871,0.326501 0.215811,0.691735 0.21582,1.095703 -9e-6,0.503583 -0.09962,0.960126 -0.298828,1.369629 -0.199227,0.409506 -0.478687,0.758139 -0.838379,1.045898 -0.359708,0.287761 -0.791348,0.509115 -1.294922,0.664063 -0.498053,0.154948 -1.048671,0.232422 -1.651855,0.232422 -0.652999,0 -1.234053,-0.07471 -1.743164,-0.224121 -0.509117,-0.149414 -0.93799
 1,-0.362467 -1.286622,-0.639161 -0.348634,-0.276691 -0.614258,-0.617023 -0.796875,-1.020996 -0.177084,-0.403969 -0.265625,-0.857744 -0.265625,-1.361328 0,-0.415035 0.06087,-0.78857 0.182618,-1.120605 0.121744,-0.332027 0.287759,-0.630855 0.498046,-0.896485 0.210285,-0.265619 0.456542,-0.500808 0.73877,-0.705566 0.282224,-0.204747 0.583819,-0.384597 0.904785,-0.539551 -0.271161,-0.171543 -0.525718,-0.356927 -0.763672,-0.556152 -0.237957,-0.204746 -0.445477,-0.428866 -0.622558,-0.672363 -0.171551,-0.249016 -0.309897,-0.522942 -0.415039,-0.821778 -0.09961,-0.298819 -0.149415,-0.628083 -0.149414,-0.987793 -1e-6,-0.481435 0.09961,-0.902008 0.298828,-1.261718 0.204751,-0.365224 0.478676,-0.669585 0.821777,-0.913086 0.343097,-0.249012 0.738767,-0.434396 1.187012,-0.5561527 0.448238,-0.1217326 0.918615,-0.1826049 1.411133,-0.1826172 m -1.718262,9.0644529 c -3e-6,0.221357 0.03597,0.42611 0.10791,0.614258 0.07194,0.18262 0.17708,0.340334 0.31543,0.473145 0.143876,0.132814 0.32096,0.23
 7957 0.53125,0.315429 0.210282,0.07194 0.453771,0.107912 0.730468,0.10791 0.58105,2e-6 1.015457,-0.135577 1.303223,-0.406738 0.287754,-0.27669 0.431634,-0.639157 0.431641,-1.087402 -7e-6,-0.232419 -0.04981,-0.439938 -0.149414,-0.622559 -0.09408,-0.188147 -0.218594,-0.359696 -0.373535,-0.514648 -0.14942,-0.160478 -0.32097,-0.307125 -0.514649,-0.439942 -0.19369,-0.132807 -0.387375,-0.260086 -0.581055,-0.381836 L 20.3878,16.72084 c -0.243494,0.12175 -0.464848,0.254563 -0.664062,0.398438 -0.199223,0.138351 -0.370772,0.293299 -0.514649,0.464844 -0.138349,0.16602 -0.246259,0.348637 -0.32373,0.547851 -0.07748,0.199223 -0.116214,0.415043 -0.116211,0.647461 m 1.70166,-7.188476 c -0.182622,10e-6 -0.354171,0.02768 -0.514648,0.08301 -0.154952,0.05535 -0.290532,0.13559 -0.406739,0.240723 -0.11068,0.105153 -0.199222,0.235199 -0.265625,0.390137 -0.06641,0.154957 -0.09961,0.329274 -0.09961,0.522949 -3e-6,0.232431 0.0332,0.434416 0.09961,0.605957 0.07194,0.166024 0.166012,0.315438 0.282227,0
 .448242 0.121741,0.127287 0.260087,0.243498 0.415039,0.348633 0.160477,0.09962 0.32926,0.199226 0.506348,0.298828 0.171544,-0.08853 0.334793,-0.185376 0.489746,-0.290527 0.154942,-0.105135 0.290522,-0.224113 0.406738,-0.356934 0.121739,-0.138338 0.218581,-0.293286 0.290527,-0.464843 0.07193,-0.171541 0.107904,-0.367993 0.10791,-0.589356 -6e-6,-0.193675 -0.03321,-0.367992 -0.09961,-0.522949 -0.06641,-0.154938 -0.15772,-0.284984 -0.273926,-0.390137 -0.116216,-0.105133 -0.254562,-0.185374 -0.415039,-0.240723 -0.160487,-0.05533 -0.334803,-0.083 -0.522949,-0.08301"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/39.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/39.png
new file mode 100644
index 0000000..d689450
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/39.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/39.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/39.svg
new file mode 100644
index 0000000..cea69f7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/39.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 14.784773,12.587051 c -8e-6,0.420582 -0.06918,0.799651 -0.20752,1.137207 -0.13282,0.33204 -0.318204,0.625334 -0.556152,0.879883 -0.232429,0.249031 -0.509122,0.459317 -0.830078,0.63086 -0.315436,0.166022 -0.658535,0.2933 -1.029297,0.381836 l 0,0.0498 c 0.979485,0.121751 1.721021,0.420579 2.224609,0.896485 0.503573,0.470382 0.755363,1.106775 0.755371,1.909179 -8e-6,0.531253 -0.09685,1.023766 -0.290527,1.477539 -0.188159,0.448244 -0.481453,0.83838 -0.879883,1.170411 -0.39291,0.332031 -0.890957,0.592122 -1.49414,0.780273 -0.597662,0.182617 -1.303228,0.273926 -2.1167,0.273926 -0.6529976,0 -1.2672548,-0.05534 -1.842773,-0.166016 C 7.9421607,21.903295 7.4053774,21.740046 6.9073315,21.518692 l 0,-2.183105 c 0.2490227,0.132815 0.5118805,0.249025 0.7885742,0.348632 0.2766912,0.09961 0.5533836,0.185387 0.8300781,0.257325 0.2766904,0.06641 0.5478489,0.116212 0.8134766,0.149414 0.2711557,0.0332 0.5257127,0.04981 0.7636716,0.0498 0.475908,2e-6 0.871578,-0.04427 1.187012,-0.132
 812 0.315424,-0.08854 0.567215,-0.213051 0.755371,-0.373535 0.188145,-0.16048 0.320958,-0.351397 0.398438,-0.572754 0.083,-0.226885 0.124505,-0.473141 0.124511,-0.73877 -6e-6,-0.249019 -0.05258,-0.47314 -0.157715,-0.672363 -0.09962,-0.204748 -0.26563,-0.376297 -0.498046,-0.514648 C 11.685809,16.992 11.386981,16.881323 11.016218,16.803844 10.645446,16.726374 10.188903,16.687639 9.6465893,16.687633 l -0.8632813,0 0,-1.801269 0.8466797,0 c 0.5091113,7e-6 0.9324503,-0.04426 1.2700193,-0.132813 0.337561,-0.09407 0.605952,-0.218579 0.805176,-0.373535 0.204747,-0.160474 0.348627,-0.345858 0.431641,-0.556152 0.083,-0.210278 0.124506,-0.434399 0.124511,-0.672363 -5e-6,-0.431632 -0.135585,-0.769197 -0.406738,-1.012696 -0.26563,-0.243479 -0.688969,-0.365224 -1.270019,-0.365234 -0.265629,10e-6 -0.514653,0.02768 -0.7470708,0.08301 -0.2268911,0.04981 -0.4399443,0.116221 -0.6391601,0.199218 -0.1936875,0.07748 -0.3735376,0.166026 -0.5395508,0.265625 -0.1604838,0.09409 -0.3071308,0.188161 -0
 .4399414,0.282227 L 6.923933,10.893692 c 0.2324212,-0.171538 0.4842113,-0.329253 0.7553711,-0.473145 0.2766912,-0.143868 0.575519,-0.26838 0.8964844,-0.373535 0.3209611,-0.1106647 0.6668266,-0.1964393 1.0375977,-0.2573239 0.3707646,-0.06086 0.7664348,-0.091296 1.1870118,-0.091309 0.597651,1.23e-5 1.139968,0.066419 1.626953,0.1992188 0.492507,0.1272911 0.913079,0.3154421 1.261719,0.5644531 0.348625,0.243501 0.617017,0.545096 0.805176,0.904786 0.193676,0.354177 0.290519,0.760914 0.290527,1.220214"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.554792,15.052383 c -8e-6,0.581061 -0.03321,1.162116 -0.09961,1.743164 -0.06088,0.575526 -0.174325,1.126144 -0.340332,1.651856 -0.16049,0.525719 -0.381844,1.018232 -0.664063,1.477539 -0.2767,0.453778 -0.630866,0.846681 -1.0625,1.178711 -0.426112,0.332032 -0.94076,0.59489 -1.543945,0.788574 -0.597661,0.188151 -1.300459,0.282227 -2.108398,0.282227 -0.116214,0 -0.243493,-0.0028 -0.381836,-0.0083 -0.138349,-0.0055 -0.279462,-0.01384 -0.42334,-0.0249 -0.138348,-0.0055 -0.273928,-0.0166 -0.406738,-0.0332 -0.132814,-0.01107 -0.249025,-0.02767 -0.348633,-0.0498 l 0,-2.058594 c 0.204751,0.05534 0.423338,0.09961 0.655762,0.132813 0.237953,0.02767 0.478675,0.04151 0.722168,0.0415 0.747066,2e-6 1.361324,-0.09131 1.842773,-0.273925 0.48144,-0.188149 0.863276,-0.44824 1.145508,-0.780274 0.28222,-0.337562 0.481439,-0.738766 0.597656,-1.203613 0.121738,-0.464839 0.196445,-0.97672 0.224121,-1.535645 l -0.10791,0 c -0.110683,0.199225 -0.243496,0.384609 -0.398438,0.556153 -0.1549
 53,0.171554 -0.33757,0.320968 -0.547851,0.448242 -0.210292,0.127283 -0.448247,0.226892 -0.713867,0.298828 -0.26563,0.07194 -0.561691,0.107914 -0.888184,0.10791 -0.525719,4e-6 -0.998863,-0.08577 -1.419433,-0.257324 -0.420575,-0.171545 -0.777509,-0.420568 -1.070801,-0.74707 -0.287762,-0.326492 -0.509116,-0.727696 -0.664063,-1.203614 -0.154948,-0.475904 -0.232422,-1.020988 -0.232422,-1.635253 0,-0.65852 0.09131,-1.247875 0.273926,-1.768067 0.18815,-0.520172 0.453775,-0.960113 0.796875,-1.319824 0.343097,-0.365223 0.758136,-0.644682 1.245117,-0.838379 0.49251,-0.1936727 1.043128,-0.2905151 1.651856,-0.2905274 0.597651,1.23e-5 1.15657,0.1079224 1.676758,0.3237304 0.520175,0.210298 0.971184,0.534028 1.353027,0.971192 0.381828,0.437185 0.683423,0.990569 0.904785,1.660156 0.221346,0.669605 0.332023,1.458178 0.332031,2.365722 m -4.216796,-3.262207 c -0.226893,1.1e-5 -0.434412,0.04151 -0.622559,0.124512 -0.188155,0.08302 -0.351403,0.213063 -0.489746,0.390137 -0.132816,0.171559 -0.2379
 59,0.392913 -0.31543,0.664062 -0.07194,0.265634 -0.107913,0.581063 -0.10791,0.946289 -3e-6,0.586596 0.124509,1.05144 0.373535,1.394532 0.24902,0.343105 0.625322,0.514654 1.128906,0.514648 0.254553,6e-6 0.486975,-0.0498 0.697266,-0.149414 0.210281,-0.0996 0.390131,-0.229648 0.539551,-0.390137 0.149408,-0.160475 0.262852,-0.340325 0.340332,-0.53955 0.083,-0.199212 0.124505,-0.401197 0.124512,-0.605958 -7e-6,-0.282218 -0.03598,-0.561677 -0.107911,-0.838378 -0.06641,-0.282218 -0.171555,-0.534008 -0.315429,-0.755372 -0.138352,-0.226878 -0.312669,-0.409495 -0.52295,-0.547851 -0.204757,-0.138336 -0.44548,-0.207509 -0.722167,-0.20752"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/4.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/4.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/4.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/4.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/4.svg
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/40.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/40.png
new file mode 100644
index 0000000..0d3532e
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/40.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/40.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/40.svg
new file mode 100644
index 0000000..bb4e1d7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/40.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.0"
+   width="32"
+   height="32"
+   id="svg2">
+  <defs
+     id="defs15" />
+  <circle
+     cx="16"
+     cy="16"
+     r="14"
+     id="circle"
+     style="fill:#336699" />
+  <g
+     id="text2820"
+     style="font-size:10px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Droid Sans;-inkscape-font-specification:Droid Sans">
+    <path
+       d="m 15.440535,19.493301 -1.460938,0 0,2.515137 -2.498535,0 0,-2.515137 -5.0136719,0 0,-1.784668 5.1547849,-7.8359371 2.357422,0 0,7.6284181 1.460938,0 0,1.992187 m -3.959473,-1.992187 0,-2.058594 c -5e-6,-0.07193 -5e-6,-0.17431 0,-0.307129 0.0055,-0.138339 0.01106,-0.293287 0.0166,-0.464844 0.0055,-0.171541 0.01106,-0.348625 0.0166,-0.53125 0.01106,-0.182609 0.01936,-0.356925 0.0249,-0.522949 0.01106,-0.166007 0.01936,-0.309887 0.0249,-0.43164 0.01106,-0.12727 0.01936,-0.218579 0.0249,-0.273926 l -0.07471,0 c -0.09961,0.232431 -0.213058,0.478687 -0.340332,0.738769 -0.121749,0.2601 -0.262863,0.520191 -0.42334,0.780274 l -2.0253904,3.071289 2.7558594,0"
+       id="path2818"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+    <path
+       d="m 24.6378,15.940567 c -9e-6,0.979497 -0.07748,1.853845 -0.232422,2.623047 -0.149422,0.769208 -0.392912,1.422202 -0.730468,1.958984 -0.332039,0.536785 -0.763679,0.94629 -1.294922,1.228516 -0.525722,0.282226 -1.162115,0.42334 -1.90918,0.42334 -0.702803,0 -1.314294,-0.141114 -1.834473,-0.42334 -0.520184,-0.282226 -0.951824,-0.691731 -1.294922,-1.228516 -0.3431,-0.536782 -0.600424,-1.189776 -0.771972,-1.958984 -0.166016,-0.769202 -0.249024,-1.64355 -0.249024,-2.623047 0,-0.979485 0.07471,-1.8566 0.224121,-2.631348 0.154948,-0.77473 0.398437,-1.430491 0.730469,-1.967285 0.33203,-0.536772 0.760903,-0.946277 1.286621,-1.228515 0.525713,-0.2877487 1.162106,-0.4316287 1.90918,-0.431641 0.69726,1.23e-5 1.305984,0.1411254 1.826172,0.42334 0.520175,0.282238 0.954582,0.691743 1.303223,1.228515 0.348624,0.536794 0.608715,1.192555 0.780273,1.967286 0.171541,0.774747 0.257315,1.654629 0.257324,2.639648 m -5.760742,0 c -3e-6,1.383468 0.118975,2.423832 0.356934,3.121094 0.237952,0.6
 97268 0.650223,1.0459 1.236816,1.045898 0.575516,2e-6 0.987787,-0.345863 1.236816,-1.037597 0.254552,-0.691729 0.38183,-1.734859 0.381836,-3.129395 -6e-6,-1.38899 -0.127284,-2.43212 -0.381836,-3.129395 -0.249029,-0.702789 -0.6613,-1.054188 -1.236816,-1.054199 -0.293299,1.1e-5 -0.542322,0.08855 -0.74707,0.265625 -0.199223,0.177093 -0.362471,0.439951 -0.489746,0.788574 -0.127282,0.348642 -0.218591,0.785816 -0.273926,1.311524 -0.05534,0.52019 -0.08301,1.126146 -0.08301,1.817871"
+       id="path2820"
+       style="font-size:17px;font-weight:bold;fill:#ffffff;-inkscape-font-specification:Bitstream Vera Sans Bold" />
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/5.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/5.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/5.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/5.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/5.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/6.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/6.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/6.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/6.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/6.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/7.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/7.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/7.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/7.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/7.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/8.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/8.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/8.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/8.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/8.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/9.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/9.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/9.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/9.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/9.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/bkgrnd_greydots.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bkgrnd_greydots.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/bkgrnd_greydots.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/bullet_arrowblue.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/bullet_arrowblue.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/bullet_arrowblue.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/documentation.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/documentation.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/documentation.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/documentation.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/dot.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/dot.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/dot2.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/dot2.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/dot2.png
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/green.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/green.png
new file mode 100644
index 0000000..ebb3c24
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/green.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/h1-bg.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/h1-bg.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/h1-bg.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/h1-bg.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_left.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/image_left.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_left.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/image_left.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_right.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/image_right.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/image_right.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/image_right.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/important.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/important.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/important.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/important.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/important.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/logo.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/logo.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/logo.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/logo.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/note.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/note.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/note.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/note.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/note.svg
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/red.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/red.png
new file mode 100644
index 0000000..d32d5e2
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/red.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/redhat-logo.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/redhat-logo.svg
new file mode 100644
index 0000000..1001776
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/redhat-logo.svg
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://web.resource.org/cc/"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="140"
+   id="svg2812"
+   sodipodi:version="0.32"
+   inkscape:version="0.45+devel"
+   version="1.0"
+   sodipodi:docname="redhat-logo.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape">
+  <defs
+     id="defs3" />
+  <sodipodi:namedview
+     inkscape:document-units="mm"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="174.26394"
+     inkscape:cy="40.358463"
+     inkscape:current-layer="layer1"
+     inkscape:window-width="722"
+     inkscape:window-height="523"
+     inkscape:window-x="71"
+     inkscape:window-y="636"
+     width="300px"
+     height="140px" />
+  <metadata
+     id="metadata4">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-13.714282,-252.57246)">
+    <g
+       transform="matrix(2.1166666,0,0,2.1166666,-32.193429,187.76029)"
+       id="shadowman">
+      <path
+         d="M 55.68466,68.503937 C 55.68466,79.688581 46.617715,88.755526 35.433071,88.755526 C 24.248427,88.755526 15.181482,79.688581 15.181482,68.503937 C 15.181482,57.319293 24.248427,48.252348 35.433071,48.252348 C 46.617715,48.252348 55.68466,57.319293 55.68466,68.503937 z"
+         transform="matrix(1.10693,0,0,1.10693,5.005761,-12.00975)"
+         style="fill:#ffffff"
+         id="path4548" />
+      <path
+         d="M 147.81332,72.126073 C 147.81332,73.329962 147.86057,74.57586 148.03519,75.740362 L 146.64882,75.740362 L 146.42826,73.559712 L 146.35605,73.559712 C 145.61822,74.733404 143.92333,76.086957 141.50635,76.086957 C 138.4461,76.086957 137.02164,73.933874 137.02164,71.904202 C 137.02164,68.394942 140.11998,66.27862 146.30878,66.34295 L 146.30878,65.937278 C 146.30878,64.432747 146.01471,61.431561 142.41879,61.45388 C 141.08756,61.45388 139.70118,61.810976 138.5997,62.588186 L 138.1205,61.494579 C 139.51083,60.551948 141.20703,60.180411 142.58291,60.180411 C 146.97178,60.180411 147.81201,63.475677 147.81201,66.194597 L 147.81201,72.126073 L 147.81332,72.126073 z M 146.30878,67.609855 C 142.99645,67.514016 138.62333,68.015527 138.62333,71.667888 C 138.62333,73.853791 140.06616,74.835806 141.65077,74.835806 C 144.1859,74.835806 145.62742,73.266945 146.15124,71.786044 C 146.26152,71.460456 146.3101,71.134869 146.3101,70.874924 L 146.3101,67.609855 L 146.30878,67.609855 z
  M 153.80387,57.175286 L 153.80387,60.527004 L 158.13891,60.527004 L 158.13891,61.747959 L 153.80387,61.747959 L 153.80387,71.635066 C 153.80387,73.568902 154.40385,74.780665 156.03835,74.780665 C 156.82343,74.780665 157.37877,74.676951 157.76606,74.541727 L 157.94856,75.707542 C 157.45754,75.912347 156.76567,76.072514 155.84798,76.072514 C 154.73862,76.072514 153.81831,75.723296 153.22358,74.994662 C 152.53566,74.195133 152.29934,72.917726 152.29934,71.365932 L 152.29934,61.746646 L 149.7314,61.746646 L 149.7314,60.525692 L 152.29934,60.525692 L 152.29934,57.729312 L 153.80387,57.175286 z M 129.02767,60.179099 C 127.87105,60.179099 126.8339,60.512563 125.96348,61.052146 C 125.05891,61.581226 124.3224,62.399135 123.88522,63.247239 L 123.8222,63.247239 L 123.8222,55.719331 L 122.31767,55.309721 L 122.31767,75.740362 L 123.8222,75.740362 L 123.8222,66.437475 C 123.8222,65.819121 123.86947,65.39113 124.02832,64.938196 C 124.67818,63.046372 126.45974,61.493265 128.61545,61.49326
 5 C 131.72953,61.493265 132.80739,63.990315 132.80739,66.730242 L 132.80739,75.73905 L 134.31191,75.73905 L 134.31191,66.564822 C 134.31191,60.899855 130.4692,60.179099 129.02767,60.179099 z"
+         id="path620" />
+      <path
+         d="M 78.208384,65.270348 C 78.208384,63.205228 78.16506,61.686255 78.08235,60.311696 L 81.460325,60.311696 L 81.604739,63.240675 L 81.713705,63.240675 C 82.473849,61.069213 84.273772,59.961164 85.938472,59.961164 C 86.319199,59.961164 86.541071,59.976918 86.853532,60.045187 L 86.853532,63.719867 C 86.488557,63.648972 86.147215,63.609587 85.677213,63.609587 C 83.819525,63.609587 82.528988,64.792469 82.181081,66.560884 C 82.115438,66.904852 82.079992,67.318401 82.079992,67.738514 L 82.079992,75.73905 L 78.176875,75.73905 L 78.208384,65.270348 z M 91.56274,69.076313 C 91.666455,71.871381 93.83004,73.093647 96.328402,73.093647 C 98.123074,73.093647 99.405732,72.814009 100.58599,72.379455 L 101.16365,75.064243 C 99.842914,75.623519 98.010169,76.042319 95.771752,76.042319 C 90.763211,76.042319 87.82767,72.949234 87.82767,68.220332 C 87.82767,63.961432 90.411366,59.933594 95.372644,59.933594 C 100.38906,59.933594 102.02225,64.059896 102.02225,67.436558 C 102.02225,68.16256
 6 101.95792,68.744161 101.88309,69.103883 L 91.56274,69.076313 z M 98.348885,66.358704 C 98.365952,64.929006 97.743659,62.59869 95.129766,62.59869 C 92.728556,62.59869 91.730785,64.778027 91.554863,66.358704 L 98.348885,66.358704 z M 118.82942,54.363153 L 114.93024,53.307617 L 114.93024,61.97377 L 114.8659,61.97377 C 114.17665,60.834212 112.65375,59.962477 110.54268,59.962477 C 106.83386,59.962477 103.60162,63.033244 103.62656,68.201952 C 103.62656,72.945296 106.54372,76.086957 110.22759,76.086957 C 112.45288,76.086957 114.31582,75.024857 115.23745,73.297141 L 115.30703,73.297141 L 115.48164,75.73905 L 118.95675,75.73905 C 118.88586,74.690078 118.82809,72.991246 118.82809,71.411881 L 118.82809,54.363153 L 118.82942,54.363153 z M 114.92893,69.050056 C 114.92893,69.459667 114.90136,69.840395 114.81077,70.189614 C 114.41823,71.877945 113.0371,72.966301 111.44198,72.966301 C 108.98563,72.966301 107.57957,70.894617 107.57957,68.060164 C 107.57957,65.198141 108.97382,62.983355 111
 .48662,62.983355 C 113.2406,62.983355 114.49568,64.220064 114.84228,65.72197 C 114.90922,66.038368 114.92893,66.428286 114.92893,66.738119 L 114.92893,69.050056 L 114.92893,69.050056 z"
+         id="path616" />
+      <path
+         d="M 161.80517,73.528501 C 160.90479,73.528501 160.18937,74.243893 160.18939,75.144292 C 160.18939,76.044668 160.90478,76.760094 161.80517,76.760081 C 162.70554,76.760081 163.42095,76.041202 163.42097,75.144292 C 163.42097,74.24046 162.70554,73.528501 161.80517,73.528501 z M 161.80517,73.803529 C 162.54687,73.803529 163.14594,74.402585 163.14593,75.144292 C 163.14593,75.882533 162.54342,76.485053 161.80517,76.485053 C 161.06348,76.485053 160.46441,75.882523 160.46441,75.144292 C 160.46441,74.402596 161.06346,73.80354 161.80517,73.803529 z M 161.25512,74.319207 L 161.25512,75.969376 L 161.49577,75.969376 L 161.49577,75.247426 L 161.80517,75.247426 L 162.2521,75.969376 L 162.52712,75.969376 L 162.04582,75.247426 C 162.29078,75.216382 162.49274,75.06625 162.49274,74.766128 C 162.49273,74.438393 162.30159,74.319207 161.90832,74.319207 L 161.25512,74.319207 z M 161.49577,74.525479 L 161.83955,74.525479 C 162.0155,74.525467 162.21771,74.562596 162.21771,74.766128 C 162.21
 773,75.02142 162.01906,75.041156 161.80517,75.041156 L 161.49577,75.041156 L 161.49577,74.525479 z"
+         id="path650" />
+      <path
+         d="M 63.115808,76.090895 C 60.810796,75.504093 58.522203,75.797079 56.285026,76.486064 C 56.010655,76.526189 56.159301,76.830359 56.114355,76.953441 C 56.240389,77.319727 56.032958,77.717522 54.998429,77.944646 C 53.465014,78.282048 52.496128,79.864039 51.942103,80.389181 C 51.290927,81.007536 49.45293,81.388262 49.729943,81.01935 C 49.946565,80.730522 50.773662,79.83253 51.276485,78.861018 C 51.726795,77.99322 52.127215,77.746405 52.678614,76.919305 C 52.841408,76.676428 53.46764,75.824385 53.650127,75.149578 C 53.854932,74.490525 53.786663,73.663427 53.865435,73.323398 C 53.97834,72.83239 54.440465,71.767665 54.477226,71.166377 C 54.496918,70.825035 53.056716,71.650821 52.372719,71.650821 C 51.688722,71.650821 51.024417,71.242523 50.412627,71.21364 C 49.657736,71.17688 49.17198,71.795235 48.489295,71.68758 C 48.098065,71.625877 47.769852,71.281909 47.087167,71.255652 C 46.115654,71.220205 44.928834,71.795235 42.698294,71.724341 C 40.507139,71.653447 38.480092,68.9
 52905 38.204394,68.523601 C 37.880118,68.019465 37.484949,68.019465 37.054333,68.414634 C 36.622404,68.809804 36.090697,68.498657 35.939718,68.234773 C 35.652203,67.73195 34.882871,66.258927 33.692111,65.951719 C 32.044479,65.523729 31.210817,66.864153 31.31847,67.928878 C 31.427438,69.010669 32.127189,69.31394 32.451465,69.887656 C 32.77574,70.462687 32.94116,70.834225 33.54901,71.088919 C 33.980939,71.267467 34.142421,71.53529 34.013762,71.888448 C 33.900856,72.198281 33.451859,72.269175 33.156467,72.282304 C 31.933813,72.291845 31.468231,71.67907 30.76576,70.807968 C 30.388969,70.188301 29.79556,69.919166 29.103685,69.919166 C 28.774159,69.919166 28.465638,70.005814 28.191252,70.147603 C 27.106833,70.710817 25.817611,71.045595 24.429922,71.045595 L 22.863688,71.045595 C 22.102232,68.784859 21.688683,66.365268 21.688683,63.847213 C 21.688683,51.409229 31.770093,41.32782 44.208077,41.32782 C 56.646061,41.32782 66.72747,51.410542 66.72747,63.847213 C 66.730097,68.36212 65.40
 1488,72.565881 63.115808,76.090895 z M 49.170707,74.025807 C 49.286239,74.138712 49.485793,74.518127 49.241602,75.001258 C 49.105065,75.257265 48.956712,75.437126 48.694141,75.647183 C 48.37643,75.900564 47.758075,76.194643 46.908658,75.65506 C 46.451785,75.364919 46.424215,75.267768 45.794044,75.349165 C 45.343735,75.408243 45.163874,74.953995 45.326668,74.575893 C 45.488149,74.199104 46.152454,73.893208 46.980865,74.378965 C 47.353716,74.598211 47.932685,75.059024 48.44076,74.649413 C 48.65213,74.481367 48.778164,74.368462 49.069618,74.031058 C 49.082746,74.015304 49.101126,74.007427 49.122132,74.007427 C 49.140512,74.007427 49.157579,74.013991 49.170707,74.025807 z"
+         id="path632" />
+      <path
+         d="M 63.115853,76.089615 C 65.401534,72.564599 66.72883,68.36215 66.72883,63.849868 C 66.72883,51.411879 56.647417,41.330466 44.209428,41.330466 C 31.77144,41.330466 21.690027,51.413192 21.690027,63.849868 C 21.690027,66.367923 22.103576,68.787515 22.865032,71.046939 C 25.868844,79.95466 34.290809,86.367957 44.209428,86.367957 C 52.133821,86.367957 59.101143,82.275788 63.115853,76.089615 z"
+         style="fill:none"
+         id="path646" />
+      <path
+         d="M 56.917822,57.857972 C 56.694636,58.606299 56.378238,59.562056 54.970858,60.285439 C 54.766053,60.390468 54.687282,60.218483 54.781807,60.057003 C 55.313513,59.151133 55.409352,58.925322 55.562956,58.568226 C 55.779577,58.047022 55.892482,57.303946 55.463179,55.754779 C 54.615075,52.707643 52.849285,48.633855 51.564001,47.31181 C 50.32598,46.037029 48.079686,45.677306 46.050011,46.19851 C 45.302998,46.390186 43.839164,47.151642 41.126807,46.539852 C 36.433353,45.483004 35.738853,47.833013 35.468405,48.857041 C 35.197956,49.881066 34.552032,52.791666 34.552032,52.791666 C 34.33541,53.977174 34.05446,56.038354 41.342116,57.426043 C 44.737158,58.071966 44.910455,58.950266 45.060119,59.58175 C 45.329254,60.712117 45.761183,61.360667 46.245627,61.682316 C 46.731383,62.006591 46.245627,62.274414 45.707356,62.329554 C 44.260592,62.480532 38.917273,60.947118 35.754607,59.151133 C 33.168283,57.570457 33.124958,56.147322 33.717056,54.939495 C 29.808689,54.516756 26.877084
 ,55.304469 26.345378,57.155594 C 25.431631,60.330077 33.324513,65.752165 42.311003,68.473712 C 51.741236,71.329172 61.440606,69.336258 62.519772,63.40872 C 63.012093,60.71343 60.74348,58.721829 56.917822,57.857972 z M 42.458041,52.053841 C 39.857276,52.241579 39.586829,52.52253 39.099759,53.041108 C 38.411824,53.772368 37.507268,52.090601 37.507268,52.090601 C 36.965059,51.976382 36.306006,51.100708 36.661789,50.2828 C 37.012321,49.474082 37.658246,49.71696 37.860425,49.969029 C 38.107242,50.274923 38.633697,50.777747 39.315068,50.759366 C 39.997753,50.7423 40.785465,50.597886 41.884324,50.597886 C 42.998938,50.597886 43.745953,51.014061 43.789276,51.371156 C 43.823411,51.675739 43.698689,51.964567 42.458041,52.053841 z M 45.191406,47.754243 C 45.187466,47.754243 45.183528,47.755556 45.179589,47.755556 C 45.138891,47.755556 45.107383,47.72536 45.107383,47.687287 C 45.107383,47.659717 45.123137,47.636085 45.14808,47.625583 C 45.652218,47.359073 46.404482,47.147704 47.265715,4
 7.059743 C 47.524347,47.032172 47.776416,47.019045 48.019294,47.016418 C 48.062617,47.016418 48.103316,47.016418 48.147954,47.017731 C 49.592094,47.04924 50.746092,47.622957 50.729025,48.299078 C 50.711958,48.973884 49.527763,49.495088 48.084936,49.46358 C 47.617561,49.453076 47.179067,49.384807 46.800965,49.275842 C 46.756328,49.264025 46.723506,49.225952 46.723506,49.181315 C 46.723506,49.135365 46.756328,49.097292 46.802278,49.08679 C 47.702895,48.878046 48.310747,48.538016 48.268737,48.215055 C 48.212283,47.788376 47.03334,47.557315 45.637776,47.696476 C 45.484171,47.713544 45.334507,47.733237 45.191406,47.754243 z"
+         style="fill:#cc0000"
+         id="path648" />
+      <use
+         transform="translate(-94.61853,1.913321)"
+         id="use4312"
+         x="0"
+         y="0"
+         width="744.09448"
+         height="1052.3622"
+         xlink:href="#path650" />
+    </g>
+  </g>
+</svg>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/rhlogo.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/rhlogo.png
new file mode 100644
index 0000000..ecd4856
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/rhlogo.png differ
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/shade.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shade.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/shade.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/shine.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/shine.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/shine.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-back.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-go-back.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-back.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-go-back.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-forward.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-go-forward.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-forward.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-go-forward.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-up.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-go-up.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-go-up.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-go-up.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-home.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-home.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/stock-home.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/stock-home.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/title_logo.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/title_logo.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/title_logo.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/title_logo.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/title_logo.svg
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/warning.png
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.png
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/warning.png
diff --git a/public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/warning.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Virtualization_Guide/Common_Content/images/warning.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/warning.svg
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/watermark-draft.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/watermark-draft.png
new file mode 100644
index 0000000..e3a9852
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/watermark-draft.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/yellow.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/yellow.png
new file mode 100644
index 0000000..223865d
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Common_Content/images/yellow.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
new file mode 100644
index 0000000..b3ce201
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. Configuring an AIX System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_HP_UX.html" title="2.4. Configuring an HP-UX System as a FreeIPA" /><link rel="next" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html" title="2.6. Configuring a Macintosh OS X System as a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><
 li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_AIX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_AIX">2.5. Configuring an AIX System as a FreeIPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure AIX as a FreeIPA client.
+		</div><div class="para">
+			Before starting the FreeIPA installation, update your system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The FreeIPA client installation process requires that a FreeIPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Prerequisites"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Prerequisites">2.5.1. Prerequisites</h3></div></div></div><div class="para">
+				Before you begin the configuration, ensure that the following software is installed and up to date. This can be installed from your AIX media:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						v5.3 OS
+					</div></li><li class="listitem"><div class="para">
+						v5.3 Updates
+					</div></li><li class="listitem"><div class="para">
+						krb5 client packages
+					</div></li><li class="listitem"><div class="para">
+						openssh
+					</div></li><li class="listitem"><div class="para">
+						wget
+					</div></li><li class="listitem"><div class="para">
+						bash
+					</div></li><li class="listitem"><div class="para">
+						krb5 server
+					</div></li><li class="listitem"><div class="para">
+						ldap.client
+					</div></li><li class="listitem"><div class="para">
+						openssl
+					</div></li><li class="listitem"><div class="para">
+						modcrypt.base (for gssd)
+					</div></li></ul></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.5.2. Configuring Client Authentication</h3></div></div></div><div class="para">
+				Before you begin the following procedures, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the FreeIPA master.
+			</div><div class="para">
+				The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Configure the krb5 client settings as follows:
+					</div><div class="para">
+						<code class="command"># mkkrb5clnt -r EXAMPLE.COM -d example.com -c ipaclient.example.com -s ipaserver.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Get a Kerberos ticket:
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure the LDAP client settings as follows:
+					</div><div class="para">
+						<code class="command"># mksecldap -c -h ipaserver.example.com -d cn=accounts,dc=example,dc=com -a uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com -p secret</code>
+					</div></li><li class="listitem"><div class="para">
+						In the <code class="filename">/etc/security/ldap</code> directory, create the following map files:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								FreeIPAuser.map
+							</div><pre class="programlisting">#FreeIPAuser.map file
+keyobjectclass  SEC_CHAR        posixaccount    s
+
+# The following attributes are required by AIX to be functional
+username        SEC_CHAR        uid     s
+id      SEC_INT uidnumber       s
+pgrp    SEC_CHAR        gidnumber       s
+home    SEC_CHAR        homedirectory   s
+shell   SEC_CHAR        loginshell      s
+gecos   SEC_CHAR        gecos   s
+spassword       SEC_CHAR        userpassword    s
+lastupdate      SEC_INT shadowlastchange        s
+</pre></li><li class="listitem"><div class="para">
+								FreeIPAgroup.map
+							</div><pre class="programlisting">#FreeIPAgroup.map file
+groupname       SEC_CHAR        cn      s
+id      SEC_INT gidNumber       s
+users   SEC_LIST        member  m
+</pre></li></ul></div></li><li class="listitem"><div class="para">
+						Modify the <code class="filename">/etc/security/ldap/ldap.cfg</code> file as follows. Remember to specify your own REALM and basedn values.
+					</div><pre class="programlisting">userbasedn:cn=users,cn=accounts,dc=example,dc=com
+groupbasedn:cn=groups,cn=accounts,dc=example,dc=com
+
+userattrmappath:/etc/security/ldap/FreeIPAuser.map
+groupattrmappath:/etc/security/ldap/FreeIPAgroup.map
+
+userclasses:posixaccount
+</pre></li><li class="listitem"><div class="para">
+						Start the LDAP client daemon:
+					</div><div class="para">
+						<code class="command"># start-secldapclntd</code>
+					</div></li><li class="listitem"><div class="para">
+						Test the LDAP client connection to the FreeIPA server:
+					</div><div class="para">
+						<code class="command"># lsldap -a passwd </code>
+					</div></li><li class="listitem"><div class="para">
+						Add the following sections to the <code class="filename">/usr/lib/security/methods.cfg</code> file to configure the system login to use Kerberos and LDAP: 
+<pre class="programlisting">KRB5A:
+program = /usr/lib/security/KRB5A
+program_64 = /usr/lib/security/KRB5A_64
+options = authonly
+
+LDAP:
+program = /usr/lib/security/LDAP
+program_64 =/usr/lib/security/LDAP64
+
+KRB5ALDAP:
+options = auth=KRB5A,db=LDAP
+</pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Edit the <code class="filename">/etc/security/user</code> file, and modify the "default" section as follows: 
+<pre class="programlisting">SYSTEM = "KRB5ALDAP"
+registry = LDAP
+</pre>
+
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">2.5.3. Configuring Client SSH Access</h3></div></div></div><div class="para">
+				You can also configure the FreeIPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. After configuring the FreeIPA client, use the following procedure to configure the FreeIPA client for SSH connections. Remember to replace the example host and domain names with your own host and domain name.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						SSH syslog configuration:
+					</div><pre class="programlisting">auth.info       /var/log/sshd.log
+auth.info       /var/log/sshd.log
+auth.crit       /var/log/sshd.log
+auth.warn       /var/log/sshd.log
+auth.notice     /var/log/sshd.log
+auth.err        /var/log/sshd.log
+</pre></li><li class="listitem"><div class="para">
+						SSH logging configuration:
+					</div><pre class="programlisting">SyslogFacility AUTH
+LogLevel INFO
+</pre></li><li class="listitem"><div class="para">
+						Configure sshd for GSSAPI (<code class="filename">/etc/ssh/sshd_config</code>)
+					</div><pre class="programlisting"># GSSAPI options
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+</pre></li><li class="listitem"><div class="para">
+						Restart sshd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s sshd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s sshd</code>
+					</div></li><li class="listitem"><div class="para">
+						Restart syslogd:
+					</div><div class="para">
+						<code class="command"># stopsrc -s syslogd</code>
+					</div><div class="para">
+						<code class="command"># startsrc -s syslogd</code>
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ipa-admintools</span> package is not available for AIX. Consequently, you need to perform the following steps on the FreeIPA server.
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/ipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the host keytab.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver -p host/ipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc </code>
+							</div></li><li class="listitem"><div class="para">
+								Copy the keytab from the server to the client.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at ipaclient.example.com:/tmp/krb5.keytab </code>
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						On the FreeIPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab.
+					</div><pre class="screen"># ktutil
+ktutil: read_kt /tmp/krb5.keytab
+ktutil: write_kt /etc/krb5/krb5.keytab
+ktutil: q
+</pre></li><li class="listitem"><div class="para">
+						Add a user that is only used for authentication. (This can be substituted with krb5 auth if that works from the ldap client). Otherwise go to the FreeIPA server and use <code class="command">ldapmodify</code>, bind as Directory Manager and create this user.
+					</div><pre class="programlisting">dn: uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com
+objectClass: account
+objectClass: simplesecurityobject
+objectClass: top
+uid: nss
+userPassword: Your own shared password here
+</pre></li><li class="listitem"><div class="para">
+						On the FreeIPA server, get a ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin </code>
+					</div></li></ol></div><div class="para">
+				You should be able to log in as admin using SSH without providing a password.
+			</div><div class="para">
+				<code class="command"> # ssh admin at ipaclient.example.com </code>
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_AIX-Testing_System_Login">2.5.4. Testing System Login</h3></div></div></div><div class="para">
+				After you have completed the steps in <a class="xref" href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">Section 2.5.2, “Configuring Client Authentication”</a> and <a class="xref" href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">Section 2.5.3, “Configuring Client SSH Access”</a>, you should be able to log in as a FreeIPA user on the AIX machine. Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="para">
+				On the system console, log in as a FreeIPA user. After you have logged in, open a shell and run the following command:
+			</div><div class="para">
+				<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link <code class="command">sh</code> to <code class="command">/bin/bash</code> or modify admin to use <code class="command">/bin/sh</code> or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Prev</strong>2.4. Configuring an HP-UX System as a FreeIPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Next</strong>2.6. Configuring a Macintosh OS X System as a Fre...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html
new file mode 100644
index 0000000..b7ed54a
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html
@@ -0,0 +1,425 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. Configuring an HP-UX System as a FreeIPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_Solaris.html" title="2.3. Configuring a Solaris System as a FreeIPA Client" /><link rel="next" href="Configuring_an_IPA_Client_on_AIX.html" title="2.5. Configuring an AIX System as a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="p
 revious"><a accesskey="p" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_HP_UX"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_HP_UX">2.4. Configuring an HP-UX System as a FreeIPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure HP-UX as a FreeIPA client. It also includes some verification tests to ensure that the configuration is working correctly.
+		</div><div class="para">
+			Before starting the FreeIPA installation, ensure that you update your system with all the latest packages.
+		</div><div class="para">
+			To install an HP-UX client you need administrator privileges in the form of the Directory Manager password. There is no other way to perform the installation.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The FreeIPA client installation process requires that a FreeIPA server already exist.
+			</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP"><h5 class="formalpara">Configuring NTP</h5>
+				Before proceeding with the following configuration steps, ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the FreeIPA server.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.4.1. Configuring LDAP Authentication</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the ldapux client on the HP-UX 11.23 machine.
+					</div><div class="para">
+						<code class="command"> # swinstall -s J4269AA_B.04.15.01_HP-UX_B.11.23_IA_PA.depot </code>
+					</div></li><li class="listitem"><div class="para">
+						Change to the configuration directory and run the setup script.
+					</div><div class="para">
+						<code class="command"># cd /opt/ldapux/config/</code>
+					</div><div class="para">
+						<code class="command"># ./setup</code>
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							You only need to perform this configuration on the first HP-UX client. All further configurations only need to know where the LDAP profile is stored. All clients will then use the same configuration.
+						</div><div class="para">
+							The HP-UX guide for this procedure is located at <a href="http://docs.hp.com/en/J4269-90075/ch02s07.html">http://docs.hp.com/en/J4269-90075/ch02s07.html</a>
+						</div></div></div><div class="para">
+						The following is a sample output from running the above script:
+					</div><pre class="programlisting">Would you like to continue with the setup? [Yes]
+Select which Directory Server you want to connect to ? [RedHat Directory]
+Directory server host ? [ipaserver.example.com]
+Directory Server port number [389]
+Would you like to extend the printer schema in this directory server? [No]
+Would you like to install PublicKey schema in this directory server? [No]
+Would you like to install the new automount schema ? [No]
+Profile Entry DN: [cn=ldapuxprofile,cn=etc,dc=example,dc=com]
+User DN [cn=Directory Manager]
+Password ? [Directory Manager's Password]
+Authentication method ? [ SIMPLE ]
+Enter the number of the hosts you want to specify [1]
+Default Base DN ? [dc=example,dc=com]
+Accept remaining defaults ? [n]
+Client binding [Anonymous]
+Bind time limit [5 seconds]
+Search time limit [no limit]
+Do you want client searches of the directory to follow referrals? [Yes]
+Profile TTL [0 = infinite]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [Yes]
+Specify the service you want to map? [ 3=Group]
+Specify the attribute you want to map [3 for memberuid ]
+Type the name of the attribute memberuid should be mapped to [member]
+Specify the service you want to map? [ 0 = exit ]
+Do you want to remap any of the standard <a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> attribute? [ no this time ]
+Do you want to create custom search descriptors? [ No ]
+</pre></li><li class="listitem"><div class="para">
+						Ensure that the LDAP client daemon is running.
+					</div><div class="para">
+						<code class="command"># ps -ef | grep ldapclientd</code>
+					</div><div class="para">
+						If necessary, use the following command to start the daemon:
+					</div><div class="para">
+						<code class="command"># /opt/ldapux/bin/ldapclientd</code>
+					</div></li><li class="listitem"><div class="para">
+						Run the following commands to ensure that the LDAP client is working:
+					</div><div class="para">
+						<code class="command"># nsquery passwd admin</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group admins</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						Create a new group on the FreeIPA server.
+					</div><div class="para">
+						<code class="command"> # ipa group-add testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Add a test user to the new group created above.
+					</div><div class="para">
+						<code class="command"> # ipa group-add-member -a testuser testgroup </code>
+					</div></li><li class="listitem"><div class="para">
+						Run the <code class="command">nsquery</code> commands again to validate the new user and group:
+					</div><div class="para">
+						<code class="command"># nsquery passwd testuser</code> (user should be visible)
+					</div><div class="para">
+						<code class="command"># nsquery group testgroup</code> (group and user should be visible)
+					</div></li><li class="listitem"><div class="para">
+						To ensure that the LDAP client daemon starts when the system boots, add the following lines to the <code class="filename">/etc/opt/ldapux/ldapclientd.conf</code> file: 
+<pre class="programlisting">[StartOnBoot]
+enable=yes
+</pre>
+
+					</div></li></ol></div><div class="para">
+				This concludes the LDAP client configuration.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">2.4.2. Configuring Kerberos and PAM</h3></div></div></div><div class="para">
+				The Kerberos and PAM configuration process is completely manual. Sample configuration files are provided for reference, but you need to edit your own system files to reflect your deployment.
+			</div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.4.2.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Edit the <code class="filename">/etc/krb5.conf</code> file to reflect the following example:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+default_tkt_enctypes = DES-CBC-CRC
+default_tgs_enctypes = DES-CBC-CRC
+ccache_type = 2
+
+[realms]
+EXAMPLE.COM = {
+      kpasswd_server = ipaserver.example.com
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      }
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[appdefaults]
+kinit = {
+      forwardable = true
+      }
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_PAM"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_PAM">2.4.2.2. Configuring PAM</h4></div></div></div><div class="para">
+					The PAM configuration differs slightly between different versions of HP-UX. These configurations are described below.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v2"><h5 class="formalpara">HP-UX 11i v2</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+
+#
+#
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with use_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+# #
+# The module pam_hpsec(5) is stacked as mandatory module above #
+# all the modules for making security checks before #
+# authentication. #
+
+################################################################
+#
+#
+
+# Authentication management
+#
+login auth required libpam_hpsec.so.1
+login auth sufficient libpam_krb5.so.1
+login auth required libpam_unix.so.1 try_first_pass
+su auth required libpam_hpsec.so.1
+su auth sufficient libpam_krb5.so.1
+su auth required libpam_unix.so.1 try_first_pass
+dtlogin auth required libpam_hpsec.so.1
+dtlogin auth sufficient libpam_krb5.so.1
+dtlogin auth required libpam_unix.so.1 try_first_pass
+dtaction auth required libpam_hpsec.so.1
+dtaction auth sufficient libpam_krb5.so.1
+dtaction auth required libpam_unix.so.1 try_first_pass
+ftp auth required libpam_hpsec.so.1
+ftp auth sufficient libpam_krb5.so.1
+ftp auth required libpam_unix.so.1 try_first_pass
+sshd auth required libpam_hpsec.so.1
+sshd auth sufficient libpam_krb5.so.1
+sshd auth required libpam_unix.so.1 try_first_pass
+OTHER auth required libpam_unix.so.1
+#
+
+# Account management
+#
+login account required libpam_hpsec.so.1
+login account sufficient libpam_krb5.so.1
+login account required libpam_unix.so.1
+su account required libpam_hpsec.so.1
+su account sufficient libpam_krb5.so.1
+su account required libpam_unix.so.1
+dtlogin account required libpam_hpsec.so.1
+dtlogin account sufficient libpam_krb5.so.1
+dtlogin account required libpam_unix.so.1
+dtaction account required libpam_hpsec.so.1
+dtaction account sufficient libpam_krb5.so.1
+dtaction account required libpam_unix.so.1
+ftp account required libpam_hpsec.so.1
+ftp account sufficient libpam_krb5.so.1
+ftp account required libpam_unix.so.1
+sshd account required libpam_hpsec.so.1
+sshd account sufficient libpam_krb5.so.1
+sshd account required libpam_unix.so.1
+OTHER account required libpam_unix.so.1
+#
+
+# Session management
+#
+login session required libpam_hpsec.so.1
+login session sufficient libpam_krb5.so.1
+login session required libpam_unix.so.1
+dtlogin session required libpam_hpsec.so.1
+dtlogin session sufficient libpam_krb5.so.1
+dtlogin session required libpam_unix.so.1
+dtaction session required libpam_hpsec.so.1
+dtaction session sufficient libpam_krb5.so.1
+dtaction session required libpam_unix.so.1
+sshd session required libpam_hpsec.so.1
+sshd session sufficient libpam_krb5.so.1
+sshd session required libpam_unix.so.1
+OTHER session required libpam_unix.so.1
+#
+
+# Password management
+#
+login password required libpam_hpsec.so.1
+login password sufficient libpam_krb5.so.1
+login password required libpam_unix.so.1
+passwd password required libpam_hpsec.so.1
+passwd password sufficient libpam_krb5.so.1
+passwd password required libpam_unix.so.1
+dtlogin password required libpam_hpsec.so.1
+dtlogin password sufficient libpam_krb5.so.1
+dtlogin password required libpam_unix.so.1
+dtaction password required libpam_hpsec.so.1
+dtaction password sufficient libpam_krb5.so.1
+dtaction password required libpam_unix.so.1
+OTHER password required libpam_unix.so.1
+</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_PAM-HP_UX_11i_v1"><h5 class="formalpara">HP-UX 11i v1</h5>
+						Edit the <code class="filename">/etc/pam.conf</code> file to reflect the following example:
+					</div><pre class="programlisting">#
+# PAM configuration
+#
+# This pam.conf file is intended as an example only.
+# see pam.conf(4) for more details
+#
+
+################################################################
+# This sample file will authenticate the user who belongs to #
+# either Kerberos or Unix system. Using this configuration file#
+# if the user is authenticated through Kerberos then the Unix #
+# authentication will not be invoked. However,if the Kerberos #
+# authentication fails for the user, then the fallback #
+# authentication mechanism PAM-Unix will be invoked to #
+# authenticate the user.The assumption is the user is either #
+# present in Kerberos or in Unix system. #
+# #
+# In case, the administrator wants the password for all the #
+# users to be synchronous between Kerberos and Unix systems, #
+# then the control flag should to be set to "required" for all #
+# the entries with user_first_pass option set for pam_unix. #
+# If password synchronization is optional then try_first_pass #
+# option need to be set for pam_unix, so that the user can #
+# login using the appropriate passwords. #
+
+################################################################
+#
+
+# Authentication management
+#
+login auth sufficient /usr/lib/security/libpam_krb5.1
+login auth required /usr/lib/security/libpam_unix.1 try_first_pass
+su auth sufficient /usr/lib/security/libpam_krb5.1
+su auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtlogin auth sufficient /usr/lib/security/libpam_krb5.1
+dtlogin auth required /usr/lib/security/libpam_unix.1 try_first_pass
+dtaction auth sufficient /usr/lib/security/libpam_krb5.1
+dtaction auth required /usr/lib/security/libpam_unix.1 try_first_pass
+ftp auth sufficient /usr/lib/security/libpam_krb5.1
+ftp auth required /usr/lib/security/libpam_unix.1 try_first_pass
+OTHER auth required /usr/lib/security/libpam_unix.1
+#
+
+# Account management
+#
+login account sufficient /usr/lib/security/libpam_krb5.1
+login account required /usr/lib/security/libpam_unix.1
+su account sufficient /usr/lib/security/libpam_krb5.1
+su account required /usr/lib/security/libpam_unix.1
+dtlogin account sufficient /usr/lib/security/libpam_krb5.1
+dtlogin account required /usr/lib/security/libpam_unix.1
+dtaction account sufficient /usr/lib/security/libpam_krb5.1
+dtaction account required /usr/lib/security/libpam_unix.1
+ftp account sufficient /usr/lib/security/libpam_krb5.1
+ftp account required /usr/lib/security/libpam_unix.1
+OTHER account required /usr/lib/security/libpam_unix.1
+#
+
+# Session management
+#
+login session sufficient /usr/lib/security/libpam_krb5.1
+login session required /usr/lib/security/libpam_unix.1
+dtlogin session sufficient /usr/lib/security/libpam_krb5.1
+dtlogin session required /usr/lib/security/libpam_unix.1
+dtaction session sufficient /usr/lib/security/libpam_krb5.1
+dtaction session required /usr/lib/security/libpam_unix.1
+OTHER session required /usr/lib/security/libpam_unix.1
+#
+
+# Password management
+#
+login password sufficient /usr/lib/security/libpam_krb5.1
+login password required /usr/lib/security/libpam_unix.1
+passwd password sufficient /usr/lib/security/libpam_krb5.1
+passwd password required /usr/lib/security/libpam_unix.1
+dtlogin password sufficient /usr/lib/security/libpam_krb5.1
+dtlogin password required /usr/lib/security/libpam_unix.1
+dtaction password sufficient /usr/lib/security/libpam_krb5.1
+dtaction password required /usr/lib/security/libpam_unix.1
+OTHER password required /usr/lib/security/libpam_unix.1
+</pre></div><div class="section" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_and_PAM-Configuring_Access_Control">2.4.2.3. Configuring Access Control</h4></div></div></div><div class="para">
+					On HP-UX systems a PAM module called pam_authz is available which can be used to control login access to the system based on a user's group membership.
+				</div><div class="para">
+					Refer to the HP-UX documentation on pam_authz for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.4.3. Configuring SSH</h3></div></div></div><div class="para">
+				Before you can use SSH to connect to the FreeIPA server without using a password, you need to install a suitable version of <code class="command">ssh</code>, and set up the correct authentication attributes in the SSH configuration file.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Ensure that you have version A.05.10.007 or later of <code class="command">ssh</code> installed. Navigate to the following URL to download a suitable version: 
+<pre class="screen"><a href="http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA">http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA</a></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Make the following changes to the <code class="filename">/etc/opt/ssh/ssh_config</code> file: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Remove any "PreferredAuthentications" entries.
+								</div></li><li class="listitem"><div class="para">
+									Add the following three lines: 
+<pre class="programlisting">Host *
+      GSSAPIAuthentication yes
+      PreferredAuthentications "gssapi-with-mic,publickey,password"
+</pre>
+
+								</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+										Ensure that you include the tab character before the "GSSAPIAuthentication" and "PreferredAuthentications" entries, and the double quotes around the "PreferredAuthentications" argument.
+									</div></div></div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Remove the <code class="filename">/etc/krb5.keytab</code> file.
+					</div></li><li class="listitem"><div class="para">
+						On the FreeIPA server:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Add a host service principal for the HP-UX client.
+							</div><div class="para">
+								<code class="command"> # ipa service-add host/hpuxipaclient.example.com </code>
+							</div></li><li class="listitem"><div class="para">
+								Create the host keytab file.
+							</div><div class="para">
+								<code class="command"> # ipa-getkeytab -s ipaserver.example.com -p host/hpuxipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc</code>
+							</div></li><li class="listitem"><div class="para">
+								Copy this keytab to the HP-UX machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+							</div><div class="para">
+								<code class="command"> # scp /tmp/krb5.keytab root at hpuxipaclient.example.com:/etc/krb5/krb5.keytab </code>
+							</div></li></ol></div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.4.4. Configuring Access Control</h3></div></div></div><div class="para">
+				HP-UX systems provide a PAM module called pam_authz which can be used to control login access to the system based on a user's group membership. Refer to the following HP-UX pam_authz documentation for details on how to configure access control for HP-UX systems: <a href="http://docs.hp.com/en/B3921-60631/pam_authz.5.html">http://docs.hp.com/en/B3921-60631/pam_authz.5.html</a>
+			</div><div class="para">
+				The following is a sample <code class="filename">/etc/opt/ldapux/pam_authz.policy</code> file: 
+<pre class="programlisting">
+# pam_authz.policy.template:
+#
+# An example file that could be copied over to /etc/opt/ldapux/pam_authz.policy.
+# pam_authz.policy is a local policy file that PAM_AUTHZ would use to help
+# determine which users would be allowed to login to the local host.
+#
+# In this template file, by default, the only active access rule is
+#     "allow:unix_local_user"
+# All the local users are authorized to login.
+#
+# The policy file contains one or more access rule. The format of an access
+# rule is &lt;action&gt;:&lt;type&gt;:&lt;object&gt;
+#
+# where   &lt;action&gt; could be "deny", "allow", "status"
+#                           "PAM_SUCCESS", "PAM_PERM_DENIED", "PAM_MAXTRIES"
+#                           "PAM_AUTH_ERR", "PAM_NEW_AUTHTOK_REQD",
+#                           "PAM_AUTHTOKEN_REQD, "PAM_CRED_INSUFFICIENT",
+#                           "PAM_AUTHINFO_UNAVAIL", "PAM_USER_UNKNOWN"
+#                           "PAM_ACCT_EXPIRED", "PAM_AUTHOK_EXPIRED"
+#
+#                           Note: "status" must use along with "rhds" or
+#                           "ads" &lt;type&gt;.
+#         &lt;type&gt;   could be "unix_user", "unix_local_user", "unix_group",
+#                           "netgroup", ldap_filter", "ldap_group"
+#                           "rhds" or "ads"
+#
+#                           Note: When &lt;type&gt; is set to "rhds" or "ads",
+#                           the &lt;action&gt; filed must set to "status".
+#         &lt;object&gt; contains search information. For example,
+#
+
+deny:unix_group:admins
+allow:unix_local_user
+</pre>
+
+			</div><div class="para">
+				This configuration will prevent the admin user from logging in, but local UNIX users can still log in.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">2.4.5. Testing the Configuration</h3></div></div></div><div class="para">
+				Use the following tests to validate the PAM and Kerberos configuration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client machine, run <code class="command">kinit admin</code> and enter the password.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div><div class="para">
+						<code class="command"># klist</code> (to verify that you received a valid ticket)
+					</div></li><li class="listitem"><div class="para">
+						From another Linux client machine, attempt to log in using SSH.
+					</div><div class="para">
+						<code class="command"> # ssh admin at hpuxipaclient.example.com </code>
+					</div><div class="para">
+						The admin user should be able to log in using SSH without being asked for a password.
+					</div></li></ul></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the HP-UX client console, at the login prompt, enter the Administrator's login ID and password. The admin user should be able to log in from the console.
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					By default, the admin user is given <code class="command">/bin/bash</code> as the shell to use and <code class="filename">/home/admin</code> as the home directory. You may need to install bash (or link sh to /bin/bash or modify admin to use /bin/sh or a shell available in all of your systems) to be able to log in.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Prev</strong>2.3. Configuring a Solaris System as a FreeIPA Cl...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Next</strong>2.5. Configuring an AIX System as a FreeIPA Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
new file mode 100644
index 0000000..3cb3c66
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. Configuring a Macintosh OS X System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_AIX.html" title="2.5. Configuring an AIX System as a FreeIPA Client" /><link rel="next" href="basic-usage.html" title="Chapter 3. Basic Usage" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Clie
 nt_on_AIX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X">2.6. Configuring a Macintosh OS X System as a FreeIPA Client</h2></div></div></div><div class="para">
+			This chapter describes how to configure Macintosh OS X as a FreeIPA client. These instructions are specific to Mac OS X 10.4 (Tiger). This version of the OS includes a partial install of the Kerberos tools you need by default, especially if you perform an upgrade from 10.1 or 10.2.
+		</div><div class="para">
+			Before starting the FreeIPA installation, ensure that you update the system with all the latest packages.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The FreeIPA client installation process requires that a FreeIPA server already exist.
+			</div><div class="para">
+				Many of the following procedures and instructions use example host names, domain names, and realm names for illustration purposes. You need to replace these example names with those that apply to your own deployment.
+			</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.6.1. Configuring Kerberos Authentication</h3></div></div></div><div class="para">
+				The current version of FreeIPA does not provide for automatic configuration of Macintosh clients. Configuring authentication is a manual process, and is described in the following sections.
+			</div><div class="section" id="Configuring_Kerberos_Authentication-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Configuring_Kerberos">2.6.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configuring the Macintosh to use Kerberos for authentication with FreeIPA is a two-step process: First, Kerberos needs to be correctly installed and configured, and second, the Kerberos authentication needs to be enabled.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Ensure that <code class="filename">/System/Library/CFMSupport/Kerberos</code> is version 4.2 or higher. If that directory does not exist or is the wrong version, install the Kerberos Extras support.
+						</div></li><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/System/Library/Coreservices/Kerberos</strong></span>
+						</div></li><li class="listitem"><div class="para">
+							From the <span class="guimenu"><strong>Edit</strong></span> menu, choose <span class="guimenuitem"><strong>Edit Realms</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Settings</strong></span> tab, enter the FreeIPA server's Kerberos realm (for example, EXAMPLE.COM).
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Servers</strong></span> tab, leave two lines, whose hostnames you then need to replace with the FreeIPA server's hostname (for example, ipaserver.example.com):
+						</div><pre class="programlisting">kdc  ipaserver.example.com 88
+admin ipaserver.example.com 749
+</pre></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Domains</strong></span> tab, replace the existing domains with the FreeIPA server's actual domain (such as example.com):
+						</div><pre class="programlisting">.example.com
+example.com
+</pre></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>Make default</strong></span> to create the necessary configuration file, and then close the Kerberos tool.
+						</div><div class="para">
+							This step creates the <code class="filename">/Library/Preferences/edu.mit.kerberos</code> file, and it is recommended that you check this file manually to ensure that it is correct.
+						</div><div class="para">
+							This file should look similar to the following example. Remember to replace the example.com settings with your own FreeIPA server name, Kerberos realm and domain details.
+						</div><pre class="programlisting">[domain_realm]
+example.com = EXAMPLE.COM
+.example.com = .EXAMPLE.COM
+
+[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = true
+dns_lookup_kdc = true
+ticket_lifetime = 24h
+forwardable = yes
+
+[realms]
+EXAMPLE.COM = {
+      admin_server = ipaserver.example.com:749
+      default_domain = example.com
+      kdc = ipaserver.example.com:88
+      }
+</pre></li></ol></div><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Authentication-Enabling_Kerberos_Authentication">2.6.1.2. Enabling Kerberos Authentication</h4></div></div></div><div class="para">
+					You now need to modify the <code class="filename">/private/etc/authorization</code> file to allow Kerberos authentication.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Log in as the admin user and launch the <span class="application"><strong>/Applications/Utilities/Terminal</strong></span> application.
+						</div></li><li class="listitem"><div class="para">
+							Change to the <code class="filename">/private/etc</code> directory and make a backup of the existing authorization file.
+						</div><div class="para">
+							<code class="command"># cd /private/etc</code>
+						</div><div class="para">
+							<code class="command"># cp -p authorization authorization_bak</code>
+						</div></li><li class="listitem"><div class="para">
+							Open the authorization file, and locate the string "system.login.console".
+						</div></li><li class="listitem"><div class="para">
+							Locate the <em class="parameter"><code>dict</code></em> entry below this string, and then locate the <em class="parameter"><code>mechanisms</code></em> entry.
+						</div></li><li class="listitem"><div class="para">
+							Change <em class="parameter"><code>authinternal</code></em> to <em class="parameter"><code>builtin:krb5authnoverify,privileged</code></em>
+						</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+								Several instances of <em class="parameter"><code>authinternal</code></em> may occur in this file. Ensure that you change the correct instance.
+							</div></div></div></li><li class="listitem"><div class="para">
+							Save and close the file.
+						</div></li><li class="listitem"><div class="para">
+							Restart the machine to enable Kerberos authentication.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.6.2. Configuring LDAP Authorization</h3></div></div></div><div class="para">
+				These instructions are specific to Mac OS X 10.4 (Tiger).
+			</div><div class="section" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Creating_the_LDAP_Configuration">2.6.2.1. Creating the LDAP Configuration</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Launch <span class="application"><strong>/Applications/Utilities/Directory Access</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Services</strong></span> tab, clear all check boxes except LDAPv3 and Bonjour.
+						</div></li><li class="listitem"><div class="para">
+							Select the <span class="guilabel"><strong>LDAPv3</strong></span> entry and click <span class="guibutton"><strong>Configure</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Ensure the <span class="guilabel"><strong>Add DHCP-supplied LDAP servers</strong></span> check box is not selected.
+						</div></li><li class="listitem"><div class="para">
+							Click the arrow next to the <span class="guilabel"><strong>Show Options</strong></span> label, and then click <span class="guibutton"><strong>New</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Server Name (for example, ipaserver.example.com).
+						</div></li><li class="listitem"><div class="para">
+							Clear the <span class="guilabel"><strong>Encrypt using SSL</strong></span> check box, and then click <span class="guibutton"><strong>Manual</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							Enter the Configuration Name (for example, "FreeIPA LDAP").
+						</div></li><li class="listitem"><div class="para">
+							Ensure that the <span class="guilabel"><strong>Enable</strong></span> check box is selected, and that the <span class="guilabel"><strong>SSL</strong></span> check box is cleared.
+						</div></li></ol></div></div><div class="section" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options"><div class="titlepage"><div><div><h4 class="title" id="Configuring_LDAP_Authorization-Setting_up_the_LDAP_Service_Configuration_Options">2.6.2.2. Setting up the LDAP Service Configuration Options</h4></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Select the newly-created LDAP configuration and then click <span class="guibutton"><strong>Edit</strong></span>.
+						</div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Connection</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Open/close times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Query times out in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Re-bind attempted in: 10 seconds
+								</div></li><li class="listitem"><div class="para">
+									Connection idles out in: 1 minute
+								</div></li><li class="listitem"><div class="para">
+									Clear all check boxes
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the <span class="guilabel"><strong>Search &amp; Mappings</strong></span> tab, specify the following:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Access this LDAP server using: CUSTOM
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, select <span class="guilabel"><strong>Default Attribute Types</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, select <span class="guilabel"><strong>RecordName</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added RecordName attribute, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "uid" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add a Users record, as follows:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Record Types</strong></span> option, select <span class="guilabel"><strong>Users</strong></span> from the list, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the newly-added <span class="guilabel"><strong>Users</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "inetOrgPerson" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									In the <span class="guilabel"><strong>Search base</strong></span> field, type "dc=example,dc=com" (without the quotes), and select the <span class="guilabel"><strong>Search in all subtrees</strong></span> option.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Add attributes to the Users record as appropriate for your deployment. The following is an example of the required procedure.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Under the <span class="guilabel"><strong>Record Types and Attributes</strong></span> panel, click <span class="guibutton"><strong>Add</strong></span>.
+								</div></li><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Attribute Types</strong></span> option, and then use <span class="keycap"><strong>Command</strong></span>+<span class="mousebutton">Click</span> to select the attributes that you want to add. For example, a typical deployment might include the following attributes:
+								</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+											AuthenticationAuthority
+										</div></li><li class="listitem"><div class="para">
+											PrimaryGroupID
+										</div></li><li class="listitem"><div class="para">
+											RealName
+										</div></li><li class="listitem"><div class="para">
+											RecordName
+										</div></li><li class="listitem"><div class="para">
+											UniqueID
+										</div></li><li class="listitem"><div class="para">
+											UserShell
+										</div></li></ul></div></li><li class="listitem"><div class="para">
+									Click <span class="guibutton"><strong>OK</strong></span> to add the selected attributes to the <span class="guilabel"><strong>Users</strong></span> record.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Specify appropriate mappings for the attributes that you just added. For example:
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Select the <span class="guilabel"><strong>Authentication Authority</strong></span> record type, and then click <span class="guibutton"><strong>Add</strong></span> under the <span class="guilabel"><strong>Map to any items in list</strong></span> panel.
+								</div></li><li class="listitem"><div class="para">
+									Type "#;Kerberosv5;;$uid$;EXAMPLE.COM" (without the quotes) in the text box. Click outside of the text box to set the value.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map PrimaryGroupID to gidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Use the same procedure to map UniqueID to uidNumber.
+								</div></li><li class="listitem"><div class="para">
+									Continue until all required entries have been mapped, and then click <span class="guibutton"><strong>OK</strong></span>.
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							Click <span class="guibutton"><strong>OK</strong></span> to finish setting up the LDAP service configuration options.
+						</div></li></ol></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.6.3. Configuring the LDAP Authorization Options</h3></div></div></div><div class="para">
+				You now need to add the LDAP service to the list of locations used to search for user authentication information.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the <span class="guilabel"><strong>Authentication</strong></span> tab, change the <span class="guilabel"><strong>Search</strong></span> value to <span class="guilabel"><strong>Custom path</strong></span>, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Select the configuration that you added in the Creating the LDAP Configuration step, and then click <span class="guibutton"><strong>Add</strong></span>.
+					</div></li><li class="listitem"><div class="para">
+						Click <span class="guibutton"><strong>Apply</strong></span> to update the LDAP configuration, and then exit the <span class="application"><strong>Directory Access</strong></span> application.
+					</div></li></ol></div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.6.4. Configuring NTP</h3></div></div></div><div class="para">
+				Open the Date &amp; Time utility and point it to the FreeIPA server URL to set the date and time automatically.
+			</div></div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">2.6.5. Accessing the FreeIPA Server Using SSH</h3></div></div></div><div class="para">
+				After configuring client authentication, you should be able to use SSH to connect to the FreeIPA server without being prompted for a password.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"> # kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						If you have a valid Kerberos ticket, SSH should proceed with GSSAPI authentication without asking for a password:
+					</div><pre class="programlisting"><span class="perl_Comment"># ssh admin at ipaserver.example.com</span></pre></li></ol></div></div><div class="section" id="Macintosh_OS_X-Configuring_System_Login"><div class="titlepage"><div><div><h3 class="title" id="Macintosh_OS_X-Configuring_System_Login">2.6.6. Configuring System Login</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						On the Macintosh login window, log in as a FreeIPA user.
+					</div></li><li class="listitem"><div class="para">
+						First, check the user ID to make sure that both the user and group IDs are correct for the current account.
+					</div><pre class="programlisting">$ <span class="perl_BString">id</span>
+
+<span class="perl_Others">uid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">gid=</span>10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span> <span class="perl_Others">groups=</span>3<span class="perl_Others">(</span>sys<span class="perl_Others">)</span>,100<span class="perl_Others">(</span>users<span class="perl_Others">)</span>,1070<span class="perl_Others">(</span>devel2<span class="perl_Others">)</span>,10678<span class="perl_Others">(</span>jsmith<span class="perl_Others">)</span></pre></li><li class="listitem"><div class="para">
+						Then, check that there is a valid Kerberos ticket. 
+<pre class="programlisting">$ klist
+
+Ticket cache: <span class="perl_BString">FILE</span>:/tmp/krb5cc_10678
+Default principal: jsmith at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+05/12/11 12:12:26  05/12/11 22:12:26  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+        renew <span class="perl_Keyword">until</span> 05/12/11 12:12:26
+
+
+Kerberos 4 ticket cache: /tmp/tkt10678
+klist: You have no tickets cached</pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					To open the Terminal application, navigate to <span class="application"><strong>Applications/Utilities/Terminal.app</strong></span> or use the keyboard shortcut <span class="keycap"><strong>Command-Shift-U</strong></span>. You can also drag the Terminal icon to the Dock to make it permanently available on your Desktop.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Prev</strong>2.5. Configuring an AIX System as a FreeIPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong>Chapter 3. Basic Usage</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
new file mode 100644
index 0000000..4c9be73
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. Configuring a Solaris System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Using_Microsoft_Windows.html" title="2.2. Configuring a Microsoft Windows System as a FreeIPA Client" /><link rel="next" href="Configuring_an_IPA_Client_on_HP_UX.html" title="2.4. Configuring an HP-UX System as a FreeIPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previou
 s"><a accesskey="p" href="Using_Microsoft_Windows.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_Solaris"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Solaris">2.3. Configuring a Solaris System as a FreeIPA Client</h2></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">2.3.1. Configuring Solaris 10</h3></div></div></div><div class="para">
+				FreeIPA provides an automated method of configuring Solaris 10 to function as a FreeIPA client. On your Solaris client, run the following command (ensure that you replace the example domain name with your own): 
+<pre class="screen"><code class="command"># ldapclient init ipa.example.com</code></pre>
+
+			</div><div class="para">
+				When FreeIPA is installed it creates a configuration profile that will automatically set up the necessary PAM and <code class="filename">/etc/ldap.conf</code> configuration for Solaris. 
+				<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can add the <code class="option">-v</code> option to this command to display more details about the command operation.
+					</div></div></div>
+
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Kerberos">2.3.1.1. Configuring Kerberos</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/krb5/krb5.conf</code> file as follows:
+				</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+
+[realms]
+EXAMPLE.COM = {
+kdc = ipaserver.example.com:88
+admin_server = ipaserver.example.com:749
+}
+
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+
+[logging]
+default = FILE:/var/krb5/kdc.log
+kdc = FILE:/var/krb5/kdc.log
+kdc_rotate = {
+period = 1d
+versions = 10
+}
+
+[appdefaults]
+kinit = {
+renewable = true
+forwardable= true
+}
+</pre><div class="para">
+					The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+				</div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_Client_SSH_Access">2.3.1.2. Configuring Client SSH Access</h4></div></div></div><div class="para">
+					Use the following procedure to configure the Solaris FreeIPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. Remember to replace the example host and domain names with your own host and domain name.
+				</div><div class="para">
+					The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the FreeIPA server.
+				</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Add a host service principal for the Solaris client.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"> # ipa service-add host/solarisipaclient.example.com </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Create the host keytab file.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p host/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							Copy this keytab to the Solaris machine as <code class="filename">/etc/krb5/krb5.keytab</code>.
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/etc/krb5/krb5.keytab </code></pre>
+
+						</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						After you have performed all of the preceding configuration steps, reboot the Solaris machine to ensure that all of the changes take effect.
+					</div></div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_10-Configuring_NFS_v4">2.3.1.3. Configuring NFS v4</h4></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The NFS v4 configuration is only supported on Solaris 10.
+					</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Obtain a Kerberos ticket for the admin user. 
+<pre class="screen"><code class="command"># kinit admin </code></pre>
+
+						</div></li><li class="listitem"><div class="para">
+							The <span class="package">ipa-admintools</span> package is not available for Solaris. Consequently, you need to perform the following steps on the FreeIPA server.
+						</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+									Add an NFS service principal for the client. 
+<pre class="screen"><code class="command"># ipa service-add nfs/solarisipaclient.example.com </code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Create the NFS keytab file. 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/solarisipaclient.example.com -k \</code>
+<code class="command">/tmp/krb5.keytab -e des-cbc-crc</code></pre>
+
+								</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+										Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Fedora 15, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+									</div><div class="para">
+										If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+									</div></div></div></li><li class="listitem"><div class="para">
+									Use the <code class="command">klist</code> command to verify that the ticket was created: 
+<pre class="screen"><code class="command"># klist -ket /tmp/krb5.keytab</code></pre>
+
+								</div></li><li class="listitem"><div class="para">
+									Copy the keytab from the server to the client. 
+<pre class="screen"><code class="command"># scp /tmp/krb5.keytab root at solarisipaclient.example.com:/tmp/krb5.keytab </code></pre>
+
+								</div></li></ol></div></li><li class="listitem"><div class="para">
+							On the FreeIPA client, use the <code class="command">ktutil</code> command to import the contents into the main host keytab. 
+<pre class="screen"><code class="command"># ktutil</code>
+<code class="command">ktutil: read_kt /tmp/krb5.keytab</code>
+<code class="command">ktutil: write_kt /etc/krb5/krb5.keytab</code>
+<code class="command">ktutil: q</code></pre>
+
+						</div></li></ol></div><div class="para">
+					The FreeIPA client should now be fully configured to mount NFS shares using Kerberos credentials.
+				</div></div></div><div class="section" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.3.2. Configuring Solaris 9</h3></div></div></div><div class="para">
+				The procedures for configuring Solaris 9 as a FreeIPA client are the same as those for Solaris 10, with the exception of the PAM configuration. This is described below.
+			</div><div class="section" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9"><div class="titlepage"><div><div><h4 class="title" id="Configuring_an_IPA_Client_on_Solaris_9-Configuring_PAM_on_Solaris_9">2.3.2.1. Configuring PAM on Solaris 9</h4></div></div></div><div class="para">
+					Configure the <code class="filename">/etc/pam.conf</code> file to use PAM Kerberos. The following example shows how to set up PAM Kerberos authentication on Solaris 9 for console login:
+				</div><pre class="programlisting">login auth requisite pam_authtok_get.so.1
+login auth sufficient pam_krb5.so.1 use_first_pass
+login auth sufficient pam_unix.so.1 use_first_pass
+login auth required pam_dhkeys.so.1
+login auth required pam_unix_auth.so.1
+login auth required pam_dial_auth.so.1
+</pre></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Using_Microsoft_Windows.html"><strong>Prev</strong>2.2. Configuring a Microsoft Windows System as a ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_HP_UX.html"><strong>Next</strong>2.4. Configuring an HP-UX System as a FreeIPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html
new file mode 100644
index 0000000..eaadefc
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. Examples and Formatting</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="Preface.html" title="Preface" /><link rel="next" href="feedback.html" title="3. Giving Feedback" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Preface.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="feedback.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US
 " class="section" id="Document_Conventions" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Document_Conventions">2. Examples and Formatting</h2></div></div></div><div class="para">
+		Each of the examples used in this guide, such as file locations and commands, have certain defined conventions.
+	</div><div class="section" id="bracketsexamples"><div class="titlepage"><div><div><h3 class="title" id="bracketsexamples">2.1. Brackets</h3></div></div></div><div class="para">
+			Square brackets (<code class="command">[]</code>) are used to indicate an alternative element in a name. For example, if a tool is available in <code class="filename">/usr/lib</code> on 32-bit systems and in <code class="filename">/usr/lib64</code> on 64-bit systems, then the tool location may be represented as <code class="filename">/usr/lib[64]</code>.
+		</div></div><div class="section" id="tool-locations"><div class="titlepage"><div><div><h3 class="title" id="tool-locations">2.2. Client Tool Information</h3></div></div></div><div class="para">
+			The tools for FreeIPA are located in the <code class="filename">/usr/bin</code> and the <code class="filename">/usr/sbin</code> directories.
+		</div><div class="para">
+			The LDAP tools used to edit the FreeIPA directory services, such as <code class="command">ldapmodify</code> and <code class="command">ldapsearch</code>, are from OpenLDAP. OpenLDAP tools use SASL connections by default. To perform a simple bind using a username and password, use the <code class="option">-x</code> argument to disable SASL.
+		</div></div><div class="section" id="guide-formatting"><div class="titlepage"><div><div><h3 class="title" id="guide-formatting">2.3. Text Formatting and Styles</h3></div></div></div><div class="para">
+			Certain words are represented in different fonts, styles, and weights. Different character formatting is used to indicate the function or purpose of the phrase being highlighted.
+		</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr valign="top"><th valign="top">
+							Formatting Style
+						</th><th valign="top">
+							Purpose
+						</th></tr></thead><tbody><tr valign="top"><td valign="top">
+							
+<pre class="screen">Monospace with a background</pre>
+
+						</td><td valign="top">
+							This type of formatting is used for anything entered or returned in a command prompt.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="emphasis"><em>Italicized text</em></span>
+						</td><td valign="top">
+							Any text which is italicized is a variable, such as <span class="emphasis"><em>instance_name</em></span> or <span class="emphasis"><em>hostname</em></span>. Occasionally, this is also used to emphasize a new term or other phrase.
+						</td></tr><tr valign="top"><td valign="top">
+							<span class="bold bold"><strong>Bolded text</strong></span>
+						</td><td valign="top">
+							Most phrases which are in bold are application names, such as <span class="application"><strong>Cygwin</strong></span>, or are fields or options in a user interface, such as a <span class="guilabel"><strong>User Name Here:</strong></span> field or <span class="guibutton"><strong>Save</strong></span> button. This can also indicate a file, package, or directory name, such as <code class="filename">/usr/sbin</code>.
+						</td></tr></tbody></table></div><div class="para">
+			Other formatting styles draw attention to important text.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.
+			</div></div></div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+				Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot.
+			</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+				A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.
+			</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Preface.html"><strong>Prev</strong>Preface</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="feedback.html"><strong>Next</strong>3. Giving Feedback</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html
new file mode 100644
index 0000000..27d28e4
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html
@@ -0,0 +1,344 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Glossary</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="C.3. Performing a Client-based Migration" /><link rel="next" href="ix01.html" title="Index" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
 ect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="Glossary.html#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="Glossary.html#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
+	In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
+</div></dd><dt>account inactivation</dt><dd><div class="para">
+	Disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
+</div></dd><dt>ACI</dt><dd><div class="para">
+	An instruction that grants or denies permissions to entries in the directory.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#access-control-instruction">access control instruction</a>.</p></dd><dt>ACL</dt><dd><div class="para">
+	The mechanism for controlling access to your directory.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#access-control-list">access control list</a>.</p></dd><dt>All IDs Threshold</dt><dd><div class="para">
+	<span class="emphasis"><em>Replaced with the ID list scan limit in Directory Server version 7.1.</em></span> A size limit which is globally applied to every index key managed by the server. When the size of an individual ID list reaches this limit, the server replaces that ID list with an All IDs token.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#IDList-scan-limit">ID list scan limit</a>.</p></dd><dt>All IDs token</dt><dd><div class="para">
+	A mechanism which causes the server to assume that all directory entries match the index key. In effect, the All IDs token causes the server to behave as if no index was available for the search request.
+</div></dd><dt>anonymous access</dt><dd><div class="para">
+	When granted, allows anyone to access directory information without providing credentials, and regardless of the conditions of the bind.
+</div></dd><dt>approximate index</dt><dd><div class="para">
+	Allows for efficient approximate or "sounds-like" searches.
+</div></dd><dt>attribute</dt><dd><div class="para">
+	Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.
+</div></dd><dt>attribute list</dt><dd><div class="para">
+	A list of required and optional attributes for a given entry type or object class.
+</div></dd><dt>authenticating directory server</dt><dd><div class="para">
+	In pass-through authentication (PTA), the authenticating Directory Server is the Directory Server that contains the authentication credentials of the requesting client. The PTA-enabled host sends PTA requests it receives from clients to the host.
+</div></dd><dt>authentication</dt><dd><div class="para">
+	(1) Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.
+</div><div class="para">
+	(2) Allows a <a class="xref" href="Glossary.html#client">client</a> to make sure they are connected to a secure server, preventing another computer from impersonating the server or attempting to appear secure when it is not.
+</div></dd><dt>authentication certificate</dt><dd><div class="para">
+	Digital file that is not transferable and not forgeable and is issued by a third party. Authentication certificates are sent from server to client or client to server in order to verify and authenticate the other party.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">B</h3><dl><dt>base distinguished name</dt><dd><p>See <a class="glosssee" href="Glossary.html#base-DN">base DN</a>.</p></dd><dt>base DN</dt><dd><div class="para">
+	Base distinguished name. A search operation is performed on the base DN, the DN of the entry and all entries below it in the directory tree.
+</div></dd><dt>bind distinguished name</dt><dd><p>See <a class="glosssee" href="Glossary.html#bind-DN">bind DN</a>.</p></dd><dt>bind DN</dt><dd><div class="para">
+	Distinguished name used to authenticate to Directory Server when performing an operation.
+</div></dd><dt>bind rule</dt><dd><div class="para">
+	In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information.
+</div></dd><dt>branch entry</dt><dd><div class="para">
+	An entry that represents the top of a subtree in the directory.
+</div></dd><dt>browser</dt><dd><div class="para">
+	Software, such as Mozilla Firefox, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server.
+</div></dd><dt>browsing index</dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Browsing indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#virtual-list-view-index">virtual list view index </a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">C</h3><dl><dt>CA</dt><dd><p>See <a class="glosssee" href="Glossary.html#Certificate-Authority">Certificate Authority</a>.</p></dd><dt>cascading replication</dt><dd><div class="para">
+	In a cascading replication scenario, one server, often called the hub supplier, acts both as a consumer and a supplier for a particular replica. It holds a read-only replica and maintains a changelog. It receives updates from the supplier server that holds the master copy of the data and in turn supplies those updates to the consumer.
+</div></dd><dt>certificate</dt><dd><div class="para">
+	A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes.
+</div></dd><dt>Certificate Authority</dt><dd><div class="para">
+	Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Authority that you trust. Also known as a <a class="xref" href="Glossary.html#CA">CA</a>.
+</div></dd><dt>CGI</dt><dd><div class="para">
+	Common Gateway Interface. An interface for external programs to communicate with the HTTP server. Programs written to use CGI are called CGI programs or CGI scripts and can be written in many of the common programming languages. CGI programs handle forms or perform output parsing that is not done by the server itself.
+</div></dd><dt>chaining</dt><dd><div class="para">
+	A method for relaying requests to another server. Results for the request are collected, compiled, and then returned to the client.
+</div></dd><dt>changelog</dt><dd><div class="para">
+	A changelog is a record that describes the modifications that have occurred on a replica. The supplier server then replays these modifications on the replicas stored on replica servers or on other masters, in the case of multi-master replication.
+</div></dd><dt>character type</dt><dd><div class="para">
+	Distinguishes alphabetic characters from numeric or other characters and the mapping of upper-case to lower-case letters.
+</div></dd><dt>ciphertext</dt><dd><div class="para">
+	Encrypted information that cannot be read by anyone without the proper key to decrypt the information.
+</div></dd><dt>class definition</dt><dd><div class="para">
+	Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory.
+</div></dd><dt>class of service</dt><dd><p>See <a class="glosssee" href="Glossary.html#CoS">CoS</a>.</p></dd><dt>classic CoS</dt><dd><div class="para">
+	A classic CoS identifies the template entry by both its DN and the value of one of the target entry's attributes.
+</div></dd><dt>client</dt><dd><p>See <a class="glosssee" href="Glossary.html#LDAP-client">LDAP client</a>.</p></dd><dt>code page</dt><dd><div class="para">
+	An internal table used by a locale in the context of the internationalization plug-in that the operating system uses to relate keyboard keys to character font screen displays.
+</div></dd><dt>collation order</dt><dd><div class="para">
+	Provides language and cultural-specific information about how the characters of a given language are to be sorted. This information might include the sequence of letters in the alphabet or how to compare letters with accents to letters without accents.
+</div></dd><dt>consumer</dt><dd><div class="para">
+	Server containing replicated directory trees or subtrees from a supplier server.
+</div></dd><dt>consumer server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server is called a consumer for that replica.
+</div></dd><dt>CoS</dt><dd><div class="para">
+	A method for sharing attributes between entries in a way that is invisible to applications.
+</div></dd><dt>CoS definition entry</dt><dd><div class="para">
+	Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects.
+</div></dd><dt>CoS template entry</dt><dd><div class="para">
+	Contains a list of the shared attribute values.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#template-entry">template entry</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">D</h3><dl><dt>daemon</dt><dd><div class="para">
+	A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning.
+</div></dd><dt>DAP</dt><dd><div class="para">
+	Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory.
+</div></dd><dt>data master</dt><dd><div class="para">
+	The server that is the master source of a particular piece of data.
+</div></dd><dt>database link</dt><dd><div class="para">
+	An implementation of chaining. The database link behaves like a database but has no persistent storage. Instead, it points to data stored remotely.
+</div></dd><dt>default index</dt><dd><div class="para">
+	One of a set of default indexes created per database instance. Default indexes can be modified, although care should be taken before removing them, as certain plug-ins may depend on them.
+</div></dd><dt>definition entry</dt><dd><p>See <a class="glosssee" href="Glossary.html#CoS-definition-entry">CoS definition entry</a>.</p></dd><dt>Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="Glossary.html#DAP">DAP</a>.</p></dd><dt>Directory Manager</dt><dd><div class="para">
+	The privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager.
+</div></dd><dt>directory service</dt><dd><div class="para">
+	A database application designed to manage descriptive, attribute-based information about people and resources within an organization.
+</div></dd><dt>directory tree</dt><dd><div class="para">
+	The logical representation of the information stored in the directory. It mirrors the tree model used by most filesystems, with the tree's root point appearing at the top of the hierarchy. Also known as <a class="xref" href="Glossary.html#DIT">DIT</a>.
+</div></dd><dt>distinguished name</dt><dd><div class="para">
+	String representation of an entry's name and location in an LDAP directory.
+</div></dd><dt>DIT</dt><dd><p>See <a class="glosssee" href="Glossary.html#directory-tree">directory tree</a>.</p></dd><dt>DM</dt><dd><p>See <a class="glosssee" href="Glossary.html#Directory-Manager">Directory Manager</a>.</p></dd><dt>DN</dt><dd><p>See <a class="glosssee" href="Glossary.html#distinguished-name">distinguished name</a>.</p></dd><dt>DNS</dt><dd><div class="para">
+	Domain Name System. The system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as <code class="command">www.example.com</code>). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems.
+</div></dd><dt>DNS alias</dt><dd><div class="para">
+	A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as <code class="command">www.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain </em></span>might point to a real machine called <code class="command">realthing.</code><span class="emphasis"><em>yourdomain</em></span>.<span class="emphasis"><em>domain</em></span> where the server currently exists.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">E</h3><dl><dt>entry</dt><dd><div class="para">
+	A group of lines in the LDIF file that contains information about an object.
+</div></dd><dt>entry distribution</dt><dd><div class="para">
+	Method of distributing directory entries across more than one server in order to scale to support large numbers of entries.
+</div></dd><dt>entry ID list</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists. The entry ID list is used by the directory to build a list of candidate entries that may match the client application's search request.
+</div></dd><dt>equality index</dt><dd><div class="para">
+	Allows you to search efficiently for entries containing a specific attribute value.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">F</h3><dl><dt>file extension</dt><dd><div class="para">
+	The section of a filename after the period or dot (.) that typically defines the type of file (for example, .GIF and .HTML). In the filename <code class="command">index.html</code> the file extension is <code class="command">html</code>.
+</div></dd><dt>file type</dt><dd><div class="para">
+	The format of a given file. For example, graphics files are often saved in GIF format, while a text file is usually saved as ASCII text format. File types are usually identified by the file extension (for example, .GIF or .HTML).
+</div></dd><dt>filter</dt><dd><div class="para">
+	A constraint applied to a directory query that restricts the information returned.
+</div></dd><dt>filtered role</dt><dd><div class="para">
+	Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter. Entries that match the filter are said to possess the role.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">G</h3><dl><dt>general access</dt><dd><div class="para">
+	When granted, indicates that all authenticated users can access directory information.
+</div></dd><dt>GSS-API</dt><dd><div class="para">
+	Generic Security Services. The generic access protocol that is the native way for UNIX-based systems to access and authenticate Kerberos services; also supports session encryption.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">H</h3><dl><dt>hostname</dt><dd><div class="para">
+	A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, <code class="command">www.example.com </code>is the machine <code class="command">www</code> in the subdomain <code class="command">example</code> and <code class="command">com</code> domain.
+</div></dd><dt>HTML</dt><dd><div class="para">
+	Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Mozilla Firefox how to display text, position graphics, and form items and to display links to other pages.
+</div></dd><dt>HTTP</dt><dd><div class="para">
+	Hypertext Transfer Protocol. The method for exchanging information between HTTP servers and clients.
+</div></dd><dt>HTTPD</dt><dd><div class="para">
+	An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol. The daemon or service is often called an httpd.
+</div></dd><dt>HTTPS</dt><dd><div class="para">
+	A secure version of HTTP, implemented using the Secure Sockets Layer, SSL.
+</div></dd><dt>hub</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied from a different server, and, in turn, replicates it to a third server.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#cascading-replication">cascading replication</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">I</h3><dl><dt>ID list scan limit</dt><dd><div class="para">
+	A size limit which is globally applied to any indexed search operation. When the size of an individual ID list reaches this limit, the server replaces that ID list with an all IDs token.
+</div></dd><dt>index key</dt><dd><div class="para">
+	Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
+</div></dd><dt>indirect CoS</dt><dd><div class="para">
+	An indirect CoS identifies the template entry using the value of one of the target entry's attributes.
+</div></dd><dt>international index</dt><dd><div class="para">
+	Speeds up searches for information in international directories.
+</div></dd><dt>International Standards Organization</dt><dd><p>See <a class="glosssee" href="Glossary.html#ISO">ISO</a>.</p></dd><dt>IP address</dt><dd><div class="para">
+	<span class="emphasis"><em>Also Internet Protocol address.</em></span> A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10). Directory Server supports both IPv4 and IPv6 IP addresses.
+</div></dd><dt>ISO</dt><dd><div class="para">
+	International Standards Organization.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">K</h3><dl><dt>knowledge reference</dt><dd><div class="para">
+	Pointers to directory information stored in different databases.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">L</h3><dl><dt>LDAP</dt><dd><div class="para">
+	Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms.
+</div></dd><dt>LDAP client</dt><dd><div class="para">
+	Software used to request and view LDAP entries from an LDAP Directory Server.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#browser">browser</a>.</p></dd><dt>LDAP Data Interchange Format</dt><dd><p>See <a class="glosssee" href="Glossary.html#LDAP-Data-Interchange-Format">LDAP Data Interchange Format</a>.</p></dd><dt>LDAP URL</dt><dd><div class="para">
+	Provides the means of locating Directory Servers using DNS and then completing the query via LDAP. A sample LDAP URL is <code class="command">ldap://ldap.example.com</code>.
+</div></dd><dt>LDAPv3</dt><dd><div class="para">
+	Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.
+</div></dd><dt>LDBM database</dt><dd><div class="para">
+	A high-performance, disk-based database consisting of a set of large files that contain all of the data assigned to it. The primary data store in Directory Server.
+</div></dd><dt>LDIF</dt><dd><div class="para">
+	LDAP Data Interchange Format. Format used to represent Directory Server entries in text form.
+</div></dd><dt>leaf entry</dt><dd><div class="para">
+	An entry under which there are no other entries. A leaf entry cannot be a branch point in a directory tree.
+</div></dd><dt>Lightweight Directory Access Protocol</dt><dd><p>See <a class="glosssee" href="Glossary.html#LDAP">LDAP</a>.</p></dd><dt>locale</dt><dd><div class="para">
+	Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom. This includes information on how data of a given language is interpreted, stored, or collated. The locale also indicates which code page should be used to represent a given language.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">M</h3><dl><dt>managed object</dt><dd><div class="para">
+	A standard value which the SNMP agent can access and send to the NMS. Each managed object is identified with an official name and a numeric identifier expressed in dot-notation.
+</div></dd><dt>managed role</dt><dd><div class="para">
+	Allows creation of an explicit enumerated list of members.
+</div></dd><dt>management information base</dt><dd><p>See <a class="glosssee" href="Glossary.html#MIB">MIB</a>.</p></dd><dt>mapping tree</dt><dd><div class="para">
+	A data structure that associates the names of suffixes (subtrees) with databases.
+</div></dd><dt>master</dt><dd><p>See <a class="glosssee" href="Glossary.html#supplier">supplier</a>.</p></dd><dt>master agent</dt><dd><p>See <a class="glosssee" href="Glossary.html#SNMP-master-agent">SNMP master agent</a>.</p></dd><dt>matching rule</dt><dd><div class="para">
+	Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use.
+</div></dd><dt>MD5</dt><dd><div class="para">
+	A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest.
+</div></dd><dt>MD5 signature</dt><dd><div class="para">
+	A message digest produced by the MD5 algorithm.
+</div></dd><dt>MIB</dt><dd><div class="para">
+	Management Information Base. All data, or any portion thereof, associated with the SNMP network. We can think of the MIB as a database which contains the definitions of all SNMP managed objects. The MIB has a tree-like hierarchy, where the top level contains the most general information about the network and lower levels deal with specific, separate network areas.
+</div></dd><dt>MIB namespace</dt><dd><div class="para">
+	Management Information Base namespace. The means for directory data to be named and referenced. Also called the <a class="xref" href="Glossary.html#directory-tree">directory tree</a>.
+</div></dd><dt>monetary format</dt><dd><div class="para">
+	Specifies the monetary symbol used by specific region, whether the symbol goes before or after its value, and how monetary units are represented.
+</div></dd><dt>multi-master replication</dt><dd><div class="para">
+	An advanced replication scenario in which two servers each hold a copy of the same read-write replica. Each server maintains a changelog for the replica. Modifications made on one server are automatically replicated to the other server. In case of conflict, a time stamp is used to determine which server holds the most recent version.
+</div></dd><dt>multiplexor</dt><dd><div class="para">
+	The server containing the database link that communicates with the remote server.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">N</h3><dl><dt>n + 1 directory problem</dt><dd><div class="para">
+	The problem of managing multiple instances of the same information in different directories, resulting in increased hardware and personnel costs.
+</div></dd><dt>name collisions</dt><dd><div class="para">
+	Multiple entries with the same distinguished name.
+</div></dd><dt>nested role</dt><dd><div class="para">
+	Allows the creation of roles that contain other roles.
+</div></dd><dt>network management application</dt><dd><div class="para">
+	Network Management Station component that graphically displays information about SNMP managed devices, such as which device is up or down and which and how many error messages were received.
+</div></dd><dt>network management station</dt><dd><p>See <a class="glosssee" href="Glossary.html#NMS">NMS</a>.</p></dd><dt>NIS</dt><dd><div class="para">
+	Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, filesystems, and network parameters throughout a network of computers.
+</div></dd><dt>NMS</dt><dd><div class="para">
+	Powerful workstation with one or more network management applications installed. Also <a class="xref" href="Glossary.html#network-management-station">network management station</a>.
+</div></dd><dt>ns-slapd</dt><dd><div class="para">
+	Red Hat's LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#slapd">slapd</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">O</h3><dl><dt>object class</dt><dd><div class="para">
+	Defines an entry type in the directory by defining which attributes are contained in the entry.
+</div></dd><dt>object identifier</dt><dd><div class="para">
+	A string, usually of decimal numbers, that uniquely identifies a schema element, such as an object class or an attribute, in an object-oriented system. Object identifiers are assigned by ANSI, IETF or similar organizations.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#OID">OID</a>.</p></dd><dt>OID</dt><dd><p>See <a class="glosssee" href="Glossary.html#object-identifier">object identifier</a>.</p></dd><dt>operational attribute</dt><dd><div class="para">
+	Contains information used internally by the directory to keep track of modifications and subtree properties. Operational attributes are not returned in response to a search unless explicitly requested.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">P</h3><dl><dt>parent access</dt><dd><div class="para">
+	When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry.
+</div></dd><dt>pass-through authentication</dt><dd><p>See <a class="glosssee" href="Glossary.html#PTA">PTA</a>.</p></dd><dt>pass-through subtree</dt><dd><div class="para">
+	In pass-through authentication, the <a class="xref" href="Glossary.html#PTA-directory-server">PTA directory server</a> will pass through bind requests to the <a class="xref" href="Glossary.html#authenticating-directory-server">authenticating directory server</a> from all clients whose DN is contained in this subtree.
+</div></dd><dt>password file</dt><dd><div class="para">
+	A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as <code class="command">/etc/passwd</code> because of where it is kept.
+</div></dd><dt>password policy</dt><dd><div class="para">
+	A set of rules that governs how passwords are used in a given directory.
+</div></dd><dt>PDU</dt><dd><div class="para">
+	Encoded messages which form the basis of data exchanges between SNMP devices. Also <a class="xref" href="Glossary.html#protocol-data-unit">protocol data unit</a>.
+</div></dd><dt>permission</dt><dd><div class="para">
+	In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#access-rights">access rights</a>.</p></dd><dt>pointer CoS</dt><dd><div class="para">
+	A pointer CoS identifies the template entry using the template DN only.
+</div></dd><dt>presence index</dt><dd><div class="para">
+	Allows searches for entries that contain a specific indexed attribute.
+</div></dd><dt>protocol</dt><dd><div class="para">
+	A set of rules that describes how devices on a network exchange information.
+</div></dd><dt>protocol data unit</dt><dd><p>See <a class="glosssee" href="Glossary.html#PDU">PDU</a>.</p></dd><dt>proxy authentication</dt><dd><div class="para">
+	A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN.
+</div></dd><dt>proxy DN</dt><dd><div class="para">
+	Used with proxied authorization. The proxy DN is the DN of an entry that has access permissions to the target on which the client-application is attempting to perform an operation.
+</div></dd><dt>PTA</dt><dd><div class="para">
+	Mechanism by which one Directory Server consults another to check bind credentials. Also <a class="xref" href="Glossary.html#pass-through-authentication">pass-through authentication</a>.
+</div></dd><dt>PTA directory server</dt><dd><div class="para">
+	In pass-through authentication (<a class="xref" href="Glossary.html#PTA">PTA</a>), the PTA Directory Server is the server that sends (passes through) bind requests it receives to the <a class="xref" href="Glossary.html#authenticating-directory-server">authenticating directory server</a>.
+</div></dd><dt>PTA LDAP URL</dt><dd><div class="para">
+	In pass-through authentication, the URL that defines the <a class="xref" href="Glossary.html#authenticating-directory-server">authenticating directory server</a>, pass-through subtree(s), and optional parameters.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">R</h3><dl><dt>RAM</dt><dd><div class="para">
+	Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down.
+</div></dd><dt>rc.local</dt><dd><div class="para">
+	A file on Unix machines that describes programs that are run when the machine starts. It is also called <code class="filename">/etc/rc.local</code> because of its location.
+</div></dd><dt>RDN</dt><dd><div class="para">
+	The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name. Also <a class="xref" href="Glossary.html#relative-distinguished-name">relative distinguished name</a>.
+</div></dd><dt>read-only replica</dt><dd><div class="para">
+	A replica that refers all update operations to read-write replicas. A server can hold any number of read-only replicas.
+</div></dd><dt>read-write replica </dt><dd><div class="para">
+	A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas.
+</div></dd><dt>referential integrity</dt><dd><div class="para">
+	Mechanism that ensures that relationships between related entries are maintained within the directory.
+</div></dd><dt>referral</dt><dd><div class="para">
+	(1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
+</div><div class="para">
+	(2) In the context of replication, when a read-only replica receives an update request, it forwards it to the server that holds the corresponding read-write replica. This forwarding process is called a referral.
+</div></dd><dt>relative distinguished name</dt><dd><p>See <a class="glosssee" href="Glossary.html#RDN">RDN</a>.</p></dd><dt>replica</dt><dd><div class="para">
+	A database that participates in replication.
+</div></dd><dt>replica-initiated replication</dt><dd><div class="para">
+	Replication configuration where replica servers, either hub or consumer servers, pull directory data from supplier servers. This method is available only for legacy replication.
+</div></dd><dt>replication</dt><dd><div class="para">
+	Act of copying directory trees or subtrees from supplier servers to replica servers.
+</div></dd><dt>replication agreement</dt><dd><div class="para">
+	Set of configuration parameters that are stored on the supplier server and identify the databases to replicate, the replica servers to which the data is pushed, the times during which replication can occur, the DN and credentials used by the supplier to bind to the consumer, and how the connection is secured.
+</div></dd><dt>RFC</dt><dd><div class="para">
+	Request for Comments. Procedures or standards documents submitted to the Internet community. People can send comments on the technologies before they become accepted standards.
+</div></dd><dt>role</dt><dd><div class="para">
+	An entry grouping mechanism. Each role has <span class="emphasis"><em>members</em></span>, which are the entries that possess the role.
+</div></dd><dt>role-based attributes</dt><dd><div class="para">
+	Attributes that appear on an entry because it possesses a particular role within an associated CoS template.
+</div></dd><dt>root</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.
+</div></dd><dt>root suffix</dt><dd><div class="para">
+	The parent of one or more sub suffixes. A directory tree can contain more than one root suffix.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">S</h3><dl><dt>SASL</dt><dd><div class="para">
+	An authentication framework for clients as they attempt to bind to a directory. Also <a class="xref" href="Glossary.html#Simple-Authentication-and-Security-Layer">Simple Authentication and Security Layer </a>.
+</div></dd><dt>schema</dt><dd><div class="para">
+	Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
+</div></dd><dt>schema checking</dt><dd><div class="para">
+	Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default, and users will receive an error if they try to save an entry that does not conform to the schema.
+</div></dd><dt>Secure Sockets Layer</dt><dd><p>See <a class="glosssee" href="Glossary.html#SSL">SSL</a>.</p></dd><dt>self access</dt><dd><div class="para">
+	When granted, indicates that users have access to their own entries if the bind DN matches the targeted entry.
+</div></dd><dt>Server Console</dt><dd><div class="para">
+	Java-based application that allows you to perform administrative management of your Directory Server from a GUI.
+</div></dd><dt>server daemon</dt><dd><div class="para">
+	The server daemon is a process that, once running, listens for and accepts requests from clients.
+</div></dd><dt>Server Selector</dt><dd><div class="para">
+	Interface that allows you select and configure servers using a browser.
+</div></dd><dt>server service</dt><dd><div class="para">
+	A process on Windows that, once running, listens for and accepts requests from clients. It is the SMB server on Windows NT.
+</div></dd><dt>service</dt><dd><div class="para">
+	A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning.
+</div></dd><dt>SIE</dt><dd><div class="para">
+	Server Instance Entry. The ID assigned to an instance of Directory Server during installation.
+</div></dd><dt>Simple Authentication and Security Layer </dt><dd><p>See <a class="glosssee" href="Glossary.html#glSASL">SASL</a>.</p></dd><dt>Simple Network Management Protocol</dt><dd><p>See <a class="glosssee" href="Glossary.html#SNMP">SNMP</a>.</p></dd><dt>single-master replication</dt><dd><div class="para">
+	The most basic replication scenario in which multiple servers, up to four, each hold a copy of the same read-write replicas to replica servers. In a single-master replication scenario, the supplier server maintains a changelog.
+</div></dd><dt>SIR</dt><dd><p>See <a class="glosssee" href="Glossary.html#supplier-initiated-replication">supplier-initiated replication</a>.</p></dd><dt>slapd</dt><dd><div class="para">
+	LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#ns-slapd">ns-slapd</a>.</p></dd><dt>SNMP</dt><dd><div class="para">
+	Used to monitor and manage application processes running on the servers by exchanging data about network activity. Also <a class="xref" href="Glossary.html#Simple-Network-Management-Protocol">Simple Network Management Protocol</a>.
+</div></dd><dt>SNMP master agent</dt><dd><div class="para">
+	Software that exchanges information between the various subagents and the NMS.
+</div></dd><dt>SNMP subagent</dt><dd><div class="para">
+	Software that gathers information about the managed device and passes the information to the master agent. Also called a <a class="xref" href="Glossary.html#subagent">subagent</a>.
+</div></dd><dt>SSL</dt><dd><div class="para">
+	A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP. Also called <a class="xref" href="Glossary.html#Secure-Sockets-Layer">Secure Sockets Layer</a>.
+</div></dd><dt>standard index</dt><dd><div class="para">
+	index maintained by default.
+</div></dd><dt>sub suffix</dt><dd><div class="para">
+	A branch underneath a root suffix.
+</div></dd><dt>subagent</dt><dd><p>See <a class="glosssee" href="Glossary.html#SNMP-subagent">SNMP subagent</a>.</p></dd><dt>substring index</dt><dd><div class="para">
+	Allows for efficient searching against substrings within entries. Substring indexes are limited to a minimum of two characters for each entry.
+</div></dd><dt>suffix</dt><dd><div class="para">
+	The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix.
+</div></dd><dt>superuser</dt><dd><div class="para">
+	The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called <a class="xref" href="Glossary.html#root">root</a>.
+</div></dd><dt>supplier</dt><dd><div class="para">
+	Server containing the master copy of directory trees or subtrees that are replicated to replica servers.
+</div></dd><dt>supplier server</dt><dd><div class="para">
+	In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica.
+</div></dd><dt>supplier-initiated replication</dt><dd><div class="para">
+	Replication configuration where <a class="xref" href="Glossary.html#supplier">supplier</a> servers replicate directory data to any replica servers.
+</div></dd><dt>symmetric encryption</dt><dd><div class="para">
+	Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm.
+</div></dd><dt>system index</dt><dd><div class="para">
+	Cannot be deleted or modified as it is essential to Directory Server operations.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">T</h3><dl><dt>target</dt><dd><div class="para">
+	In the context of access control, the target identifies the directory information to which a particular ACI applies.
+</div></dd><dt>target entry</dt><dd><div class="para">
+	The entries within the scope of a CoS.
+</div></dd><dt>TCP/IP</dt><dd><div class="para">
+	Transmission Control Protocol/Internet Protocol. The main network protocol for the Internet and for enterprise (company) networks.
+</div></dd><dt>template entry</dt><dd><p>See <a class="glosssee" href="Glossary.html#CoS-template-entry">CoS template entry</a>.</p></dd><dt>time/date format</dt><dd><div class="para">
+	Indicates the customary formatting for times and dates in a specific region.
+</div></dd><dt>TLS</dt><dd><div class="para">
+	The new standard for secure socket layers; a public key based protocol. Also <a class="xref" href="Glossary.html#Transport-Layer-Security">Transport Layer Security</a>.
+</div></dd><dt>topology</dt><dd><div class="para">
+	The way a directory tree is divided among physical servers and how these servers link with one another.
+</div></dd><dt>Transport Layer Security</dt><dd><p>See <a class="glosssee" href="Glossary.html#TLS">TLS</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">U</h3><dl><dt>uid</dt><dd><div class="para">
+	A unique number associated with each user on a Unix system.
+</div></dd><dt>URL</dt><dd><div class="para">
+	Uniform Resource Locater. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is <span class="emphasis"><em>protocol</em></span>://<span class="emphasis"><em>machine</em></span>:<span class="emphasis"><em>port</em></span>/<span class="emphasis"><em>document</em></span>. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.
+</div></dd></dl></div><div class="glossdiv"><h3 class="title">V</h3><dl><dt>virtual list view index </dt><dd><div class="para">
+	Speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branch point in the directory tree to improve display performance.
+</div><p>See Also <a class="glossseealso" href="Glossary.html#browsing-index">browsing index</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">X</h3><dl><dt>X.500 standard</dt><dd><div class="para">
+	The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementation.
+</div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong>C.3. Performing a Client-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong>Index</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html
new file mode 100644
index 0000000..3d5aae5
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Installing the FreeIPA Server Packages</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /><link rel="prev" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /><link rel="next" href="creating-server.html" title="1.3. Creating a FreeIPA Server Instance" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="installing-ipa.html"><strong>Prev</strong></a>
 </li><li class="next"><a accesskey="n" href="creating-server.html"><strong>Next</strong></a></li></ul><div class="section" id="Installing_the_IPA_Server_Packages"><div class="titlepage"><div><div><h2 class="title" id="Installing_the_IPA_Server_Packages">1.2. Installing the FreeIPA Server Packages</h2></div></div></div><div class="para">
+			Installing only the FreeIPA server requires a single package, . If the FreeIPA server will also manage a DNS server, then it requires two additional packages to set up the DNS.
+		</div><div class="para">
+			All of these packages can be installed using the <code class="command">yum</code> command:
+		</div><div class="para">
+			Installing the  also installs a large number of dependencies, such as <span class="package">389-ds-base</span> for the LDAP service and <span class="package">krb5-server</span> for the Kerberos service, along with FreeIPA tools.
+		</div><div class="para">
+			After the packages are installed, the server instance must be created using the <code class="command">ipa-server-install</code> command. The options for configuring the new server instance are described in <a class="xref" href="creating-server.html">Section 1.3, “Creating a FreeIPA Server Instance”</a>.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="installing-ipa.html"><strong>Prev</strong>Chapter 1. Installing a FreeIPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="creating-server.html"><strong>Next</strong>1.3. Creating a FreeIPA Server Instance</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
new file mode 100644
index 0000000..f426ab7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix C. Migrating from a Directory Server to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html" title="B.4. Using certmonger with IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="C.2. Performing a Server-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
 ge_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</h2></div></div></div><div class="para">
+			This appendix addresses the situation where a customer has previously deployed an internal Directory Server (DS) and is planning to use IPA instead. The customer needs to transfer all user data from the DS to IPA so that IPA can function fully and correctly. The goal is to perform this migration without requiring that users change their passwords or perform some other specific action.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</h3></div></div></div><div class="para">
+				It is not practical to identify and address each of the scenarios in which a DS and IPA might be deployed, and where migration might be required. Consequently, the following assumptions are made:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						This is a one-to-one transition from one DS realm to one IPA realm. No consolidation is involved.
+					</div></li><li class="listitem"><div class="para">
+						User passwords are stored as a hash in the source DS in a form that the IPA DS can understand
+					</div></li><li class="listitem"><div class="para">
+						You are using LDAP as the central authentication service, and the client machines are configured to use <code class="systemitem">pam_ldap</code> and <code class="systemitem">nss_ldap</code>
+					</div></li><li class="listitem"><div class="para">
+						Some machines might be present that are managed by <code class="systemitem">NIS</code> or are not part of the DS deployment, but are planned to be part of the IPA domain
+					</div><div class="para">
+						Machines that cannot be moved from the <code class="systemitem">NIS</code> domain to LDAP or IPA because they are old and do not support <code class="systemitem">nss_ldap</code> are assumed to remain in and be served by the <code class="systemitem">NIS</code> domain. The migration of such machines to the IPA domain, while possible, is a challenging task and is out of the scope of the current use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</h3></div></div></div><div class="para">
+				A number of issues exist that need to be considered when planning the migration:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A generic DS uses a different schema and <em class="firstterm">Directory Information Tree (DIT)</em> when compared to IPA. No known DS uses the same flat DIT structure that IPA uses. IPA is optimized for performance, and attempts to avoid any architectural design flaws that have occurred in the past.
+					</div></li><li class="listitem"><div class="para">
+						IPA uses Kerberos for authentication, and so each user requires that Kerberos keys be stored in the IPA DS, in addition to the standard LDAP hashes used by the DS
+					</div><div class="para">
+						In order to generate these keys, the password needs to be available in clear text to IPA's DS password plug-in. It is available when the user is created in IPA using IPA tools or LDAP, but this is not the case when the user is migrated from other external storage such as another DS. Consequently, the existing password hashes can be reloaded, but the Kerberos hashes cannot be generated. IPA provides a number of solutions to overcome this issue; these are described later in this appendix.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</h3></div></div></div><div class="para">
+				The following have been identified as typical migration scenarios:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA but do not use its Kerberos features for now
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features using only IPA v1 functionality. That is, do not use SSSD.
+					</div></li><li class="listitem"><div class="para">
+						Migrate an existing environment to IPA and use its Kerberos features on some machines, while some machines will use SSSD and some will not; this is the primary use case.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</h3></div></div></div><div class="para">
+				The following sections describe the initial, pre‐migration state, and the final, post‐migration state of a DS deployment when migrating to a single IPA domain.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</h4></div></div></div><div class="para">
+					In the initial state, there is a single data source (the Directory Server) and a single client machine configuration. This client configuration uses <code class="systemitem">LDAP</code> to connect to the Directory Server and retrieve information about users and groups. This configuration uses <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> for authentication and identity lookups. These modules enable the client systems to use data retrieved from the DS just as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. The following diagram illustrates this type of implementation, where <code class="systemitem">LDAP</code> is used to connect to the DS for both authentication and authorization. The case where <code class="systemitem">Kerberos</code> is used for authentication and <code class="systemitem">LDAP</code> for identity, and where these two data stores are synchronized, is not
  described here. Consequently, the initial state may not be as simple or as straightforward as displayed here, however the approach and the final state will be similar.
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure C.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</h4></div></div></div><div class="para">
+					In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="Migrating_from_a_Directory_Server_to_IPA.html#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure C.2, “Final state of deployment after migrating to IPA”</a>
+				</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure C.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">C.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
+							Clients connect to IPA via SSSD. SSSD is integrated into the PAM and NSS stacks by means of PAM_SSS and NSS_SSS, respectively. SSSD's LDAP back end is configured for both authentication and for identity lookups. In this use case, IPA functions like a normal DS.
+						</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Kerberos authentication can be configured instead of LDAP authentication. In this case, IPA acts as a normal DS for identity lookups and a normal KDC for Kerberos authentication.
+						</div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_IPAs_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using IPA's Back End</h5>
+							This configuration is similar to that described above, except that SSSD has a special back end that is more IPA-aware. If this back end is configured, then SSSD can take advantage of specific IPA features, such as silent password migration and host-based access control.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-LDAP_connected_Machines"><h5 class="formalpara">LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_LDAP and NSS_LDAP. In this use case, too, IPA functions like a normal Directory Server.
+						</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-KRB5LDAP_connected_Machines"><h5 class="formalpara">KRB5/LDAP-connected Machines</h5>
+							Clients connect directly to IPA and use PAM_KRB5 and NSS_LDAP. This is the same configuration as that provided for IPA v1.x
+						</div><div class="para">
+						In the initial state, clients use LDAP to communicate with the Directory Server to retrieve information about users and groups. <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> are modules that enable the client systems to use data retrieved from the Directory Server as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. In the final state, IPA provides all of the same functionality and many more features besides.
+					</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
+				The migration from DS to IPA requires:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Installing IPA on a suitable machine
+					</div></li><li class="listitem"><div class="para">
+						Migrating the user data. This step is performed by an IPA command which:
+					</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dumps the data from DS
+							</div></li><li class="listitem"><div class="para">
+								Converts the data into a format suitable for IPA
+							</div></li><li class="listitem"><div class="para">
+								Loads the converted data into IPA
+							</div></li></ol></div></li><li class="listitem"><div class="para">
+						Reconfiguring clients to connect to IPA. This is required because the IPA Directory Information Tree (DIT) is different from the DS DIT.
+					</div></li></ol></div><div class="para">
+				To achieve a successful migration, changes are required both on the client and on the server machines. Reconfiguration of the clients is not required immediately after changes are made to the server. This allows for a transition period, without which it would not be possible to deploy the solution.
+			</div><div class="para">
+				At present the only option is to run IPA and DS concurrently until all the clients are reconfigured to point to IPA. Two main migration strategies currently exist:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Migrate the server first
+					</div></li><li class="listitem"><div class="para">
+						Deploy SSSD first
+					</div></li></ul></div><div class="para">
+				Each approach is valid and accomplishes the same goal, but using a different sequence of operations.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
+					Each approach has a different impact on the IT team and the users. You need to select the approach that best suits your deployment. These scenarios can be modified to meet the needs of your enterprise. Provided you understand the implications and reasoning behind each step, there is no requirement to follow the steps in the given order. It is important to understand that until the Kerberos keys are generated in IPA, users will not be able to authenticate with Kerberos credentials using <code class="systemitem">PAM_KRB5</code> or <code class="command">kinit</code>.
+				</div><div class="para">
+					You should also consider an alternative migration scenario, where passwords are not migrated. In this scenario, users are not migrated into IPA but rather added as new users with new passwords. Users would then change their password the first time they authenticate. The initial password would be defined by IT and sent to users by email or communicated in some other way.
+				</div><div class="para">
+					Migrating users from an existing system provides a smoother transition but also requires parallel management of DS and IPA during the migration. If you do not preserve passwords, the migration can be performed more quickly and you can avoid the period of double management of IPA and DS.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</h3></div></div></div><div class="para">
+				The following sequence of operations occurs when users are migrated using SSSD:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						A user tries to log in to the machine.
+					</div></li><li class="listitem"><div class="para">
+						SSSD passes authentication to the IPA identity provider back end.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end attempts Kerberos authentication.
+					</div></li><li class="listitem"><div class="para">
+						Even though the user exists in the system, the authentication will fail with the error "key type is not supported", because the Kerberos keys do not yet exist.
+					</div></li><li class="listitem"><div class="para">
+						If SSSD is configured to migrate users, it will continue to the next step. Otherwise, it will fail authentication.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end then attempts to perform an LDAP bind. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									Because it is going to perform a simple bind and send the password in the clear, this LDAP bind operation must use startTLS.
+								</div></li><li class="listitem"><div class="para">
+									Perform a simple bind.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The server-side plug-in will intercept this bind request and if the user has a Kerberos principal but no Kerberos keys, then the plug-in will generate the keys and store them in the user entry.
+					</div></li><li class="listitem"><div class="para">
+						If the bind operation fails for any reason, the IPA identity provider back end will fail authentication, otherwise it will continue.
+					</div></li><li class="listitem"><div class="para">
+						The IPA identity provider back end will unbind and try Kerberos authentication again. This time it is expected to succeed because the keys already exist in the entry.
+					</div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Prev</strong>B.4. Using certmonger with IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong>C.2. Performing a Server-based Migration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html
new file mode 100644
index 0000000..7fd9ef5
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Preface</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="next" href="Document_Conventions.html" title="2. Examples and Formatting" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="
 Document_Conventions.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="preface" id="Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div class="para">
+		FreeIPA is a Fedora-based way to create a security, identity, and authentication domain. The different security and authentication protocols available to Linux and Unix systems (like Kerberos, NIS, DNS, PAM, and sudo) are complex, unrelated, and difficult to manage coherently, especially when combined with different identity stores.
+	</div><div class="para">
+		FreeIPA provides a layer that unifies all of these disparate services and simplifies the administrative tasks for managing users, systems, and security. FreeIPA breaks management down into two categories: <span class="emphasis"><em>identity</em></span> and <span class="emphasis"><em>policy</em></span>. It centralizes the functions of managing the users and entities within your IT environment (identity) and then provides a framework to define authentication and authorization for a global security framework and user-friendly tools like single sign-on (policy).
+	</div><div class="section" id="audience"><div class="titlepage"><div><div><h2 class="title" id="audience">1. Audience and Purpose</h2></div></div></div><div class="para">
+			With FreeIPA, a Fedora system can easily become the center of an identity/authentication domain and even provide access to the domain for clients of other operating systems. FreeIPA is an integrated system, that builds on existing and reliable technologies like LDAP and certificate protocols, with a robust yet straightforward set of tools (including a web-based UI). The key to identity/policy management with FreeIPA is simplicity and flexibility:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Centralized identity stores for authentication and single sign-on using both integrated LDAP services (with 389 Directory Server) and, optionally, NIS services
+				</div></li><li class="listitem"><div class="para">
+					Clear and manageable administrative control over system services like PAM, NTP, and sudo
+				</div></li><li class="listitem"><div class="para">
+					Simplified DNS domains and maintenance
+				</div></li><li class="listitem"><div class="para">
+					Scalable Kerberos realms and cross-realms which clients can easily join
+				</div></li></ul></div><div class="para">
+			This guide is written for systems administrators and IT staff who will manage FreeIPA domains, user systems, and servers. This assumes a moderate knowledge of Linux-based systems administration and familiarity with important concepts like access control, LDAP, and Kerberos.
+		</div><div class="para">
+			This guide covers every aspect of using FreeIPA, including preparation and installation processes, administrative tasks, and the FreeIPA tools. This guide also explains the major concepts behind both identity and policy management, generally, and FreeIPA features specifically. Administrative tasks in this guide are categorized as either <span class="emphasis"><em>Identity</em></span> or <span class="emphasis"><em>Policy</em></span> in the chapter title to help characterize the administrative functions.
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>FreeIPA: Identity/Policy Management</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Document_Conventions.html"><strong>Next</strong>2. Examples and Formatting</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preparing_for_an_IPA_Installation.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preparing_for_an_IPA_Installation.html
new file mode 100644
index 0000000..6f5cceb
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preparing_for_an_IPA_Installation.html
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Preparing to Install the IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="prev" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /><link rel="next" href="Installing_the_IPA_Server_Packages.html" title="2.3. Installing the IPA Server Packages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="installing-ipa.html"><strong>Prev</strong></a>
 </li><li class="next"><a accesskey="n" href="Installing_the_IPA_Server_Packages.html"><strong>Next</strong></a></li></ul><div class="section" id="Preparing_for_an_IPA_Installation"><div class="titlepage"><div><div><h2 class="title" id="Preparing_for_an_IPA_Installation">2.2. Preparing to Install the IPA Server</h2></div></div></div><div class="para">
+			Before you install IPA, ensure that the installation environment is suitably configured. You also need to provide certain information during the installation and configuration procedures, including realm names and certain usernames and passwords. This section describes the information that you need to provide.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">2.2.1. Hardware Requirements</h3></div></div></div><div class="para">
+				A basic user entry is about 1 KB in size, as is a simple host entry with a certificate. The structure of the directory tree and the number of indexes in the Directory Server instance can impact the hardware required for the best performance. <a class="xref" href="Preparing_for_an_IPA_Installation.html#tab.Minimum_hardware_requirements_for_IPA">Table 2.1, “Minimum Hardware Requirements”</a> lists the recommended minimums. For customized systems, additional indexes, or larger user entries, it is more effective to increase the RAM than to increase the disk space because the Directory Server stores much of its data in cache. Add info for disk layout/size recommendations, from https://www.redhat.com/archives/freeipa-users/2011-May/msg00012.html
+			</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+					The Directory Server instance used by the IPA server can be tuned to increase performance. For tuning information, see the Directory Server documentation at <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html</a>.
+				</div></div></div><div class="para">
+				The system requirements for both 32-bit and 64-bit platforms are the same.
+			</div><div class="table" id="tab.Minimum_hardware_requirements_for_IPA"><h6>Table 2.1. Minimum Hardware Requirements</h6><div class="table-contents"><table summary="Minimum Hardware Requirements" border="1"><colgroup><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /></colgroup><thead><tr><th align="center">
+								Minimum Hardware Requirements
+							</th><th align="center">
+								10,000 - 250,000 Entries
+							</th><th align="center">
+								250,000 - 1,000,000 Entries
+							</th><th align="center">
+								Over 1,000,000 Entries
+							</th></tr></thead><tbody><tr><td align="left">
+								CPU
+							</td><td colspan="3" align="center">
+								P3; 500MHz
+							</td></tr><tr><td align="left">
+								RAM
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td></tr><tr><td align="left">
+								Disk Space
+							</td><td align="center">
+								2 GB
+							</td><td align="center">
+								4 GB
+							</td><td align="center">
+								8 GB
+							</td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">2.2.2. Software Requirements</h3></div></div></div><div class="para">
+				Most of the packages that an IPA server depends on are installed as dependencies when the IPA packages are installed. There are some packages, however, which are required before installing the IPA packages:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Kerberos 1.9
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">named</span> and <span class="package">bind-dyndb-ldap</span> packages for DNS
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">ds-replication</span> package, which requires a separate subscription to the Enterprise Identity Replication product
+					</div></li></ul></div></div><div class="section" id="prerequisites"><div class="titlepage"><div><div><h3 class="title" id="prerequisites">2.2.3. System Prerequisites</h3></div></div></div><div class="para">
+				The IPA server is set up using a configuration script, and this script makes certain assumption about the host system. If the system does not meet these prerequisites, then server configuration may fail.
+			</div><div class="section" id="prereq-ds"><div class="titlepage"><div><div><h4 class="title" id="prereq-ds">2.2.3.1. Directory Server</h4></div></div></div><div class="para">
+					There must not be any instances of 389 Directory Server installed on the host machine.
+				</div></div><div class="section" id="prereq-system"><div class="titlepage"><div><div><h4 class="title" id="prereq-system">2.2.3.2. System Files </h4></div></div></div><div class="para">
+					The server script overwrites system files to set up the IPA domain. The system should be clean, without custom configuration for services like DNS and Kerberos, before configuring the IPA server.
+				</div></div><div class="section" id="prereq-ports"><div class="titlepage"><div><div><h4 class="title" id="prereq-ports">2.2.3.3. System Ports</h4></div></div></div><div class="para">
+					IPA uses a number of ports to communicate with its services. These ports, listed in <a class="xref" href="Preparing_for_an_IPA_Installation.html#tab.ipa-ports">Table 2.2, “IPA Ports”</a>, must be open and available for IPA to work. They cannot be in use by another service or blocked by a firewall. To make sure that these ports are available, try <code class="command">iptables</code> to list the available ports or <code class="command">nc</code>, <code class="command">telnet</code>, or <code class="command">nmap</code> to connect to a port or run a port scan.
+				</div><div class="table" id="tab.ipa-ports"><h6>Table 2.2. IPA Ports</h6><div class="table-contents"><table summary="IPA Ports" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+									Service
+								</th><th>
+									Ports
+								</th></tr></thead><tbody><tr><td>
+									OCSP responder
+								</td><td>
+									9180
+								</td></tr><tr><td>
+									HTTP/HTTPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>80</td></tr><tr><td>443</td></tr></table>
+
+								</td></tr><tr><td>
+									LDAP/LDAPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>389</td></tr><tr><td>636</td></tr></table>
+
+								</td></tr><tr><td>
+									Kerberos<sup>[<a id="ft.udp-tcp" href="#ftn.ft.udp-tcp" class="footnote">a</a>]</sup>
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>88</td></tr><tr><td>464</td></tr></table>
+
+								</td></tr><tr><td>
+									DNS<sup>[<a href="Preparing_for_an_IPA_Installation.html#ftn.ft.udp-tcp" class="footnoteref">a</a>]</sup>
+								</td><td>
+									53
+								</td></tr><tr><td>
+									NTP<sup>[<a id="id2715524" href="#ftn.id2715524" class="footnote">b</a>]</sup>
+								</td><td>
+									123
+								</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
+										This service uses both TCP adn UDP ports.
+									</p></div><div class="footnote"><p><sup>[<a id="ftn.id2715524" href="#id2715524" class="para">b</a>] </sup>
+										This service uses UDP ports only.
+									</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">2.2.3.4. DNS</h4></div></div></div><div class="para">
+					IPA uses DNS for the IPA clients to find (<span class="emphasis"><em>discover</em></span>) the IPA servers. The DNS service can be managed by IPA itself, or IPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and IPA services like, LDAP, Kerberos, and SSL may fail to work.
+				</div><div class="section" id="dns-requirements"><div class="titlepage"><div><div><h5 class="title" id="dns-requirements">2.2.3.4.1. DNS Requirements</h5></div></div></div><div class="para">
+						Regardless of whether the DNS is within the IPA server or external, the server host must have DNS properly configured:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								The server's machine name must be set and resolve to its public IP address. The fully-qualified domain name cannot resolve to the loopback address. It must resolve to the machine's public IP address, not to <code class="systemitem">127.0.0.1</code>. The output of the <code class="command">hostname</code> command cannot be <code class="systemitem">localhost</code> or <code class="systemitem">localhost6</code>.
+							</div></li><li class="listitem"><div class="para">
+								The hostname must be fully qualified. For example, <code class="systemitem">ipa.example.com</code>.
+							</div></li><li class="listitem"><div class="para">
+								The reverse of the address that the hostname resolves to must match the hostname.
+							</div></li><li class="listitem"><div class="para">
+								The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the IPA server, but it does need to be fully functional.
+							</div><div class="para">
+								If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install IPA to automatically configure a suitable DNS.
+							</div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">2.2.3.4.2. IPA-Generated DNS File</h5></div></div></div><div class="para">
+						To help create and configure a suitable DNS setup, the IPA installation script creates a sample zone file. During the installation, IPA displays a message similar to the following:
+					</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
+</pre><div class="para">
+						You should use this file in your DNS zone file.
+					</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">2.2.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
+						<span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in an IPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+					</div><div class="para">
+						<code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific IPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+					</div><div class="para">
+						To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+					</div><pre class="programlisting">positive-time-to-live   group           3600
+negative-time-to-live   group           60
+positive-time-to-live   hosts           3600
+negative-time-to-live   hosts           20
+</pre></div><div class="section" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos">2.2.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
+						The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+					</div><div class="para">
+						If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example: 
+<pre class="programlisting">10.0.0.1    ipa.example.com  ipa</pre>
+						 The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. IPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
+					</div><div class="para">
+						A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The IPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+					</div><div class="para">
+						The IPA installation process includes checks to ensure that the IPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing an IPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the IPA server will use itself as a DNS from that point forward.
+					</div><div class="para">
+						The IPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								DNS forwarders must be specified as IP addresses, not as hostnames.
+							</div></div></div>
+
+					</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">2.2.3.5. Configuring Networking</h4></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services">2.2.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
+						The default networking service used by Red Hat Enterprise Linux is NetworkManager, and due to the way this service works, it can cause problems with IPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in an IPA environment and disable the NetworkManager service.
+					</div><div class="orderedlist" id="proc-Enterprise_Identity_Management_Guide-Configuring_Networking_Services-To_configure_networking_services_for_IPA"><ol><li class="listitem"><div class="para">
+								Boot the machine into single-user mode and run the following commands:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManager off; service NetworkManager stop</span></pre></li><li class="listitem"><div class="para">
+								If <code class="systemitem">NetworkManagerDispatcher</code> is installed, ensure that it is stopped and disabled:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop</span></pre></li><li class="listitem"><div class="para">
+								Then, make sure that the <code class="systemitem">network</code> service is properly started. 
+<pre class="programlisting"><span class="perl_Comment"># chkconfig network on; service network start</span></pre>
+
+							</div></li><li class="listitem"><div class="para">
+								Ensure that static networking is correctly configured.
+							</div></li><li class="listitem"><div class="para">
+								Restart the system.
+							</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File">2.2.3.5.2. Configuring the /etc/hosts File</h5></div></div></div><div class="para">
+						You need to ensure that your <code class="filename">/etc/hosts</code> file is configured correctly. A misconfigured file can prevent the IPA command-line tools from functioning correctly and can prevent the IPA web interface from connecting to the IPA server.
+					</div><div class="para">
+						Configure the <code class="filename">/etc/hosts</code> file to list the FQDN for the IPA server <span class="emphasis"><em>before</em></span> any aliases. Also ensure that the hostname is not part of the <code class="literal">localhost</code> entry. The following is an example of a valid hosts file:
+					</div><pre class="programlisting">127.0.0.1	localhost.localdomain	localhost
+::1		localhost6.localdomain6	localhost6
+192.168.1.1	ipaserver.example.com	ipaserver
+</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							Do not omit the <code class="systemitem">IPv4</code> entry in the <code class="filename">/etc/hosts</code> file. This entry is required by the IPA web service.
+						</div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="installing-ipa.html"><strong>Prev</strong>Chapter 2. Installing an IPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Installing_the_IPA_Server_Packages.html"><strong>Next</strong>2.3. Installing the IPA Server Packages</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html
new file mode 100644
index 0000000..c1af97f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5. Uninstalling FreeIPA Servers and Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html" title="1.4. Setting up FreeIPA Replicas" /><link rel="next" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey
 ="p" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="setting-up-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="Uninstalling_IPA_Servers"><div class="titlepage"><div><div><h2 class="title" id="Uninstalling_IPA_Servers">1.5. Uninstalling FreeIPA Servers and Replicas</h2></div></div></div><div class="para">
+			To uninstall both a FreeIPA server and a FreeIPA replica, pass the <code class="option">--uninstall</code> option to the <code class="command">ipa-server-install</code> command: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Prev</strong>1.4. Setting up FreeIPA Replicas</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="setting-up-clients.html"><strong>Next</strong>Chapter 2. Setting up Systems as FreeIPA Clients</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html
new file mode 100644
index 0000000..c20bc0e
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Configuring a Microsoft Windows System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="next" href="Configuring_an_IPA_Client_on_Solaris.html" title="2.3. Configuring a Solaris System as a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acc
 esskey="p" href="setting-up-clients.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Next</strong></a></li></ul><div class="section" id="Using_Microsoft_Windows"><div class="titlepage"><div><div><h2 class="title" id="Using_Microsoft_Windows">2.2. Configuring a Microsoft Windows System as a FreeIPA Client</h2></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				FreeIPA does <span class="emphasis"><em>not</em></span> support Microsoft Windows client authentication.
+			</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+					Download the MIT <span class="productname">Kerberos</span>
+					 3.x package for Windows to a known location, and then run the <code class="filename">kfw-3.x-exe</code> file that you downloaded to start the <span class="application"><strong>MIT Kerberos Installation Wizard</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Read the license agreement and then click <span class="guibutton"><strong>I Agree</strong></span> to accept the agreement.
+				</div></li><li class="listitem"><div class="para">
+					Ensure you choose to install KfW Client; the other components are optional.
+				</div></li><li class="listitem"><div class="para">
+					Accept the default destination path.
+				</div></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Download from web path</strong></span>, and enter the following URL:
+				</div><pre class="programlisting">http://&lt;your FreeIPA server's fully-qualified domain name&gt;/ipa/config/
+</pre></li><li class="listitem"><div class="para">
+					Select <span class="guilabel"><strong>Autostart the Network Identity Manager each time you login to Windows</strong></span>.
+				</div></li><li class="listitem"><div class="para">
+					Click <span class="guibutton"><strong>Install</strong></span> to begin the installation. When the installation is complete, click <span class="guibutton"><strong>Finish</strong></span> to exit the Wizard.
+				</div></li><li class="listitem"><div class="para">
+					Edit the hosts file and add the FreeIPA server. For example:
+				</div><pre class="programlisting">&lt;numerical IP address&gt;     ipaserver.example.com   ipaserver
+</pre><div class="para">
+					Depending on the version of Windows, the HOSTS file could be located in different directories. For example:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Windows 2000 Pro: <code class="filename">C:\WINNT\system32\drivers\etc\</code>
+						</div></li><li class="listitem"><div class="para">
+							Windows XP Pro: <code class="filename">C:\WINDOWS\system32\drivers\etc\</code>
+						</div></li></ul></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="setting-up-clients.html"><strong>Prev</strong>Chapter 2. Setting up Systems as FreeIPA Clients</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_an_IPA_Client_on_Solaris.html"><strong>Next</strong>2.3. Configuring a Solaris System as a FreeIPA Cl...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html
new file mode 100644
index 0000000..c1ddcfd
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Identity: Integrating with Microsoft Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="configuring-automount.html" title="7.2. Configuring Automount" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html" title="8.2. Setting up Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="confi
 guring-automount.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">8.2. Setting up Active Directory</a></span></dt><d
 t><span class="section"><a href="configuring-active-directory.html">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl>
 </dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">8.7. Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
+		To synchronize user identity information between 389 Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the 389 Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between 389 Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the <em class="parameter"><code>ipaWinSyncUserAttr</code></em> parameter to specify which attributes and values to add to new users that are synchronized from Active Directory.
+	</div><div class="section" id="about-active-directory"><div class="titlepage"><div><div><h2 class="title" id="about-active-directory">8.1. About Active Directory, IPA, and Identity Management</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</h3></div></div></div><div class="para">
+				IPA clients find, or discover, IPA servers using a process known as <em class="firstterm">Service Discovery</em>. This can occur automatically, using DNS, or manually, by entering the IPA server details during the client configuration phase. If your Active Directory installation is in the same domain as the IPA server, it is possible that when you install IPA clients they will not discover the IPA server, but rather the Active Directory DNS. This means that IPA commands run on the client will fail because the client cannot contact the IPA server.
+			</div><div class="para">
+				To avoid this situation, use a separate domain for your IPA and Active Directory servers. If this is not possible, use the <em class="parameter"><code>--force</code></em> parameter when you run the <code class="command">ipa-client-install</code> script.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-automount.html"><strong>Prev</strong>7.2. Configuring Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong>8.2. Setting up Active Directory</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html
new file mode 100644
index 0000000..54e11bc
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Adding Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="next" href="editing-users.html" title="5.3. Editing Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="users.html"><strong>Prev</strong></a></li><li class="next"><a
  accesskey="n" href="editing-users.html"><strong>Next</strong></a></li></ul><div class="section" id="adding-users"><div class="titlepage"><div><div><h2 class="title" id="adding-users">5.2. Adding Users</h2></div></div></div><div class="para">
+			FreeIPA supports a wide range of <span class="property">username</span> formats, but you need to be aware of any restrictions that may apply to your particular environment. For example, a <span class="property">username</span> that starts with a digit may cause problems for some UNIX systems.
+		</div><div class="para">
+			The range of <span class="property">username</span> formats supported by FreeIPA can be described by the following regular expression:
+		</div><pre class="screen"><code class="command">[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]</code></pre><div class="para">
+			The trailing $ symbol is permitted for Samba 3.x machine support.
+		</div><div class="para">
+			Use the <code class="command">ipa user-add</code> command to add users to FreeIPA. You can pass attributes directly on the command line, or run the command with no parameters to enter interactive mode. Interactive mode prompts you to enter the basic attributes required to add a new user. You can add further attributes using the <code class="command">ipa user-mod</code> command. Use the <code class="command">ipa user-mod --list</code> command to view a list of the attributes that you can modify using this command.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_the_Command_Line-To_create_the_user_jlamb_using_the_command_line"><h6>Procedure 5.1. To create the user <code class="systemitem">jlamb</code> using the command line:</h6><ul><li class="step"><div class="para">
+					Open a shell and run the following command:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command">$ ipa user-add jlamb --first=John --last=Lamb --password</code></pre>
+
+				</div><div class="para">
+					This will prompt for a password and then complete the new entry with default values.
+				</div></li></ul></div><div class="para">
+			The following example illustrates using the <code class="command">ipa user-add</code> command in interactive mode to create a user account:
+		</div><pre class="screen"># ipa user-add
+First name: Jinny
+Last name: Pattanajee
+User login [jpattanajee]: jpattan
+--------------------
+Added user "jpattan"
+--------------------
+User login: jpattan
+First name: Jinny
+Last name: Pattanajee
+Home directory: /home/jpattan
+GECOS field: jpattan
+Login shell: /bin/sh
+Kerberos principal: jpattan at MYDOMAIN.NET
+UID: 387115841
+</pre><div class="para">
+			Press <span class="keycap"><strong>Enter</strong></span> at each prompt to accept the default values (enclosed in square brackets), or type an alternative.
+		</div><div class="para">
+			Refer to the <code class="command">ipa user-add</code> help page for more information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="users.html"><strong>Prev</strong>Chapter 5. Identity: Managing Users and User Grou...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="editing-users.html"><strong>Next</strong>5.3. Editing Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html
new file mode 100644
index 0000000..2177400
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Policy: Configuring Authorization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="migrintg-from-nis.html" title="9.3. Migrating from NIS to IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html" title="10.2. HBAC Service Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href=
 "migrintg-from-nis.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="authz" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Policy: Configuring Authorization</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="authz.html#configuring-host-access">10.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">10.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">10.3. HBAC Services</a></span></dt></dl></div><div class="section" id="configuring-host-access"><div class="tit
 lepage"><div><div><h2 class="title" id="configuring-host-access">10.1. Configuring Host-Based Access Control</h2></div></div></div><div class="para">
+			Host-based access control (HBAC) uses <em class="firstterm">rules</em> to determine who can access what services on what hosts and from where. You can use HBAC to control which users or groups on a source host can access a service, or group of services, on a target host. Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
+		</div><div class="para">
+			You can also specify a category of users, target hosts, and source hosts. This is currently limited to "all", but might be expanded in the future.
+		</div><div class="para">
+			The available services and groups of services are controlled by the <code class="systemitem">hbacsvc</code> and <code class="systemitem">hbacsvcgroup</code> plug-ins, respectively.
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="migrintg-from-nis.html"><strong>Prev</strong>9.3. Migrating from NIS to IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong>10.2. HBAC Service Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html
new file mode 100644
index 0000000..d1cf8bf
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Identity: Using Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html" title="6.6. Kerberos Errors" /><link rel="next" href="configuring-automount.html" title="7.2. Configuring Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterpris
 e_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="automount.html#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html">7.2. Configuring Automount</a></
 span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">7.1. About Automount and IPA</h2></div></div></div><div class="para">
+			This chapter describes how to configure <code class="command">automount</code> on <code class="systemitem">Linux</code> and <code class="systemitem">Solaris</code> for use with IPA. It details the procedures and configuration changes necessary to set up <code class="command">automount</code>, the <code class="filename">auto.master</code> file and other map files used by <code class="command">autofs</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Known_Issues_with_Automount-Additional_Schema_Required_for_Some_Systems"><h5 class="formalpara">Additional Schema Required for Some Systems</h5>
+					If you are supporting <code class="systemitem">Solaris</code> clients, you need to use the 2307bis-style <code class="command">automount</code> schema, although Sun's version is NOT identical to the one at <a href="http://people.redhat.com/nalin/schema/autofs.schema">http://people.redhat.com/nalin/schema/autofs.schema</a>.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</h3></div></div></div><div class="para">
+				In order to illustrate the <code class="command">automount</code> configuration procedures, this chapter assumes that: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							The IPA server is correctly installed and operational.
+						</div></li><li class="listitem"><div class="para">
+							The domain is <code class="systemitem">example.com</code>.
+						</div></li><li class="listitem"><div class="para">
+							The NFS server is also configured as an IPA client.
+						</div></li><li class="listitem"><div class="para">
+							You have root access to the server where you want <code class="command">autofs</code> to work. For the purposes of this exercise, this server is called <code class="systemitem">nfsserver.example.com</code>
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">nfsserver.example.com</code> server can communicate with the <code class="systemitem">LDAP</code> server for users and groups.
+						</div></li><li class="listitem"><div class="para">
+							The <code class="systemitem">NFS</code> service is running on <code class="systemitem">nfsserver.example.com</code>
+						</div></li></ul></div>
+
+			</div><div class="para">
+				This chapter also assumes that the user has at least a basic understanding of <code class="systemitem">NFS</code> and automount.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Assumptions-NFS_Configuration"><h5 class="formalpara">NFS Configuration</h5>
+					Configuring <code class="systemitem">NFS</code> is beyond the scope of this document. Refer to the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html</a> for information on how to configure <code class="systemitem">NFS</code>.
+				</div><div class="para">
+				The following is an example of a suitable entry in the <code class="filename">/etc/exports</code> file:
+			</div><pre class="programlisting">/home 192.168.1.0/16 (rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
+</pre><div class="para">
+				You should test that you can mount the <code class="filename">/home</code> directory from the command line before proceeding with the <code class="command">automount</code> configuration. This makes troubleshooting easier if the configuration does not work.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Prev</strong>6.6. Kerberos Errors</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong>7.2. Configuring Automount</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html
new file mode 100644
index 0000000..4c24552
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. Basic Usage</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html" title="2.6. Configuring a Macintosh OS X System as a FreeIPA Client" /><link rel="next" href="logging-in.html" title="3.2. Logging into the IPA UI" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_
 on_Macintosh_OS_X.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="logging-in.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="basic-usage.html#using-the-ui">3.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">3.1.2. Enabling Username/Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="loggi
 ng-in.html">3.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="switching-users.html">3.3. Switching Users</a></span></dt></dl></div><div class="section" id="using-the-ui"><div class="titlepage"><div><div><h2 class="title" id="using-the-ui">3.1. Using the IPA UI</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.1.1. Using a Browser on Another System</h3></div></div></div><div class="para">
+				If you are unable, or prefer not, to update <code class="filename">/etc/krb5.conf</code> with the IPA realm information, you can create another copy and set an appropriate environment variable. You can then run <code class="command">kinit</code> as before and use your browser to connect to IPA. This is especially useful if you need to manage multiple realms, and if you have overlapping domains.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					This procedure is not necessary if you use <code class="command">ipa-client-install</code> to set up your client.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_a_Browser_on_Another_System-To_set_up_a_browser_on_another_system_that_already_has_Kerberos_set_up_for_a_different_realm"><h6>Procedure 3.1. To set up a browser on another system that already has Kerberos set up for a different realm:</h6><ol class="1"><li class="step"><div class="para">
+						Copy the <code class="filename">/etc/krb5.conf</code> file from the IPA server to the client system. Do not overwrite the existing <code class="filename">krb5.conf</code> file. Run the following command on the IPA server:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"> # scp /etc/krb5.conf root at ipaclient:/etc/krb5_ipa.conf </code></pre>
+
+					</div></li><li class="step"><div class="para">
+						On the IPA client, open a shell and run the following commands: 
+<pre class="screen"><code class="command">$ export KRB5_CONFIG=/etc/krb5_ipa.conf</code>
+<code class="command">$ kinit user at EXAMPLE.COM</code>
+<code class="command">$ /usr/bin/firefox</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure and test <span class="application"><strong>Firefox</strong></span>.
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">3.1.2. Enabling Username/Password Authentication in Your Browser</h3></div></div></div><div class="para">
+				If Kerberos authentication fails, the browser login will also fail, preventing access to the IPA web interface. You can configure IPA to display a username/password authentication dialog box if this situation occurs.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Enabling_UsernamePassword_Authentication_in_Your_Browser-To_enable_failover_to_usernamepassword_authentication"><h6>Procedure 3.2. To enable failover to username/password authentication:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file, and change the <em class="parameter"><code>KrbMethodK5Passwd</code></em> attribute from <code class="literal">off</code> to <code class="literal">on</code>.
+					</div></li><li class="step"><div class="para">
+						Restart the <code class="systemitem">httpd</code> service: 
+<pre class="screen"><code class="command"># service httpd restart</code></pre>
+
+					</div></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							You need to perform this procedure on all of the IPA servers in your deployment.
+						</div></li><li class="listitem"><div class="para">
+							This change may not be preserved between IPA updates.
+						</div></li></ul></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Prev</strong>2.6. Configuring a Macintosh OS X System as a Fre...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging-in.html"><strong>Next</strong>3.2. Logging into the IPA UI</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certs.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certs.html
new file mode 100644
index 0000000..90e422a
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certs.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.5. Configuring Certificate-Based Machine Authentication</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="prev" href="config-virt-machines.html" title="4.4. Reconfiguring Virtual Machines" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html" title="4.6. Client Problems" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
  accesskey="p" href="config-virt-machines.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Next</strong></a></li></ul><div class="section" id="certs"><div class="titlepage"><div><div><h2 class="title" id="certs">4.5. Configuring Certificate-Based Machine Authentication</h2></div></div></div><div class="para">
+			IPA v2 extends the scope of authentication to include machines on the network. Machine authentication is required for the FreeIPA server to trust the machine and to accept FreeIPA connections from the client software installed on that machine. After authenticating the client, the FreeIPA server can respond to its requests.
+		</div><div class="para">
+			IPA supports two different approaches to machine authentication: Key Tables (or <em class="firstterm">keytabs</em>, a symmetric key resembling to some extent a user password); and Machine Certificates. FreeIPA clients use XML-RPC calls to request keytabs and certificates. Keys and certificate requests are generated on machines applying for certificates. Certificates are generated by the CA, in response to certificate requests submitted to FreeIPA and stored in FreeIPA's DS, and at the same time delivered to the machine for use in PKI machine authentication.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">4.5.1. Authentication Usage Scenarios</h3></div></div></div><div class="para">
+				Usage scenarios are split into the following categories:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Deployment of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Authentication using machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Revocation of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Renewal of machine credentials (keytab/certificate)
+					</div></li><li class="listitem"><div class="para">
+						Recovery from destruction of FreeIPA server
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="config-virt-machines.html"><strong>Prev</strong>4.4. Reconfiguring Virtual Machines</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Next</strong>4.6. Client Problems</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
new file mode 100644
index 0000000..f8ed680
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix A. Frequently Asked Questions</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="logging.html" title="12.13. IPA Server Logging" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Pr
 ev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3064103">
+					Is it possible to change the IP address of the master server?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3163808">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3112176">
+					What is the difference between a replica and a master server?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3061498">
+					Can I promote a replica to function as the master? How?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3453774">
+					Why does the ipa-client-install script fail to find the IPA server on a network that uses Active Directory DNS?
+				</a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id4345290">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</a></dt></dl><div class="qandaset"><div id="id3064103" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Is it possible to change the IP address of the master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. If you are only changing the IP address then it is sufficient to update the <code class="filename">/etc/hosts</code> file, the system configuration and the DNS entry.
+				</div></div></div></div><div id="id3163808" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why are there restrictions on the length of user and group names? How can I change this?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					User and group name lengths are specified in the policy. The default maximum username length is 32 characters. The maximum configurable length for user or group names is 255 characters. This restriction was introduced because some non-Linux operating systems have limitations on the length of username that they can support.
+				</div><div class="para">
+					You can modify these settings either in the user interface or on the command line. For example, to specify the maximum username length, run the following command: <code class="command">ipa config-mod  --maxusername=INT</code>
+				</div></div></div></div><div id="id3112176" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					What is the difference between a replica and a master server?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					The only difference between a replica and the initial IPA install (the "master") is that the first server owns the self-signed CA.
+				</div></div></div></div><div id="id3061498" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can I promote a replica to function as the master? How?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes. Refer to <a class="xref" href="promoting-replica.html">Section 12.12, “Promoting a Read-Only Replica to an IPA Server”</a>.
+				</div></div></div></div><div id="id3453774" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Why does the <code class="command">ipa-client-install</code> script fail to find the IPA server on a network that uses Active Directory DNS?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					This is probably due to the fact that Active Directory has its own SRV records for Kerberos and LDAP, and so the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
+				</div></div></div></div><div id="id4345290" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+					Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
+				</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
+					Yes, assuming that Servers A and B contain non-cloned CAs whose portion of internal storage has been replicated to share revocation information only.
+				</div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong>12.13. IPA Server Logging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Next</strong>Appendix B. Services: Working with certmonger</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html
new file mode 100644
index 0000000..0d754d1
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Setting up FreeIPA Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /><link rel="prev" href="creating-server.html" title="1.3. Creating a FreeIPA Server Instance" /><link rel="next" href="Uninstalling_IPA_Servers.html" title="1.5. Uninstalling FreeIPA Servers and Replicas" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="creating-server.html"><strong
 >Prev</strong></a></li><li class="next"><a accesskey="n" href="Uninstalling_IPA_Servers.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas">1.4. Setting up FreeIPA Replicas</h2></div></div></div><div class="para">
+			In the FreeIPA domain, there are three types of machines:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Servers, which manage all of the services used by domain members
+				</div></li><li class="listitem"><div class="para">
+					Replicas, which are essentially read-only clones of servers
+				</div></li><li class="listitem"><div class="para">
+					Clients, which belong to the Kerberos domains, receive certificates and tickets issued by the servers, and use other centralized services for authentication and authorization
+				</div></li></ul></div><div class="para">
+			A replica is a clone of a specific FreeIPA server. The server and replica share the same internal information about users, machines, certificates, and configured policies. These data are copied from the server to the replica in a process called <span class="emphasis"><em>replication</em></span>. The two Directory Server instances used by an FreeIPA server — the Directory Server instance used by the FreeIPA server as a data store and the Directory Server instance used by the Dogtag Certificate System to store certificate information — are replicated over to corresponding consumer Directory Server instances used by the FreeIPA replica.
+		</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+				If you are using the integrated Dogtag Certificate System instance as the CA for the FreeIPA domain, then it is possible to make a replica of a replica. It is <span class="emphasis"><em>not</em></span> possible to make a replica of a replica if you use the <code class="option">--selfsign</code> option for the original FreeIPA server.
+			</div></div></div><div class="section" id="installing-replica"><div class="titlepage"><div><div><h3 class="title" id="installing-replica">1.4.1. Prepping and Installing the Replica Server</h3></div></div></div><div class="para">
+				Replicas are functionally the same as FreeIPA servers, so they have the same installation requirements and packages.
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Make sure that the machine meets all of the prerequisites listed in <a class="xref" href="installing-ipa.html#Preparing_for_an_IPA_Installation">Section 1.1, “Preparing to Install the FreeIPA Server”</a>.
+					</div></li><li class="listitem"><div class="para">
+						Install the server packages as in <a class="xref" href="Installing_the_IPA_Server_Packages.html">Section 1.2, “Installing the FreeIPA Server Packages”</a>. However, do <span class="emphasis"><em>not</em></span> run the <code class="command">ipa-server-install</code> script.
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							The replica and the master server must be running the same version of FreeIPA.
+						</div></div></div></li><li class="listitem"><div class="para">
+						If there is an existing Dogtag Certificate System or Red Hat Certificate System instance on the replica machine, make sure that port <code class="systemitem">7389</code> is free. This port is used by the master FreeIPA server to communicate with the replica.
+					</div></li></ul></div></div><div class="section" id="creating-the-replica"><div class="titlepage"><div><div><h3 class="title" id="creating-the-replica">1.4.2. Creating the Replica</h3></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					Make sure that the replica machine exists in the server's DNS <span class="emphasis"><em>before</em></span> beginning to configure the replica. If the server cannot contact the replica machine during the configuration process, then the replica configuration fails.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						C\On the master server, create a <span class="emphasis"><em>replica information file</em></span>. This contains realm and configuration information taken from the master server which will be used to configure the replica server.
+					</div><div class="para">
+						Run the <code class="command">ipa-replica-repare</code> command <span class="emphasis"><em>on the master FreeIPA server</em></span>. The command requires the fully-qualified domain name of the <span class="emphasis"><em>replica</em></span> machine.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-replica-prepare ipareplica.example.com</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+Determining current realm name
+Getting domain name from LDAP
+Preparing replica <span class="perl_Keyword">for</span> ipareplica.example.com from ipaserver.example.com
+Creating SSL certificate <span class="perl_Keyword">for</span> the Directory Server
+Creating SSL certificate <span class="perl_Keyword">for</span> the Web Server
+Copying additional files
+Finalizing configuration
+Packaging the replica into replica-info-ipareplica.example.com
+</pre><div class="para">
+						Each replica information file is created in the <code class="filename">/var/lib/ipa/</code> directory as a GPG-encrypted file. Each file is named specifically for the replica server for which it is intended, such as <code class="filename">replica-info-ipareplica.example.com.gpg</code>.
+					</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+							A replica information file cannot be used to create multiple replicas. It can only be used for the specific replica and machine for which it was created.
+						</div></div></div><div class="warning"><div class="admonition_header"><h2>WARNING</h2></div><div class="admonition"><div class="para">
+							Replica information files contain sensitive information. Take appropriate steps to ensure that they are properly protected.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Copy the replica information file to the replica server:
+					</div><pre class="programlisting"><span class="perl_Comment"># scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root at ipareplica:/var/lib/ipa/</span></pre></li><li class="listitem"><div class="para">
+						On the replica server, run the replica installation script, referencing the replication information file:
+					</div><div class="para">
+						
+<pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre>
+
+					</div><div class="para">
+						The replica installation script runs a test to ensure that the replica file being installed matches the current hostname. If they do not match, the script returns a warning message and asks for confirmation. This could occur on a multi-homed machine, for example, where mismatched hostnames may not be an issue.
+					</div></li><li class="listitem"><div class="para">
+						Enter the Directory Manager password when prompted. The script then configures a Directory Server instance based on information in the replica information file and initiates a replication process to copy over data from the master server to the replica, a process called <span class="emphasis"><em>initialization</em></span>.
+					</div></li><li class="listitem"><div class="para">
+						Once the installation process completes, update the DNS entries so that FreeIPA clients can discover the new server. For example, for a FreeIPA replica with a hostname of <code class="systemitem">ipareplica.example.com</code>:
+					</div><pre class="programlisting">_ldap._tcp             IN SRV 0 100 389	ipareplica.example.com
+_kerberos._tcp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos._udp         IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._tcp  IN SRV 0 100 88 ipareplica.example.com
+_kerberos-master._udp  IN SRV 0 100 88 ipareplica.example.com
+_kpasswd._tcp          IN SRV 0 100 464 ipareplica.example.com
+_kpasswd._udp          IN SRV 0 100 464 ipareplica.example.com
+_ntp._udp              IN SRV 0 100 123 ipareplica.example.com
+</pre></li><li class="listitem"><div class="para">
+						<span class="emphasis"><em>Optional.</em></span> Set up DNS services for the replica. These are not configured by the setup script, even if the master server uses DNS.
+					</div><div class="para">
+						Use the <code class="command">ipa-dns-install</code> command to install the DNS manually, then use the the <code class="command">ipa dnsrecord-add</code> command to add the required DNS records. For example: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-dns-install</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+$ ipa dnsrecord-add example.com @ --ns-rec ipareplica.example.com.</pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+							Use the fully-qualified domain name of the replica, including the final period (.), otherwise BIND will treat the hostname as relative to the domain.
+						</div></div></div></li></ol></div></div><div class="section" id="troubleshooting-replica-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</h3></div></div></div><div class="para">
+				If the replica installation fails on step 3 (<span class="bold bold"><strong>[3/11]: configuring certificate server instance</strong></span>), that usually means that the required port is not available. This can be verified by checking the debug logs for the CA, <code class="filename">/var/log/pki-ca/debug</code>, which may show error messages about being unable to find certain entries. For example: 
+<pre class="screen">[04/Feb/2011:22:29:03][http-9445-Processor25]: DatabasePanel
+comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</pre>
+
+			</div><div class="para">
+				The only resolution is to uninstall the replica: 
+<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
+
+			</div><div class="para">
+				After uninstalling the replica, ensure that port 7389 on the replica is available, and retry the replica installation.
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="creating-server.html"><strong>Prev</strong>1.3. Creating a FreeIPA Server Instance</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Uninstalling_IPA_Servers.html"><strong>Next</strong>1.5. Uninstalling FreeIPA Servers and Replicas</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-virt-machines.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-virt-machines.html
new file mode 100644
index 0000000..52ca1c8
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-virt-machines.html
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.4. Reconfiguring Virtual Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="prev" href="renaming-machines.html" title="4.3. Renaming Machines" /><link rel="next" href="certs.html" title="4.5. Configuring Certificate-Based Machine Authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="renaming-machines.html"><strong>Prev</s
 trong></a></li><li class="next"><a accesskey="n" href="certs.html"><strong>Next</strong></a></li></ul><div class="section" id="config-virt-machines"><div class="titlepage"><div><div><h2 class="title" id="config-virt-machines">4.4. Reconfiguring Virtual Machines</h2></div></div></div><div class="para">
+			There are two cases where it might be necessary to reconfigure a VM enrolled in a FreeIPA domain: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The VM is copied.
+					</div></li><li class="listitem"><div class="para">
+						The VM is migrated from one FreeIPA domain to another.
+					</div><div class="para">
+						This means that there is a FreeIPA configuration that needs to be removed and the machine needs to be enrolled in the new realm.
+					</div></li></ul></div>
+
+		</div><div class="para">
+			In each case, the procedure is identical to that described for renaming a FreeIPA machine: <a class="xref" href="renaming-machines.html#proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine">Procedure 4.3, “To rename a FreeIPA machine:”</a>. Although it is possible to <span class="emphasis"><em>not</em></span> completely unconfigure the client, there is no real downside to doing this (that is, running the <code class="command">ipa-client-install --uninstall</code> command).
+		</div><div class="para">
+			If you cannot use the <code class="command">ipa-client-install --uninstall</code> command, or it is failing for some reason, use the following manual procedure to remove the FreeIPA configuration from the client. Bear in mind, however, that this procedure cannot be undone:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Remove the old hostname from the main keytab. This method removes *ALL* principals in the domain: 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -r EXAMPLE.COM</code></pre>
+
+				</div><div class="para">
+					To remove on a per-principal basis (per-principal and per-encryption type): 
+<pre class="programlisting"><code class="command">$ ipa-rmkeytab -k /etc/krb5.keytab -p host/server.example.com at EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Disable certificate tracking in <code class="systemitem">certmonger</code>: 
+<pre class="programlisting"><code class="command">$ ipa-getcert stop-tracking -n Server-Cert -d /etc/pki/nssdb</code></pre>
+
+				</div><div class="para">
+					If there are any additional certificates being tracked by <code class="systemitem">certmonger</code>, you need to perform this step for each nickname and database pair.
+				</div></li><li class="step"><div class="para">
+					Remove the old host from FreeIPA. This is not strictly required but it is certainly cleaner. 
+<pre class="programlisting"><code class="command">$ ipa host-del <em class="replaceable"><code>HOSTNAME</code></em></code></pre>
+
+				</div></li><li class="step"><div class="para">
+					Add the new host to FreeIPA, or re-join using administrator privileges: 
+<pre class="programlisting"><code class="command">$ ipa-join</code></pre>
+
+				</div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="renaming-machines.html"><strong>Prev</strong>4.3. Renaming Machines</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="certs.html"><strong>Next</strong>4.5. Configuring Certificate-Based Machine Authen...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html
new file mode 100644
index 0000000..2aae9e8f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Configuring Active Directory Synchronization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html" title="8.2. Setting up Active Directory" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html" title="8.4. Creating Synchronization Agreements" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs
 .fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-active-directory"><div class="titlepage"><div><div><h2 class="title" id="configuring-active-directory">8.3. Configuring Active Directory Synchronization</h2></div></div></div><div class="para">
+			The Windows Sync plug-in is installed on the IPA server, and enables one-way replication of users and groups from Windows to IPA. The <code class="command">ipa-server-install</code> script automatically installs the plug-in configuration entry and enables it by default. The Windows Sync plug-in is only ever called if Windows Sync is used.
+		</div><div class="para">
+			The passsync plug-in for Windows uses a standard <code class="command">ldapmodify</code> operation to change users' passwords. These operations take effect immediately, and are still normally subject to password policy settings. When the special user used by passsync sets the password, these password policies should be bypassed and the password should not be set to immediately expire, as is the case when a normal administrator resets a user password. To achieve this, you need to add a list of passSync Manager DNs to the password plug-in configuration. These users will be exempt from password policy enforcement in the same way that the Directory Manager is exempt. This currently requires a manual configuration, as follows:
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Windows_Sync_on_the_IPA_Server-To_add_a_list_of_passSync_Manager_DNs_to_the_password_plug_in_configuration"><h6>Procedure 8.2. To add a list of passSync Manager DNs to the password plug-in configuration:</h6><ol class="1"><li class="step"><div class="para">
+					As Directory Manager, modify the entry <em class="parameter"><code>cn=ipa_pwd_extop,cn=plugins,cn=config</code></em>
+				</div></li><li class="step"><div class="para">
+					Add or update the <em class="parameter"><code>passSyncManagersDNs</code></em> attribute. This is a multi-valued list of DNs that bypass password policy.
+				</div></li></ol></div><div class="para">
+			The following is an example of adding the new entry <code class="literal">uid=admin</code>:
+		</div><pre class="screen">% ldapmodify -x -D "cn=Directory Manager" -W
+Enter LDAP Password: *******
+dn: cn=ipa_pwd_extop,cn=plugins,cn=config
+changetype: modify
+add: passSyncManagersDNs
+passSyncManagersDNs: uid=admin,cn=users,cn=accounts,dc=example,dc=com
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The entry <em class="parameter"><code>cn=Directory Manager</code></em> always bypasses policy and does not need to be explicitly listed.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Prev</strong>8.2. Setting up Active Directory</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Next</strong>8.4. Creating Synchronization Agreements</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html
new file mode 100644
index 0000000..2db66ff
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Configuring Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="prev" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="next" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</str
 ong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">7.2. Configuring Automount</h2></div></div></div><div class="para">
+			IPA natively supports automount and so only minimal configuration is required. IPA 2.0 also introduces the concept of a <em class="firstterm">location</em>, which allows for different sets of maps for different purposes, or locations. 
+			<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					You can direct different clients to use different map sets. These map sets use a tree structure, which means that you cannot share maps between locations.
+				</div></div></div>
+			 Any extra steps required for configuring automount on Linux or Solaris are described below. Refer to the <code class="command">ipa help automount</code> help page for more information and a list of available commands.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-To_configure_autofs_on_Linux"><h6>Procedure 7.1. To configure autofs on Linux:</h6><ol class="1"><li class="step"><div class="para">
+						Edit the <code class="filename">/etc/sysconfig/autofs</code> file as follows. This specifies the attributes that <code class="command">autofs</code> searches for:
+					</div><pre class="programlisting">#
+# Other common LDAP naming
+#
+MAP_OBJECT_CLASS="automountMap"
+ENTRY_OBJECT_CLASS="automount"
+MAP_ATTRIBUTE="automountMapName"
+ENTRY_ATTRIBUTE="automountKey"
+VALUE_ATTRIBUTE="automountInformation"
+</pre></li><li class="step"><div class="para">
+						You also need to specify which <code class="systemitem">LDAP</code> server to use, and the <em class="parameter"><code>basedn</code></em> for <code class="systemitem">LDAP</code> searches:
+					</div><pre class="programlisting">LDAP_URI="ldap://ipa.example.com"
+SEARCH_BASE="cn=&lt;location&gt;,cn=automount,dc=example,dc=com"
+</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							The default value for <em class="parameter"><code>location</code></em> is <code class="literal">default</code>.
+						</div></div></div></li><li class="step"><div class="para">
+						Save the file and restart <code class="systemitem">autofs</code>:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># service autofs restart</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">7.2.1.1. Testing the Configuration</h4></div></div></div><div class="para">
+					Test the configuration by attempting to list a user's <code class="filename">/home</code> directory:
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+				</div><div class="para">
+					If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors or other indications of what the problem might be. You can also increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</h3></div></div></div><div class="para">
+				The following procedure describes the steps required to configure <code class="command">automount</code> for <code class="systemitem">Solaris</code>.
+			</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+						If the <code class="systemitem">NFS</code> server is running on <code class="systemitem">Linux</code>, you need to specify on the <code class="systemitem">Solaris</code> machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
+					</div><pre class="programlisting">NFS_CLIENT_VERSMAX=3
+</pre></li><li class="step"><div class="para">
+						IPA does not configure automount by default, so you need to use the <code class="command">ldapclient</code> command to manually configure your host to use LDAP:
+					</div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none \
+-a defaultSearchBase=dc=example,dc=com \
+-a defaultServerList=ipa.example.com \
+-a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com \
+-a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com \
+-a serviceSearchDescriptor=auto_master:automountMapName=auto.master, \
+	cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a serviceSearchDescriptor=auto_home:automountMapName=auto_home, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+-a objectClassMap=shadow:shadowAccount=posixAccount \
+-a searchTimelimit=15 \
+-a bindTimeLimit=5
+</pre></li><li class="step"><div class="para">
+						Enable <code class="command">automount</code> as follows:
+					</div><div class="para">
+						
+<pre class="screen"><code class="command"># svcadm enable svc:/system/filesystem/autofs</code></pre>
+
+					</div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">7.2.2.1. Testing the Configuration</h4></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Testing_the_Configuration-_To_test_the_automount_configuration_run_the_following_commands_"><h6>Procedure 7.2.  To test the <code class="command">automount</code> configuration, run the following commands: </h6><ol class="1"><li class="step"><div class="para">
+							
+<pre class="screen"><code class="command"># ldapclient -l auto_master</code>
+dn: automountkey=/home,automountmapname=auto.master,cn=&lt;location&gt;,cn=automount,dc=example,dc=com
+objectClass: automount
+objectClass: top
+automountKey: /home
+automountInformation: auto.home
+</pre>
+
+						</div></li><li class="step"><div class="para">
+							Attempt to list a user's <code class="filename">/home</code> directory:
+						</div><div class="para">
+							
+<pre class="screen"><code class="command"># ls /home/&lt;username&gt;</code></pre>
+
+						</div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</h3></div></div></div><div class="para">
+				An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
+			</div><div class="para">
+				The following example creates an indirect map for <code class="filename">/usr/man</code> using the built-in IPA commands. This creates a single indirect map, <code class="filename">/usr/man/man1</code>, which:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Creates a new <code class="command">automount</code> map called <code class="filename">auto.man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds <code class="filename">auto.man</code> to <code class="filename">auto.master</code> on the mount point <code class="filename">/usr/man</code>
+					</div></li><li class="listitem"><div class="para">
+						Adds an indirect mount of <code class="filename">man1</code> to <code class="filename">auto.man</code>
+					</div></li></ul></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-How_to_create_an_indirect_map"><h6>Procedure 7.3. How to create an indirect map:</h6><ol class="1"><li class="step"><div class="para">
+						Create a new location:
+					</div><pre class="screen"><code class="command">$ ipa automountlocation-add baltimore</code>
+  Location: baltimore</pre></li><li class="step"><div class="para">
+						Create a map for man pages:
+					</div><pre class="screen"><code class="command">$ ipa automountmap-add baltimore auto.man</code>
+  Map: auto.man</pre></li><li class="step"><div class="para">
+						Add this map to the location's auto.master on the mount point /usr/man:
+					</div><pre class="screen"><code class="command">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man</code>
+  Key: /usr/man
+  Mount information: auto.man</pre></li></ol></div><div class="para">
+				Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
+			</div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
+/etc/auto.master:
+/-      /etc/auto.direct
+/usr/man        /etc/auto.man
+---------------------------
+/etc/auto.direct:
+---------------------------
+/etc/auto.man:</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_an_Indirect_Map_on_Solaris"><h5 class="formalpara">Configuring an Indirect Map on Solaris</h5>
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
+  cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">7.2.3.1. Configuring Direct Maps</h4></div></div></div><div class="para">
+					Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
+				</div><div class="para">
+					To add a direct map configuration, IPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
+				</div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automount
+    automountKey: '/-'
+    automountInformation: auto.direct
+</pre><pre class="programlisting">automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com
+    objectClass: automountMap
+    automountMapName: auto.direct
+</pre><div class="para">
+					Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
+				</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Direct_Maps-How_to_create_a_direct_map"><h6>Procedure 7.4. How to create a direct map:</h6><ol class="1"><li class="step"><div class="para">
+							Create a new location:
+						</div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
+  Location: brisbane</pre></li><li class="step"><div class="para">
+							Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
+						</div><pre class="screen"><code class="command">$ ipa automountkey-add brisbane auto.direct --key=/share \</code>
+  <code class="command">--info="-ro,soft, ipaserver.ipadocs.org:/home/share"</code>
+  Key: /share
+  Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
+					On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+				</div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct, \
+    cn=&lt;location&gt;,cn=automount,dc=example,dc=com?one \
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</h3></div></div></div><div class="para">
+				The following pages were used as references for this work:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://efod.se/blog/archive/2006/06/27/autofs-and-ldap">http://efod.se/blog/archive/2006/06/27/autofs-and-ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://www.linuxjournal.com/article/6266">http://www.linuxjournal.com/article/6266</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/showthread.php?t=138992">http://forums.fedoraforum.org/showthread.php?t=138992</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap">http://forums.fedoraforum.org/forum/showthread.php?t=135635&amp;highlight=autofs+ldap</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide">http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide</a>
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</strong>Chapter 7. Identity: Using Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong>Chapter 8. Identity: Integrating with Microsoft A...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html
new file mode 100644
index 0000000..851e76b
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. Configuring sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="sudo.html" title="Chapter 11. Policy: Using sudo" /><link rel="prev" href="sudo.html" title="Chapter 11. Policy: Using sudo" /><link rel="next" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sudo.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ser
 ver-config.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-sudo"><div class="titlepage"><div><div><h2 class="title" id="configuring-sudo">11.2. Configuring sudo</h2></div></div></div><div class="para">
+			To fully implement Sudo rules, you need to perform various configuration steps on both the IPA server and client. You should first create a <em class="firstterm">Sudo command object</em>, and optionally create any <em class="firstterm">Sudo command groups</em>. Finally, create a <em class="firstterm">Sudo rule</em>, which should contain at least the following components: 
+			<div class="itemizedlist"><div class="para">
+					One or more:
+				</div><ul><li class="listitem"><div class="para">
+						users or groups of users
+					</div></li><li class="listitem"><div class="para">
+						hosts or groups of hosts
+					</div></li><li class="listitem"><div class="para">
+						commands or groups of commands
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These steps are described in detail in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">11.2.1. Server Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules"><h6>Procedure 11.1. How to configure your server to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Set up a host group, and add the client to the host group:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add bne_doc</code>
+  Description: BNE Documentation hosts
+  -------------------------------
+  Added hostgroup "bne_doc"
+  -------------------------------
+  Host-group: bne_doc
+  Description: BNE Documentation hosts</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa hostgroup-add-member bne_doc --hosts ipaclient.ipadocs.org</code>
+  Host-group: bne_doc
+  Description: BNE Documentation hosts
+  Member hosts: ipaclient.ipadocs.org
+-------------------------
+Number of members added 1
+-------------------------</pre></li></ol></li><li class="step"><div class="para">
+						Set up a user group, and add the required users to this group. This procedure assumes that the IPA users already exist:
+					</div><ol class="a"><li class="step"><pre class="screen"><code class="command">$ ipa group-add translators</code>
+  Description: Translation team
+  -------------------------
+  Added group "translators"
+  -------------------------
+  Group name: translators
+  Description: Translation team
+  GID: 1014000006</pre></li><li class="step"><pre class="screen"><code class="command">$ ipa group-add-member translators --users yhuang,klim,hchoi</code>
+    Group name: translators
+    Description: Translation team
+    GID: 1014000006
+    Member users: yhuang, klim, hchoi
+-------------------------
+Number of members added 3
+-------------------------
+</pre></li></ol></li><li class="step"><div class="para">
+						Set up a bind user. This requires setting the password for the <code class="command">sudo</code> bind user. 
+<pre class="screen"><code class="command">$ LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipaserver.ipadocs.org -ZZ \</code>
+  <code class="command">-D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org</code>
+    New password: &lt;sudo user's password&gt;
+    Re-enter new password: &lt;sudo user's password&gt;
+    Enter LDAP Password: &lt;Directory Manager's password&gt;
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Set up the Sudo commands.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add one or more logically-related Sudo commands: 
+<pre class="screen"><code class="command">$ ipa sudocmd-add --desc 'For reading log files' '/usr/bin/less'</code>
+----------------------------------
+Added sudo command "/usr/bin/less"
+----------------------------------
+  Sudo Command: /usr/bin/less
+  Description: For reading log files</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add a suitable Sudo command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add --desc 'Read-only commands' readonly</code>
+-----------------------------------
+Added sudo command group "readonly"
+-----------------------------------
+  Sudo Command Group: readonly
+  Description: Read-only commands</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the command to the command group: 
+<pre class="screen"><code class="command">$ ipa sudocmdgroup-add-member --sudocmds '/usr/bin/less' readonly</code>
+  Sudo Command Group: readonly
+  Description: Read-only commands
+  Member Sudo commands: /usr/bin/less
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the Sudo rules.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add readonly-commands</code>
+-----------------------------------
+Added sudo rule "readonly-commands"
+-----------------------------------
+  Rule name: readonly-commands
+  Enabled: TRUE
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the allowable commands. These are the commands enabled by this Sudo rule when it is active. 
+<pre class="screen">$ ipa sudorule-add-allow-command --sudocmdgroups readonly readonly-commands
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the hosts. These are the hosts and host groups to which this Sudo rule applies when it is active. 
+<pre class="screen"><code class="command">$ ipa sudorule-add-host --hostgroups bne_doc readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------</pre>
+
+							</div></li><li class="step"><div class="para">
+								Add the users (or groups of users). These are the IPA users affected by this Sudo rule: 
+<pre class="screen"><code class="command">$ ipa sudorule-add-user --groups translators readonly-commands</code>
+  Rule name: readonly-commands
+  Enabled: TRUE
+  Groups: translators
+  Host Groups: bne_doc
+  Sudo Command Groups: readonly
+-------------------------
+Number of members added 1
+-------------------------
+</pre>
+
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">11.2.2. Client Configuration for Sudo Rules</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-How_to_configure_your_client_to_use_Sudo_rules"><h6>Procedure 11.2. How to configure your client to use Sudo rules:</h6><ol class="1"><li class="step"><div class="para">
+						Configure <code class="command">sudo</code> to look to LDAP for the <code class="filename">sudoers</code> file. Add the following line to <code class="filename">/etc/nsswitch.conf</code>: 
+<pre class="programlisting">sudoers:  ldap</pre>
+
+					</div><div class="para">
+						You can still use the local <code class="filename">/etc/sudoers</code> file in preference to the LDAP version. The following configuration uses the local file before referring to LDAP to find <code class="command">sudo</code> rules: 
+<pre class="programlisting">sudoers:  files ldap</pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure SSSD to look for NIS netgroups.
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following line immediately after the <em class="parameter"><code>ipa_server</code></em> entry in the <code class="filename">/etc/sssd/sssd.conf</code> file: 
+<pre class="programlisting">ldap_netgroup_search_base = cn=ng,cn=compat,dc=ipadocs,dc=org</pre>
+
+							</div></li><li class="step"><div class="para">
+								Restart the SSSD daemon: 
+<pre class="screen"><code class="command"># service sssd restart</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Edit the LDAP configuration file for <code class="command">sudo</code>:
+					</div><ol class="a"><li class="step"><div class="para">
+								Add the following lines to the <code class="filename">/etc/nss_ldap.conf</code> file. You may have to create this file if it does not already exist: 
+<pre class="programlisting">sudoers_base ou=SUDOers,dc=ipadocs,dc=org
+binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ipadocs,dc=org
+bindpw &lt;sudo user's password&gt;
+ssl start_tls
+tls_cacertfile /etc/ipa/ca.crt
+tls_checkpeer yes
+bind_timelimit 5
+timelimit 15
+uri ldap://ipaserver.ipadocs.org
+</pre>
+								 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+										The sudo user's password in this configuration is the same password you set up in <a class="xref" href="configuring-sudo.html#proc-Enterprise_Identity_Management_Guide-Server_Configuration_for_Sudo_Rules-How_to_configure_your_server_to_use_Sudo_rules">Procedure 11.1, “How to configure your server to use Sudo rules:”</a>.
+									</div></div></div>
+
+							</div><div class="para">
+								If desired, you can also add the <em class="parameter"><code>sudoers_debug</code></em> parameter to this file to assist with any troubleshooting processes. Valid values for this parameter are 0, 1, and 2. Refer to <a href="http://www.gratisoft.us/sudo/readme_ldap.html">http://www.gratisoft.us/sudo/readme_ldap.html</a> for more information.
+							</div></li><li class="step"><div class="para">
+								To support compatibility with the legacy configuration, create the following symbolic link: 
+<pre class="screen"><code class="command"># ln -s /etc/nss_ldap.conf /etc/ldap.conf</code></pre>
+
+							</div></li></ol></li><li class="step"><div class="para">
+						Set up the NIS domain. Sudo still utilizes NIS netgroups, and so to support the client-side identification of NIS netgroup domains, you need to define your NIS domain name, as follows: 
+<pre class="screen"><code class="command"># nisdomainname example.com</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							A bug has been filed in Fedora to have this configuration requirement addressed during the boot process.
+						</div></div></div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Client_Configuration_for_Sudo_Rules-NIS_Configuration_Notes">11.2.2.1. NIS Configuration Notes</h4></div></div></div><div class="para">
+					Originally called <em class="firstterm">Yellow Pages (YP)</em>, NIS was created by Sun Microsystems and stands for Network Information Service. It was primarily used by UNIX to centrally manage authentication and enumeration information such as user/password, host/IP address, POSIX groups, and netgroups. NIS (the service) does not actually need to be configured on either the client or the server. Not only is it unnecessary, but might be considered a security risk if it were running. NIS is an RPC service and is insecure by today's standards, partly because: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								It provides no host authentication mechanisms
+							</div></li><li class="listitem"><div class="para">
+								It transmits all of its information over the network unencrypted, including password hashes
+							</div></li></ul></div>
+
+				</div><div class="para">
+					Modern Linux/BSD systems implement the <em class="firstterm">Name Service Switch (NSS)</em>, which provides a means of controlling and directing look ups for authentication and enumeration information.
+				</div><div class="para">
+					The IPA LDAP implementation provides the schema to support NIS as defined in <a href="http://tools.ietf.org/html/rfc2307">RFC 2307</a>. NIS objects are automatically created inside of LDAP and NSS_LDAP, or SSSD fetches them using an encrypted LDAP connection.
+				</div><div class="para">
+					Utilizing SSSD or NSS_LDAP, a client system can enumerate the necessary NIS information using authenticated and encrypted queries to the back end LDAP service provided by the IPA Server. This eliminates the need for NIS client configuration for systems that can support NIS using LDAP when utilizing IPA.
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sudo.html"><strong>Prev</strong>Chapter 11. Policy: Using sudo</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="server-config.html"><strong>Next</strong>Chapter 12. Configuring the IPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-roles.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-roles.html
new file mode 100644
index 0000000..6f30f14
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-roles.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Creating Roles</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="next" href="self-service.html" title="12.3. Defining Self-Service Settings" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="server-config.html"><strong>Prev</strong></a></li><li 
 class="next"><a accesskey="n" href="self-service.html"><strong>Next</strong></a></li></ul><div class="section" id="creating-roles"><div class="titlepage"><div><div><h2 class="title" id="creating-roles">12.2. Creating Roles</h2></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_an_IPA_Role-To_set_up_a_new_role"><h6>Procedure 12.1. To set up a new role:</h6><ol class="1"><li class="step"><div class="para">
+					Add the new role:
+				</div><pre class="screen"><code class="command"># ipa role-add --desc="User Administrator" useradmin</code>
+  ------------------------
+  Added role "useradmin"
+  ------------------------
+  Role name: useradmin
+  Description: User Administrator</pre></li><li class="step"><div class="para">
+					Add the required privileges to the role:
+				</div><pre class="screen"><code class="command"># ipa role-add-privilege --privileges="User Administrators" useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Privileges: user administrators
+  ----------------------------
+  Number of privileges added 1
+----------------------------
+</pre></li><li class="step"><div class="para">
+					Add the required groups to the role. In this case, we are adding only a single group, <code class="systemitem">useradmin</code>, which already exists.
+				</div><pre class="screen"><code class="command"># ipa role-add-member --groups=useradmins useradmin</code>
+  Role name: useradmin
+  Description: User Administrator
+  Member groups: useradmins
+  Privileges: user administrators
+  -------------------------
+  Number of members added 1
+-------------------------
+</pre></li></ol></div><div class="para">
+			The result of this procedure is that any user in the <code class="systemitem">useradmins</code> group can add, modify, and remove users, change user passwords, add users to the default group, and unlock user accounts. You can use the <code class="command">ipa privilege-show</code> command to determine exactly which command set the user or group can access: 
+<pre class="screen"><code class="command"># ipa privilege-show 'user administrators'</code>
+  Privilege name: User Administrators
+  Description: User Administrators
+  Permissions: add users, change a user password, add user to default group, unlock user accounts,
+  remove users, modify users
+  Granting privilege to roles: useradmin</pre>
+
+		</div><div class="para">
+			As the needs of your enterprise change, you may need to modify the roles that you have established. For example, you may need to change the members of the role, or change the privileges associated with the role. You can use the <code class="command">ipa role-*</code> commands to perform these functions. For example, to remove an existing privilege from a role, use the <code class="command">ipa role-remove-privilege</code> command. To remove members from a role, use the <code class="command">ipa role-remove-member</code> command. Refer to the <code class="command">ipa role help</code> pages for more information.
+		</div><div class="para">
+			You can use the <code class="command">ipa role-del</code> command to delete IPA roles from your configuration. Bear in mind, however, that any entities that rely on this role for access to IPA objects or to perform certain tasks will no longer have that ability.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="server-config.html"><strong>Prev</strong>Chapter 12. Configuring the IPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="self-service.html"><strong>Next</strong>12.3. Defining Self-Service Settings</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html
new file mode 100644
index 0000000..8418b0d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html
@@ -0,0 +1,426 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Creating a FreeIPA Server Instance</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /><link rel="prev" href="Installing_the_IPA_Server_Packages.html" title="1.2. Installing the FreeIPA Server Packages" /><link rel="next" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html" title="1.4. Setting up FreeIPA Replicas" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
  accesskey="p" href="Installing_the_IPA_Server_Packages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Next</strong></a></li></ul><div class="section" id="creating-server"><div class="titlepage"><div><div><h2 class="title" id="creating-server">1.3. Creating a FreeIPA Server Instance</h2></div></div></div><div class="para">
+			The FreeIPA setup script creates a server instance, which includes configuring all of the required services for the FreeIPA domain:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					The network time daemon (ntpd)
+				</div></li><li class="listitem"><div class="para">
+					A 389 Directory Server instance
+				</div></li><li class="listitem"><div class="para">
+					A Kerberos key distribution center (KDC)
+				</div></li><li class="listitem"><div class="para">
+					Apache (httpd)
+				</div></li><li class="listitem"><div class="para">
+					An updated SELinux targeted policy
+				</div></li><li class="listitem"><div class="para">
+					The Active Directory WinSync plug-in
+				</div></li><li class="listitem"><div class="para">
+					A certificate authority
+				</div></li><li class="listitem"><div class="para">
+					<span class="emphasis"><em>Optional.</em></span> A domain name service (DNS) server
+				</div></li></ul></div><div class="para">
+			The FreeIPA setup process can be minimal, where the administrator only supplies some required information, or it can be very specific, with user-defined settings for many parts of the FreeIPA services. The configuration is passed using arguments with the <code class="command">ipa-install-server</code> script.
+		</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				The port numbers and directory locations used by FreeIPA are all defined automatically, as defined in <a class="xref" href="installing-ipa.html#prereq-ports">Section 1.1.3.3, “System Ports”</a> and . These ports and directories <span class="emphasis"><em>cannot</em></span> be changed or customized.
+			</div></div></div><div class="section" id="install-command"><div class="titlepage"><div><div><h3 class="title" id="install-command">1.3.1. About ipa-server-install</h3></div></div></div><div class="para">
+				A FreeIPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS nad Kerberos, that are used by the FreeIPA instance, or it can supply predefined values for minimal input from the administrator.
+			</div><div class="para">
+				While <code class="command">ipa-server-install</code> can be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
+			</div><div class="para">
+				<a class="xref" href="creating-server.html#tab.ipa-server-install-param">Table 1.3, “ipa-server-install Options”</a> lists the possible arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="creating-server.html#install-examples">Section 1.3.3, “Examples of Creating the FreeIPA Server”</a> has examples of some common installation scenarios. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
+			</div><div class="table" id="tab.ipa-server-install-param"><h6>Table 1.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+								Argument
+							</th><th>
+								Alternate Argument
+							</th><th>
+								Description
+							</th></tr></thead><tbody><tr><td colspan="3">
+								<span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3449036" href="#ftn.id3449036" class="footnote">a</a>]</sup>
+							</td></tr><tr><td>
+								-a <span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								--admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
+							</td><td>
+								The password for the FreeIPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
+							</td></tr><tr><td>
+								--hostname=<span class="emphasis"><em>hostname</em></span>
+							</td><td>
+
+							</td><td>
+								The fully-qualified domain name of the FreeIPA server machine.
+							</td></tr><tr><td>
+								-n <span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								--domain=<span class="emphasis"><em>domain_name</em></span>
+							</td><td>
+								The name of the LDAP server domain to use for the FreeIPA domain. This is usually based on the FreeIPA server's hostname.
+							</td></tr><tr><td>
+								-p <span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								--ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
+							</td><td>
+								The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
+							</td></tr><tr><td>
+								-r <span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								--realm=<span class="emphasis"><em>realm_name</em></span>
+							</td><td>
+								The name of the Kerberos realm to create for the FreeIPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Certificate Authority Options</strong></span>
+							</td></tr><tr><td>
+								--external-ca
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the FreeIPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
+							</td><td>
+
+							</td><td>
+								Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+							</td></tr><tr><td>
+								--external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+							</td><td>
+
+							</td><td>
+								Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+							</td></tr><tr><td>
+								--selfsign
+							</td><td>
+
+							</td><td>
+								Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the FreeIPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
+							</td></tr><tr><td>
+								--subject=<span class="emphasis"><em>subject_DN</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>DNS Options</strong></span>
+							</td></tr><tr><td>
+								--forwarder=<span class="emphasis"><em>forwarder</em></span>
+							</td><td>
+
+							</td><td>
+								Gives a comma-separated list of DNS forwarders to use with the DNS service.
+							</td></tr><tr><td>
+								--no-forwarders
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--no-reverse
+							</td><td>
+
+							</td><td>
+								Uses root servers with the DNS service instead of forwarders.
+							</td></tr><tr><td>
+								--setup-dns
+							</td><td>
+
+							</td><td>
+								Tells the installation script to set up a DNS service within the FreeIPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
+							</td></tr><tr><td>
+								--zonemgr=<span class="emphasis"><em>email_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Kerberos Options</strong></span>
+							</td></tr><tr><td>
+								--ip-address=<span class="emphasis"><em>ip_address</em></span>
+							</td><td>
+
+							</td><td>
+								Gives the IP address of the Kerberos master KDC. This can be used if there are multiple FreeIPA servers in the same realm.
+							</td></tr><tr><td>
+								-P <span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								--master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
+							</td><td>
+								The password for the KDC account. This is randomly generated if no value is given.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>NTP Options</strong></span>
+							</td></tr><tr><td>
+								-N, --no-ntp
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> configure the NTP service for the FreeIPA server. This is normally done by default. 
+								<div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+										If the FreeIPA server is running as a virtual guest, it should not run an NTP service.
+									</div></div></div>
+
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>FreeIPA Server Configuration Options</strong></span>
+							</td></tr><tr><td>
+								--idmax=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the upper bound for IDs which can be assigned by the FreeIPA server. The default value is the ID start value plus 199999.
+							</td></tr><tr><td>
+								--idstart=<span class="emphasis"><em>number</em></span>
+							</td><td>
+
+							</td><td>
+								Sets the lower bound (starting value) for IDs which can be assigned by the FreeIPA server. The default value is randomly selected.
+							</td></tr><tr><td>
+								--no_hbac_allow
+							</td><td>
+
+							</td><td>
+								Disables the <code class="command">allow_all</code> rule for host-based access control in the FreeIPA domain.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>Other Setup Options</strong></span>
+							</td></tr><tr><td>
+								--no-host-dns
+							</td><td>
+
+							</td><td>
+								Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the FreeIPA server machine during the installation process.
+							</td></tr><tr><td>
+								-U
+							</td><td>
+								--unattended
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
+							</td></tr><tr><td>
+								--uninstall
+							</td><td>
+
+							</td><td>
+								Uninstalls an existing FreeIPA server.
+							</td></tr><tr><td colspan="3">
+								<span class="bold bold"><strong>General Tool Options</strong></span>
+							</td></tr><tr><td>
+								-d
+							</td><td>
+								--debug
+							</td><td>
+								Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
+							</td></tr><tr><td>
+								-h
+							</td><td>
+								--help
+							</td><td>
+								Prints the help information for the <code class="command">ipa-server-install</code> command.
+							</td></tr><tr><td>
+								--version
+							</td><td>
+
+							</td><td>
+								Prints the version number of the <code class="command">ipa-server-install</code> command.
+							</td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3449036" href="#id3449036" class="para">a</a>] </sup>
+									The installation script will prompt for these options if they are not passed with the script.
+								</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
+				All that is required to set up a FreeIPA server is to run the <code class="command">ipa-server-install</code> script. This launchs the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Run the <code class="command">ipa-server-install</code> script.
+					</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install</span></pre></li><li class="listitem"><div class="para">
+						Enter the hostname. This is determined automatically using reverse DNS.
+					</div><pre class="programlisting">Server host name [ipa2.server.example.com]:</pre></li><li class="listitem"><div class="para">
+						Enter the domain name. This is determined automatically based on the hostname.
+					</div><pre class="programlisting">Please confirm the domain name [example.com]:</pre></li><li class="listitem"><div class="para">
+						The script then reprints the hostname, IP address, and domain name.
+					</div><pre class="programlisting">The IPA Master Server will be configured with
+<span class="perl_BString">Hostname</span>:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre></li><li class="listitem"><div class="para">
+						Enter the new Kerberos realm name. This is usually based on the domain name.
+					</div><pre class="programlisting">Please provide a realm name [EXAMPLE.COM]:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the Directory Server superuser, <code class="command">cn=Directory Manager</code>. There are password strength requirements for this password, including a minimum password length.
+					</div><pre class="programlisting">Directory Manager password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						Enter the password for the FreeIPA system user account, <code class="command">admin</code>. This user is created on the machine.
+					</div><pre class="programlisting">IPA admin password:
+Password <span class="perl_Keyword">(</span>confirm<span class="perl_Keyword">)</span>:</pre></li><li class="listitem"><div class="para">
+						After that, the script configures all of the associated services for FreeIPA, with task counts and progress bars.
+					</div><pre class="programlisting">Configuring ntpd
+  [1/4]: stopping ntpd
+ ...
+<span class="perl_Keyword">done</span> configuring ntpd.
+
+Configuring directory server <span class="perl_Keyword">for</span> the CA: Estimated time 30 seconds
+  [1/3]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring pkids.
+
+Configuring certificate server: Estimated time 6 minutes
+  [1/17]: creating certificate server user
+....
+<span class="perl_Keyword">done</span> configuring pki-cad.
+
+Configuring directory server: Estimated time 1 minute
+  [1/32]: creating directory server user
+...
+<span class="perl_Keyword">done</span> configuring dirsrv.
+
+Configuring Kerberos KDC: Estimated time 30 seconds
+  [1/14]: setting KDC account password
+...
+<span class="perl_Keyword">done</span> configuring krb5kdc.
+
+Configuring ipa_kpasswd
+  [1/2]: starting ipa_kpasswd
+  [2/2]: configuring ipa_kpasswd to start on boot
+<span class="perl_Keyword">done</span> configuring ipa_kpasswd.
+
+Configuring the web interface: Estimated time 1 minute
+  [1/12]: disabling mod_ssl <span class="perl_Keyword">in</span> httpd
+...
+<span class="perl_Keyword">done</span> configuring httpd.
+Setting the certificate subject base
+restarting certificate server
+Applying LDAP updates
+Restarting the directory server
+Restarting the KDC
+Restarting the web server
+Sample zone <span class="perl_BString">file</span> <span class="perl_Keyword">for</span> <span class="perl_Reserved">bind</span> has been created <span class="perl_Keyword">in</span> /tmp/sample.zone.ygzij5.db
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+						Restart the <code class="systemitem">SSH</code> service to retrive the Kerberos principal and to refresh the name server switch (NSS) configuration file: 
+<pre class="programlisting"><span class="perl_Comment"># service sshd restart</span></pre>
+
+					</div></li><li class="listitem"><div class="para">
+						Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
+					</div><pre class="programlisting">$ kinit admin
+Password <span class="perl_Keyword">for</span> admin at EXAMPLE.COM:</pre></li><li class="listitem"><div class="para">
+						Test the FreeIPA configuration by running a command like <code class="command">ipa user-find</code>. For example:
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa user-find admin</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>  --------------
+  1 user matched
+  --------------
+  User <span class="perl_BString">login</span>: admin
+  <span class="perl_BString">Last</span> name: Administrator
+  Home directory: /home/admin
+  <span class="perl_BString">Login</span> shell: /bin/bash
+  Account disabled: <span class="perl_BString">False</span>
+  Member of <span class="perl_BString">groups</span>: admins
+  ----------------------------
+  Number of entries returned 1
+  ----------------------------</pre></li></ol></div></div><div class="section" id="install-examples"><div class="titlepage"><div><div><h3 class="title" id="install-examples">1.3.3. Examples of Creating the FreeIPA Server</h3></div></div></div><div class="para">
+				The way that a FreeIPA server is installed can be different depending on the network environment, security requirements within the organization, and the desired topology. These example illustrate some common options when installing the server. These examples are not mutually exclusive; it is entirely possible to use CA options, DNS options, and FreeIPA configuration options in the same server invocation. These are called out separately simply to make it more clear what each configuration area requires.
+			</div><div class="section" id="install-normal"><div class="titlepage"><div><div><h4 class="title" id="install-normal">1.3.3.1. Non-Interactive Basic Installation</h4></div></div></div><div class="para">
+					As shown in <a class="xref" href="creating-server.html#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>, only a few pieces of information are required to configured a FreeIPA server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
+				</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Passwords for the FreeIPA administrative user and the Directory Server super user (Directory Manager)
+						</div></li><li class="listitem"><div class="para">
+							The server hostname
+						</div></li><li class="listitem"><div class="para">
+							The Kerberos realm name
+						</div></li><li class="listitem"><div class="para">
+							The DNS domain name
+						</div></li></ul></div><div class="para">
+					This information can be passed with the <code class="command">ipa-server-install</code>, along with the <code class="option">-U</code> to force it to run without requiring user interaction.
+				</div><div class="example" id="ex.basic-opts"><h6>Example 1.1. Basic Installation without Interaction</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U</span></pre><div class="para">
+						The script then prints the submitted values:
+					</div><pre class="programlisting">To accept the default shown in brackets, press the Enter key.
+
+The IPA Master Server will be configured with
+Hostname:    ipa2.server.example.com
+IP address:  1.2.3.4
+Domain name: example.com</pre><div class="para">
+						Then the script runs through the configuration progress for each FreeIPA service, as in <a class="xref" href="creating-server.html#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>.
+					</div></div></div><br class="example-break" /></div><div class="section" id="install-ca-options"><div class="titlepage"><div><div><h4 class="title" id="install-ca-options">1.3.3.2. Using Different CAs</h4></div></div></div><div class="para">
+					The default installation of FreeIPA uses an integrated Dogtag Certificate System instance as a certificate authority to issue certificates. However, this configuration is not required. FreeIPA only requires <span class="emphasis"><em>a</em></span> certificate authority. This can be an external CA like Verisign or a corporate CA inconjunction with the internal Certificate System, or it can even be the FreeIPA server itself, using a self-signed certificate.
+				</div><div class="para">
+					For the FreeIPA server itself to work as a CA, it uses a self-signed certificate, meaning that it approved and issued its own certificate. This is done by using the <code class="option">--selfsign</code> option with the <code class="command">ipa-server-install</code> command. When the FreeIPA server uses a self-signed certificate, the setup process is exactly the same as a normal installation, except that no Dogtag Certificate System instance is created. There is still a <code class="filename">cacert.p12</code> file created that can be used by replicas and the domain functions exactly the same. The only difference is what CA issues the certificates.
+				</div><div class="example" id="ex.selfsigned"><h6>Example 1.2. Using a Self-Signed Certificate</h6><div class="example-contents"><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12 --hostname=ipa2.server.example.com -r EXAMPLE.COM -p secret12 -n example.com -U --selfsign</span></pre></div></div><br class="example-break" /><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+						A self-signed certificate should only be used for a testing or development environment. A production environment should use the Dogtag Certificate System instance or an external, public CA.
+					</div></div></div><div class="para">
+					Alternatively, the FreeIPA server can use a certificate issued by an external CA. This can be a corporate CA or a third-party CA like Verisign or Thawte. As with a normal setup process, using an external CA still uses a Dogtag Certificate System instance for the FreeIPA server for issuing all of its client and replica certificates; the initial CA certificate is simply issued by a different CA.
+				</div><div class="para">
+					When using an external CA, there are two additional steps that must be performed: submit the generated certificate request to the external CA and then load the CA certificate and issued server certificate to complete the setup.
+				</div><div class="example" id="ex.externalca"><h6>Example 1.3. Using an External CA</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--external-ca</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --external-ca</span></pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP and Directory Server services as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script completes the CA setup and returns information about where the certificate signing request (CSR) is located, <code class="filename">/root/ipa.csr</code>. This request must be submitted to the external CA.
+							</div><pre class="programlisting">Configuring certificate server: Estimated time 6 minutes
+  [1/4]: creating certificate server user
+  [2/4]: creating pki-ca instance
+  [3/4]: restarting certificate server
+  [4/4]: configuring certificate server instance
+The next step is to get /root/ipa.csr signed by your CA and re-run ipa-server-install.</pre></li><li class="listitem"><div class="para">
+								Submit the request to the CA. The process differs for every service.
+							</div></li><li class="listitem"><div class="para">
+								Retrieve the issued certificate and the CA certificate chain for the issuing CA. Again, the process differs for every certificate service, but there is usually a download link on a web page or in the notification email that allows administrators to download all the required certificates. Be sure to get the full certificate chain for the CA, not just the CA certificate.
+							</div></li><li class="listitem"><div class="para">
+								Rerun <code class="command">ipa-server-install</code>, specifying the locations and names of the certificate and CA chain files. For example:
+							</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install --external_cert_file=/tmp/servercert20110601.p12 --external_ca_file=/tmp/cacert.p12</span></pre></li><li class="listitem"><div class="para">
+								Complete the setup process and verify that everything is working as expected, as in <a class="xref" href="creating-server.html#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /></div><div class="section" id="install-dns"><div class="titlepage"><div><div><h4 class="title" id="install-dns">1.3.3.3. Using DNS</h4></div></div></div><div class="para">
+					FreeIPA can be configured to manage its own DNS, use an existing DNS, or not use DNS services at all (which is the default). Running the setup script alone does not configure DNS; this requires the <code class="option">--setup-dns</code> option.
+				</div><div class="para">
+					As with a basic setup, the DNS setup can either prompt for the required information or the DNS information can be passed with the script to allow an automatic or unattended setup process.
+				</div><div class="example" id="ex.dns-w-prompts"><h6>Example 1.4. Interactive DNS Setup</h6><div class="example-contents"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Run the <code class="command">ipa-server-install</code> script, using the <code class="option">--setup-dns</code> option.
+							</div><pre class="programlisting"><span class="perl_Comment">#  ipa-server-install -a secret12  -r EXAMPLE.COM -P password -p secret12 -n ipa.server.example.com --setup-dns</span></pre></li><li class="listitem"><div class="para">
+								The script configures the hostname and domain name as normal.
+							</div></li><li class="listitem"><div class="para">
+								The script then prompts for DNS forwarders. If forwarders will be used, enter yes, and then supply the list of DNS servers. If FreeIPA will manage its own DNS service, then enter no.
+							</div><pre class="programlisting">Do you want to configure DNS forwarders? [<span class="perl_BString">yes</span>]: no
+No DNS forwarders configured</pre></li><li class="listitem"><div class="para">
+								The script sets up the NTP, Directory Server, Certificate System, Kerberos, and Apache services.
+							</div></li><li class="listitem"><div class="para">
+								Before completing the configuration, the script prompts to ask whether it should configure reverse DNS services. If you select yes, then it configures the <code class="systemitem">named</code> service.
+							</div><pre class="programlisting">Do you want to configure the reverse zone? [<span class="perl_BString">yes</span>]: <span class="perl_BString">yes</span>
+Configuring named:
+  [1/9]: adding DNS container
+  [2/9]: setting up our zone
+  [3/9]: setting up reverse zone
+  [4/9]: setting up our own record
+  [5/9]: setting up kerberos principal
+  [6/9]: setting up named.conf
+  [7/9]: restarting named
+  [8/9]: configuring named to start on boot
+  [9/9]: changing resolv.conf to point to ourselves
+<span class="perl_Keyword">done</span> configuring named.
+==============================================================================
+Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"><div class="para">
+								Verify that everything is working as expected, as in <a class="xref" href="creating-server.html#install-interactive">Section 1.3.2, “Setting up a FreeIPA Server: Basic Interactive Installation”</a>.
+							</div></li></ol></div></div></div><br class="example-break" /><div class="para">
+					If DNS is used with FreeIPA, then two pieces of information are required: any DNS forwarders that will be used and using (or not) reverse DNS. To perform a non-interactive setup, this information can be passed using the <code class="option">--forwarder | --no-forwarders</code> option and <code class="option">--no-reverse</code> option.
+				</div><div class="example" id="ex.dns-script"><h6>Example 1.5. Setting up DNS Non-Interactively</h6><div class="example-contents"><div class="para">
+						To use DNS always requires the <code class="option">--setup-dns</code>. To user forwarders, use the <code class="option">--forwarder</code> with a comma-separated list of forwarders.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --forwarder=1.2.3.0,1.2.255.0</span></pre><div class="para">
+						Some kind of forwarder information is required. If no external forwarders will be used with the FreeIPA DNS service, then use the <code class="option">--no-forwarders</code> option to indicate that only root servers will be used.
+					</div><div class="para">
+						The script always assumes that reverse DNS is configured along with DNS, so it is not necessary to use any options to <span class="emphasis"><em>enable</em></span> reverse DNS. To disable reverse DNS, use the <code class="option">--no-reverse</code> option.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">1.3.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id3330012">GSS Failures When Running IPA Commands</h5>
+					Immediately after installation, there can be Kerberos problems when trying to run an <code class="command">ipa-*</code> command. For example:
+				</div><pre class="programlisting">ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may provide more information', 851968)/('Decrypt integrity check failed', -1765328353)</pre><div class="para">
+				There are two potential causes for this:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						DNS is not properly configured.
+					</div></li><li class="listitem"><div class="para">
+						Active Directory is in the same domain as the FreeIPA server.
+					</div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3252890">named Daemon Fails to Start</h5>
+					If a FreeIPA server is configured to manage DNS and is set up successfully, but the <code class="systemitem">named</code> service fails to start, this can indicate that there is a package conflict. Check the <code class="filename">/var/log/messages</code> file for error messages related to the <code class="command">named</code> service and the <code class="filename">ldap.so</code> library:
+				</div><pre class="screen">ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory</pre><div class="para">
+				This usually means that the <span class="package">bind-chroot</span> package is installed and is preventing the <code class="systemitem">named</code> service from starting. To resolve this issue, remove the <span class="package">bind-chroot</span> package and then restart the FreeIPA server. 
+<pre class="programlisting"><span class="perl_Comment"># yum remove bind-chroot</span><span class="perl_Comment"></span>
+<span class="perl_Comment"></span>
+<span class="perl_Comment"># ipactl restart</span></pre>
+
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Installing_the_IPA_Server_Packages.html"><strong>Prev</strong>1.2. Installing the FreeIPA Server Packages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html"><strong>Next</strong>1.4. Setting up FreeIPA Replicas</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/deployment-scenarios.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/deployment-scenarios.html
new file mode 100644
index 0000000..6d415b7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/deployment-scenarios.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Planning IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="prev" href="policy.html" title="1.3. Defining Policies: Authorization" /><link rel="next" href="installing-ipa.html" title="Chapter 2. Installing an IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="policy.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="
 installing-ipa.html"><strong>Next</strong></a></li></ul><div class="section" id="deployment-scenarios"><div class="titlepage"><div><div><h2 class="title" id="deployment-scenarios">1.4. Planning IPA</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="policy.html"><strong>Prev</strong>1.3. Defining Policies: Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="installing-ipa.html"><strong>Next</strong>Chapter 2. Installing an IPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html
new file mode 100644
index 0000000..e5e0727
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.6. Disabling Anonymous Binds</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="search-limits.html" title="12.5. Setting Default Search Limits" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html" title="12.7. Implementing Unique UID and GID Attributes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
 lass="previous"><a accesskey="p" href="search-limits.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Next</strong></a></li></ul><div class="section" id="disabling-anon-binds"><div class="titlepage"><div><div><h2 class="title" id="disabling-anon-binds">12.6. Disabling Anonymous Binds</h2></div></div></div><div class="para">
+			Even though the XML-RPC and WebUI always require authentication, the default IPA configuration allows anonymous binds to the LDAP port by anyone in the same domain as the IPA server, and consequent retrieval of a range of data, including user, group, netgroup, host, host group, and service records. This is generally considered insecure, and some RFC standards require that it be disabled to achieve compliance. With anonymous binds disabled, all connections to the directory server need to provide a valid identity.
+		</div><div class="para">
+			To disable anonymous binds, perform this LDAP modification: 
+<pre class="screen"><code class="command"># ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password:
+dn: cn=config
+changetype: modify
+replace: nsslapd-allow-anonymous-access
+nsslapd-allow-anonymous-access: off
+
+<code class="command"># service dirsrv restart</code></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="search-limits.html"><strong>Prev</strong>12.5. Setting Default Search Limits</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Next</strong>12.7. Implementing Unique UID and GID Attributes</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html
new file mode 100644
index 0000000..8c2db1c
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4. Document Change History</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="feedback.html" title="3. Giving Feedback" /><link rel="next" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="feedback.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="installing-ipa.html"><strong>
 Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="doc-history" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="doc-history">4. Document Change History</h2></div></div></div><div class="para">
+		<div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+					<table border="0" summary="Simple list" class="simplelist"><tr><td>Beginning draft for the Fedora docs project.</td></tr></table>
+
+				</td></tr></table></div>
+
+	</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="feedback.html"><strong>Prev</strong>3. Giving Feedback</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="installing-ipa.html"><strong>Next</strong>Chapter 1. Installing a FreeIPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html
new file mode 100644
index 0000000..03e8ff9
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Editing Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="adding-users.html" title="5.2. Adding Users" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html" title="5.4. Activating and Deactivating User Accounts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
 evious"><a accesskey="p" href="adding-users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" id="editing-users"><div class="titlepage"><div><div><h2 class="title" id="editing-users">5.3. Editing Users</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa user-mod</code> command to modify user account details, such as adding, removing or changing attributes. Refer to the following examples:
+		</div><div class="para">
+			To update attributes for the user <code class="systemitem">jsmith</code>:
+		</div><div class="para">
+			<code class="command">$ ipa user-mod jsmith <code class="option">--email=johnsmith at mydomain.com</code> <code class="option">--title=Editor</code></code>
+		</div><div class="para">
+			To retrieve a list of attributes for a user:
+		</div><div class="para">
+			<code class="command">$ ipa user-show --raw &lt;user name&gt;</code>
+		</div><div class="para">
+			The list of attributes corresponds to those available in the web interface, not including any custom attributes that may have been defined.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="adding-users.html"><strong>Prev</strong>5.2. Adding Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Next</strong>5.4. Activating and Deactivating User Accounts</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html
new file mode 100644
index 0000000..6a9a9b4
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Enrolling Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="prev" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="next" href="renaming-machines.html" title="4.3. Renaming Machines" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="managing-clients.html"><strong>Prev
 </strong></a></li><li class="next"><a accesskey="n" href="renaming-machines.html"><strong>Next</strong></a></li></ul><div class="section" id="enrolling-machines"><div class="titlepage"><div><div><h2 class="title" id="enrolling-machines">4.2. Enrolling Machines</h2></div></div></div><div class="para">
+			Enrollment is the process whereby a host entry is created and saved in the directory server, and a keytab for that host entry is generated on the server and provisioned to the client. This keytab is saved with specific ownership and permission properties in a specific directory on the client.
+		</div><div class="para">
+			With the host entry successfully created and the keytab in place, enrollment is complete and the client machine can now automatically connect to and communicate with the FreeIPA server.
+		</div><div class="para">
+			The enrollment process itself is performed by the <code class="command">ipa-client-install</code> command, part of the <span class="package">freeipa-client</span> package. After installing the client packages, the system administrator invokes this command, providing their Kerberos credentials as parameters. The <code class="command">ipa-client-install</code> command authenticates against FreeIPA using these credentials.
+		</div><div class="para">
+			The actual steps that constitute the enrollment process are not consistent. Instead, they depend on the enrollment scenario being implemented. FreeIPA currently supports the following enrollment scenarios: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Manual host enrollment with privileged administrator
+					</div></li><li class="listitem"><div class="para">
+						Manual enrollment with separation of duties
+					</div></li><li class="listitem"><div class="para">
+						Bulk host deployment
+					</div></li></ul></div>
+
+		</div><div class="para">
+			These are examined in more detail below.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">4.2.1. Manual Host Enrollment with Privileged Administrator</h3></div></div></div><div class="para">
+				This scenario implements the following sequence of operations: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							The Administrator logs into the machine that they want to enroll with FreeIPA.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator installs the FreeIPA client packages on that machine.
+						</div></li><li class="listitem"><div class="para">
+							The Administrator runs the <code class="command">ipa-client-install</code> command, providing their Kerberos credentials as parameters.
+						</div><div class="para">
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										The <code class="command">ipa-client-install</code> command authenticates against FreeIPA using the administrator's credentials.
+									</div></li><li class="listitem"><div class="para">
+										The host entry for the machine is synthesized and saved in the directory server.
+									</div></li><li class="listitem"><div class="para">
+										The keytab is generated on the server and provisioned to the client machine.
+									</div></li></ul></div>
+
+						</div></li><li class="listitem"><div class="para">
+							The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+						</div></li></ol></div>
+
+			</div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the FreeIPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">4.2.2. Manual Host Enrollment with Separation of Duties</h3></div></div></div><div class="para">
+				This scenario assumes that there are different administrators with different levels of privileges regarding host-related operations. One administrator (A) can add and edit host entries, and thus enroll the hosts as described in <a class="xref" href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">Section 4.2.1, “Manual Host Enrollment with Privileged Administrator”</a>. The second administrator (B) has insufficient permissions to create host entries, but is allowed to enroll machines. The following sequence of operations is engaged:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Administrator A authorizes enrollment of a host by creating the host entry in the back end using the webUI or command-line script.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B installs the FreeIPA client packages on the machine.
+					</div></li><li class="listitem"><div class="para">
+						Administrator B invokes the enrollment script, providing their Kerberos credentials as parameters to the script.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script authenticates against FreeIPA using Administrator B's credentials.
+								</div></li><li class="listitem"><div class="para">
+									The keytab is generated on the server and provisioned to the client machine.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						The keytab is saved with <code class="systemitem">root:root</code> ownership and 0600 permissions, and in a specific directory on the client machine.
+					</div></li></ol></div><div class="para">
+				At this stage the enrollment is complete and the machine can now automatically connect to and communicate with the FreeIPA server.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">4.2.3. Bulk Host Deployment</h3></div></div></div><div class="para">
+				This scenario is very useful for automatic provisioning of multiple hosts (or virtual machines). In this scenario you can pre-create a number of hosts on the FreeIPA server and set passwords on them. You can use your kickstart operation to perform the enrollment. For example, the <span class="application"><strong>cobbler</strong></span> utility makes this relatively easy because you can store variables in the <span class="application"><strong>cobbler</strong></span> system configuration.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There are two ways to set the password. You can either supply your own or have FreeIPA generate a random one.
+				</div></div></div><div class="para">
+				This scenario implies the following sequence of operations:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						The host entry is pre-created on the FreeIPA server. This can be done using:
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The webUI – manually
+								</div></li><li class="listitem"><div class="para">
+									The command line interface – manually or using a script
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						When the entry is created a user password is set to a suitable value.
+					</div></li><li class="listitem"><div class="para">
+						The password is set to expire after the first authentication in the same way as the user password after it has been reset by an administrator.
+					</div></li><li class="listitem"><div class="para">
+						The bulk provisioning scripts and tools (such as kickstart) will be hard coded to use the same password that was used to create host entries on the server side.
+					</div><div class="para">
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									The script (kickstart) installs the FreeIPA packages.
+								</div></li><li class="listitem"><div class="para">
+									The script (kickstart) runs the enrollment script and passes in the password.
+								</div></li><li class="listitem"><div class="para">
+									The enrollment script connects to the FreeIPA server using the provided password and a bind DN derived from the machine name. It then authenticates using a simple bind over SSL.
+								</div></li></ul></div>
+
+					</div></li><li class="listitem"><div class="para">
+						Because the password is set to expire, the Kerberos keytab will be generated and the password attribute cleared.
+					</div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="managing-clients.html"><strong>Prev</strong>Chapter 4. Managing Clients in the FreeIPA Domain</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="renaming-machines.html"><strong>Next</strong>4.3. Renaming Machines</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html
new file mode 100644
index 0000000..23a824b
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3. Giving Feedback</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="Document_Conventions.html" title="2. Examples and Formatting" /><link rel="next" href="doc-history.html" title="4. Document Change History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Document_Conventions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="doc-history.h
 tml"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="feedback" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="feedback">3. Giving Feedback</h2></div></div></div><div class="para">
+		If there is any error in this book or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for FreeIPA through Bugzilla, <a href="http://bugzilla.redhat.com/bugzilla">http://bugzilla.redhat.com/bugzilla</a>. Make the bug report as specific as possible, so we can be more effective in correcting any issues:
+	</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+				Select the Other group and the freeIPA product.
+			</div></li><li class="listitem"><div class="para">
+				Set the component to Documentation.
+			</div></li><li class="listitem"><div class="para">
+				Set the version number to 2.1.
+			</div></li><li class="listitem"><div class="para">
+				For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.
+			</div><div class="para">
+				For enhancements, put in what information needs to be added and why.
+			</div></li><li class="listitem"><div class="para">
+				Give a clear title for the bug. For example, <code class="command">"Incorrect command example for setup script options"</code> is better than <code class="command">"Bad example"</code>.
+			</div></li></ol></div><div class="para">
+		We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact the Fedora docs team at <a href="mailto:docs at lists.fedoraproject.org">docs at lists.fedoraproject.org</a>.
+	</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Document_Conventions.html"><strong>Prev</strong>2. Examples and Formatting</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="doc-history.html"><strong>Next</strong>4. Document Change History</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/host-groups.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/host-groups.html
new file mode 100644
index 0000000..8a0396e
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/host-groups.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Creating Host Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="hosts.html" title="Chapter 7. Identity: Managing Hosts and Host Groups" /><link rel="prev" href="hosts.html" title="Chapter 7. Identity: Managing Hosts and Host Groups" /><link rel="next" href="kerberos.html" title="Chapter 8. Identity: Using IPA for a Kerberos Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="hosts.html"><strong>Prev</strong></a></li><l
 i class="next"><a accesskey="n" href="kerberos.html"><strong>Next</strong></a></li></ul><div class="section" id="host-groups"><div class="titlepage"><div><div><h2 class="title" id="host-groups">7.2. Creating Host Groups</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="hosts.html"><strong>Prev</strong>Chapter 7. Identity: Managing Hosts and Host Grou...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="kerberos.html"><strong>Next</strong>Chapter 8. Identity: Using IPA for a Kerberos Dom...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html
new file mode 100644
index 0000000..27e291d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Identity: Managing Hosts and Host Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="searching.html" title="6.8. Searching for Users and Groups" /><link rel="next" href="host-groups.html" title="7.2. Creating Host Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="searching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="host-groups.h
 tml"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="hosts" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Managing Hosts and Host Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="hosts.html#adding-hosts">7.1. Adding and Editing Hosts</a></span></dt><dt><span class="section"><a href="host-groups.html">7.2. Creating Host Groups</a></span></dt></dl></div><div class="para">
+		XXXXX introXXXXXXXX
+	</div><div class="section" id="adding-hosts"><div class="titlepage"><div><div><h2 class="title" id="adding-hosts">7.1. Adding and Editing Hosts</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="searching.html"><strong>Prev</strong>6.8. Searching for Users and Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="host-groups.html"><strong>Next</strong>7.2. Creating Host Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/ASCII_Cert_Export.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/ASCII_Cert_Export.png
new file mode 100644
index 0000000..6f6b16c
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/ASCII_Cert_Export.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/Accept_CA_No_Exception.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/Accept_CA_No_Exception.png
new file mode 100644
index 0000000..63758d3
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/Accept_CA_No_Exception.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_Migration_Final_State.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_Migration_Final_State.png
new file mode 100755
index 0000000..fe8b961
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_Migration_Final_State.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_Migration_Initial_State.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_Migration_Initial_State.png
new file mode 100644
index 0000000..c0aaaf3
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_Migration_Initial_State.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_arch.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_arch.png
new file mode 100644
index 0000000..7fc4bc1
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/IPA_arch.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/Select_User_WebUI.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/Select_User_WebUI.png
new file mode 100644
index 0000000..101c9c9
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/Select_User_WebUI.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/add_user.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/add_user.png
new file mode 100644
index 0000000..e7bda97
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/add_user.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/finalstate.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/finalstate.svg
new file mode 100755
index 0000000..85be850
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/finalstate.svg
@@ -0,0 +1,3241 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="444"
+   height="471.94431"
+   id="svg2"
+   sodipodi:version="0.32"
+   inkscape:version="0.48.0 r9654"
+   sodipodi:docname="finalstate.svg"
+   inkscape:output_extension="org.inkscape.output.svg.inkscape"
+   version="1.0"
+   inkscape:export-filename="C:\Users\elladeon\Desktop\finalstate.png"
+   inkscape:export-xdpi="90"
+   inkscape:export-ydpi="90">
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1"
+     inkscape:cx="124.79082"
+     inkscape:cy="133.55533"
+     inkscape:document-units="px"
+     inkscape:current-layer="g51234"
+     showgrid="false"
+     inkscape:window-width="1274"
+     inkscape:window-height="996"
+     inkscape:window-x="-39"
+     inkscape:window-y="80"
+     inkscape:window-maximized="0"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     showguides="false"
+     inkscape:guide-bbox="true">
+    <sodipodi:guide
+       id="guide6372"
+       position="301,506"
+       orientation="1,0" />
+  </sodipodi:namedview>
+  <defs
+     id="defs4">
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient3987"
+       id="radialGradient51340"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(1.886887,0,0,1.602074,-235.025,-437.5826)"
+       cx="265"
+       cy="789.56696"
+       fx="265"
+       fy="789.56696"
+       r="265" />
+    <linearGradient
+       id="linearGradient3987">
+      <stop
+         id="stop3989"
+         offset="0"
+         style="stop-color:#e3dcc0;stop-opacity:0;" />
+      <stop
+         id="stop3991"
+         offset="1"
+         style="stop-color:#e3dcc0;stop-opacity:1;" />
+    </linearGradient>
+    <pattern
+       patternTransform="matrix(0.375,0,0,0.375,379,437.7952)"
+       id="pattern4015"
+       xlink:href="#white-spots"
+       inkscape:collect="always" />
+    <pattern
+       patternTransform="matrix(0.593284,0,0,0.6723114,298.46193,1419.2297)"
+       id="pattern4062"
+       xlink:href="#pattern4015"
+       inkscape:collect="always" />
+    <pattern
+       patternUnits="userSpaceOnUse"
+       width="32"
+       height="32"
+       id="white-spots"
+       patternTransform="matrix(0.375,0,0,0.375,71.51384,20.36167)">
+      <g
+         inkscape:label="#g3035"
+         id="white-spot"
+         transform="translate(-484.3997,-513.505)">
+        <path
+           sodipodi:nodetypes="czzzz"
+           d="M 509.39967,529.50504 C 509.39967,534.47304 505.36767,538.50504 500.39967,538.50504 C 495.43167,538.50504 491.39967,534.47304 491.39967,529.50504 C 491.39967,524.53704 495.43167,520.50504 500.39967,520.50504 C 505.36767,520.50504 509.39967,524.53704 509.39967,529.50504 z "
+           id="path3033"
+           style="opacity:0.25;fill:white" />
+      </g>
+    </pattern>
+    <mask
+       id="mask4631">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-1) #000000;fill-opacity:1"
+         id="path4633" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1"
+       xlink:href="#linearGradient4584-7"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4" />
+    </linearGradient>
+    <mask
+       id="mask4631-7">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 0,0 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 0,0 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 0,0 z"
+         style="fill:url(#linearGradient4635-8) #000000;fill-opacity:1"
+         id="path4633-8" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8"
+       xlink:href="#linearGradient4584-70"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-70">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0" />
+    </linearGradient>
+    <pattern
+       inkscape:collect="always"
+       xlink:href="#pattern4062"
+       id="pattern51338"
+       patternTransform="matrix(0.44763582,0,0,0.35756317,1367.612,792.51535)" />
+    <mask
+       id="mask7729">
+      <rect
+         style="fill:url(#linearGradient7733) #000000;fill-opacity:1"
+         id="rect7731"
+         y="71.481766"
+         x="483.75613"
+         height="123.26292"
+         width="103.35121" />
+    </mask>
+    <linearGradient
+       gradientTransform="matrix(0.948176,0,0,0.948176,560.558,-440.533)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient7584"
+       id="linearGradient7733"
+       y2="595.06226"
+       x2="20.999998"
+       y1="539.95715"
+       x1="20.999998" />
+    <linearGradient
+       id="linearGradient7584">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7586" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7588" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.4388067"
+       y="-0.21940336"
+       width="1.2520971"
+       x="-0.12604854"
+       id="filter9847">
+      <feGaussianBlur
+         id="feGaussianBlur9849"
+         stdDeviation="1.7113675"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5805">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5807" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5809" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.3127669"
+       y="-0.15638345"
+       width="1.1948662"
+       x="-0.09743309"
+       id="filter5917">
+      <feGaussianBlur
+         id="feGaussianBlur5919"
+         stdDeviation="0.60257196"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.233731"
+       y="-0.11686549"
+       width="1.2466146"
+       x="-0.12330729"
+       id="filter9827">
+      <feGaussianBlur
+         id="feGaussianBlur9829"
+         stdDeviation="13.567379"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient8317-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop8319-5" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8321-8" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5557">
+      <stop
+         offset="0"
+         style="stop-color: rgb(0, 147, 217); stop-opacity: 1;"
+         id="stop5559" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5561" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5541">
+      <stop
+         offset="0"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 1;"
+         id="stop5543" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(123, 213, 255); stop-opacity: 0;"
+         id="stop5545" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10494">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0.754902;"
+         id="stop10496" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop10498" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10668">
+      <feGaussianBlur
+         id="feGaussianBlur10670"
+         stdDeviation="0.40041338"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5797">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5799" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5801" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8391">
+      <feGaussianBlur
+         id="feGaussianBlur8393"
+         stdDeviation="0.23516584"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5813">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5815" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(238, 238, 238); stop-opacity: 1;"
+         id="stop5817" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5931">
+      <stop
+         offset="0"
+         style="stop-color: rgb(162, 162, 162); stop-opacity: 1;"
+         id="stop5933" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5935" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter7106">
+      <feGaussianBlur
+         inkscape:collect="always"
+         stdDeviation="0.51373373"
+         id="feGaussianBlur7108" />
+    </filter>
+    <linearGradient
+       id="linearGradient7359-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7361-9" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop7363-3" />
+    </linearGradient>
+    <mask
+       id="mask7570-2">
+      <rect
+         style="fill:url(#linearGradient7574-6) #000000;fill-opacity:1"
+         id="rect7572-2"
+         y="60.362179"
+         x="536"
+         height="111"
+         width="86" />
+    </mask>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3"
+       id="linearGradient7574-6"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <linearGradient
+       id="linearGradient8481-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7576-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(137, 137, 137); stop-opacity: 1;"
+         id="stop7578-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7580-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5573-77">
+      <stop
+         offset="0"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5575-4" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5577-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5565-0">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5567-1" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5569-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5677-53">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5679-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5681-1" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter8351-5">
+      <feGaussianBlur
+         id="feGaussianBlur8353-2"
+         stdDeviation="0.21855907"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient5669-6">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop5671-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop5673-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       height="1.0124482"
+       y="-0.0062240968"
+       width="1.3332899"
+       x="-0.16664496"
+       id="filter8323-5">
+      <feGaussianBlur
+         id="feGaussianBlur8325-5"
+         stdDeviation="0.15442502"
+         inkscape:collect="always" />
+    </filter>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10486-9">
+      <feGaussianBlur
+         id="feGaussianBlur10488-0"
+         stdDeviation="0.36649474"
+         inkscape:collect="always" />
+    </filter>
+    <linearGradient
+       id="linearGradient10566-93">
+      <stop
+         offset="0"
+         style="stop-color: rgb(102, 102, 102); stop-opacity: 1;"
+         id="stop10568-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop10570-2" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient5685-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop5687-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop5689-7" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6414-3">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop6416-21" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop6418-9" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6398-9">
+      <stop
+         offset="0"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 1;"
+         id="stop6400-0" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(136, 138, 133); stop-opacity: 0;"
+         id="stop6402-3" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient6478-4">
+      <stop
+         offset="0"
+         style="stop-color: rgb(153, 153, 153); stop-opacity: 1;"
+         id="stop6480-2" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(211, 215, 207); stop-opacity: 0;"
+         id="stop6482-6" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient7808-7">
+      <stop
+         offset="0"
+         style="stop-color: rgb(171, 171, 171); stop-opacity: 1;"
+         id="stop7810-7" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop7812-0" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient10554-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(168, 168, 168); stop-opacity: 1;"
+         id="stop10556-8" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(204, 204, 204); stop-opacity: 1;"
+         id="stop10558-7" />
+    </linearGradient>
+    <filter
+       color-interpolation-filters="sRGB"
+       id="filter10534-4">
+      <feGaussianBlur
+         id="feGaussianBlur10536-7"
+         stdDeviation="0.50670758"
+         inkscape:collect="always" />
+    </filter>
+    <mask
+       id="mask4631-8">
+      <path
+         inkscape:connector-curvature="0"
+         d="m 75.739162,940.09671 -21.152457,11.75719 16.383671,17.20912 20.393786,-10.42977 -15.625,-18.53654 z m 41.907518,0 -21.170524,11.75719 16.401734,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 41.69075,0 -21.17052,11.75719 16.40173,17.20912 20.37572,-10.42977 -15.60693,-18.53654 z m 42.50361,0 -21.15246,11.75719 16.38367,17.20912 20.37573,-10.42977 -15.60694,-18.53654 z"
+         style="fill:url(#linearGradient4635) #000000;fill-opacity:1"
+         id="path4633-3" />
+    </mask>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635"
+       xlink:href="#linearGradient4584"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588" />
+    </linearGradient>
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4708"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4710"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4712"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4714"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4716"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4718"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4720"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4722"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4724"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4726"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4728"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4730"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4732"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4734"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient4736"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4738"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4740"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4742"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient4744"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5142"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5144"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5146"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5148"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5150"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5152"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5154"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5156"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5158"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5160"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5162"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5164"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5166"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5168"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5170"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5172"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5174"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5176"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5178"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5370"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5372"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5374"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5376"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5378"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5380"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5382"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5384"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5386"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5388"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5390"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5392"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5394"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5396"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5398"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5400"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5402"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5404"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5406"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5451"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5453"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="70.580994"
+       x1="802.88586"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5455"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5457"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5459"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5461"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5463"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="66.058411"
+       x2="-33.10799"
+       y1="68.874535"
+       x1="-32.349804"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5465"
+       xlink:href="#linearGradient5805"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="69.928268"
+       x2="-32.08812"
+       y1="73.162025"
+       x1="-31.529013"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5467"
+       xlink:href="#linearGradient5813"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="87.987663"
+       x2="553.82892"
+       y1="143.48891"
+       x1="498.3277"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5469"
+       xlink:href="#linearGradient8317-3"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.769058"
+       x2="777.69415"
+       y1="67.561554"
+       x1="806.19238"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5471"
+       xlink:href="#linearGradient5931"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="19.587532"
+       x2="-33.330555"
+       y1="64.869919"
+       x1="-33.330555"
+       gradientTransform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5473"
+       xlink:href="#linearGradient5557"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.12331"
+       fx="-11.992359"
+       cy="49.12331"
+       cx="-11.992359"
+       gradientTransform="matrix(1.23481,-3.15687,3.71836,-0.841367,374.017,118.065)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5475"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="124.24792"
+       fx="548.88446"
+       cy="124.24792"
+       cx="548.88446"
+       gradientTransform="matrix(-0.272689,1.93447,-1.62308,-0.228795,890.038,-924.136)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5477"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <linearGradient
+       y2="57.699898"
+       x2="-17.546682"
+       y1="35.501328"
+       x1="-50.000641"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient5479"
+       xlink:href="#linearGradient5797"
+       inkscape:collect="always" />
+    <radialGradient
+       r="9.4923868"
+       fy="49.478912"
+       fx="-9.7009583"
+       cy="49.478912"
+       cx="-9.7009583"
+       gradientTransform="matrix(-2.53808,-1.98681,-7.64286,-0.529524,895.739,119.975)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5481"
+       xlink:href="#linearGradient5541"
+       inkscape:collect="always" />
+    <radialGradient
+       r="15.172215"
+       fy="121.54527"
+       fx="544.67078"
+       cy="121.54527"
+       cx="544.67078"
+       gradientTransform="matrix(0.560495,1.21748,3.33613,-0.143994,-164.909,-535.945)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5483"
+       xlink:href="#linearGradient10494"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5485"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <radialGradient
+       r="8.3085051"
+       fy="264.64523"
+       fx="483.13071"
+       cy="264.64523"
+       cx="483.13071"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       gradientUnits="userSpaceOnUse"
+       id="radialGradient5487"
+       xlink:href="#linearGradient7359-4"
+       inkscape:collect="always" />
+    <linearGradient
+       id="linearGradient4584-70-8-6">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-3-8-9" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-0-3-2" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-8-1-4"
+       xlink:href="#linearGradient4584-70-8-6"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient4584-7-8-5">
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         offset="0"
+         id="stop4586-0-9-4" />
+      <stop
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         offset="1"
+         id="stop4588-4-6-0" />
+    </linearGradient>
+    <linearGradient
+       x1="205"
+       y1="114.00015"
+       x2="205"
+       y2="132.71391"
+       id="linearGradient4635-1-4-2"
+       xlink:href="#linearGradient4584-7-8-5"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.578035,0,0,1.51706,41.2919,774.69)" />
+    <linearGradient
+       id="linearGradient8481-3-1">
+      <stop
+         offset="0"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 1;"
+         id="stop8483-80-3" />
+      <stop
+         offset="1"
+         style="stop-color: rgb(255, 255, 255); stop-opacity: 0;"
+         id="stop8485-3-7" />
+    </linearGradient>
+    <linearGradient
+       gradientTransform="translate(0,-337)"
+       gradientUnits="userSpaceOnUse"
+       xlink:href="#linearGradient8481-3-1"
+       id="linearGradient7574-6-7"
+       y2="460.97229"
+       x2="596.48529"
+       y1="416.72614"
+       x1="596.48529" />
+    <marker
+       style="overflow:visible"
+       id="TriangleInSQ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSQ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9776" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS7"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS7">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9779" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSg"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSg">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9782" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSG"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSG">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9785" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSE"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSE">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9788" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutSf"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutSf">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9791" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleInSJ"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleInSJ">
+      <path
+         transform="scale(-0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9794" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="TriangleOutS2"
+       refX="0.0"
+       refY="0.0"
+       orient="auto"
+       inkscape:stockid="TriangleOutS2">
+      <path
+         transform="scale(0.2)"
+         style="marker-start:none;stroke:#888a85;stroke-width:1.0pt;fill:#888a85;fill-rule:evenodd"
+         d="M 5.77,0.0 L -2.88,5.0 L -2.88,-5.0 L 5.77,0.0 z "
+         id="path9797" />
+    </marker>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7576-1"
+       id="linearGradient12740"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.585274"
+       y1="39.151588"
+       x2="29.061579"
+       y2="21.046715" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12742"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="21.322929"
+       y1="44.46735"
+       x2="34.585835"
+       y2="30.312105" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12744"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="17.246363"
+       y1="51.641129"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12746"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12748"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12750"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12752"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5685-1"
+       id="linearGradient12754"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,59.2801)"
+       x1="42.074207"
+       y1="42.648251"
+       x2="42.382099"
+       y2="30.0221" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12756"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12758"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6398-9"
+       id="linearGradient12760"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="610.89215"
+       y2="124.13597" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12762"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="translate(0,-29)"
+       x1="603.48352"
+       y1="145.48944"
+       x2="603.48352"
+       y2="141.11491" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12764"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,55.7801)"
+       x1="41.126476"
+       y1="36.09766"
+       x2="44.599358"
+       y2="35.376236" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12766"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,64.6801)"
+       x1="53.072731"
+       y1="36.17104"
+       x2="35.096169"
+       y2="33.830193" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12768"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12770"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7808-7"
+       id="linearGradient12772"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="37.260498"
+       y1="27.37009"
+       x2="17.47529"
+       y2="37.98819" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5573-77"
+       id="linearGradient12774"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="27.247866"
+       y1="46.597134"
+       x2="20.776503"
+       y2="33.722939" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12776"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="16.030468"
+       y1="50.84045"
+       x2="6.7207007"
+       y2="25.829727" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5677-53"
+       id="linearGradient12778"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="19.892136"
+       y1="35.069866"
+       x2="13.912579"
+       y2="38.493023" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5669-6"
+       id="linearGradient12780"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="23.121851"
+       y1="33.643894"
+       x2="48.511173"
+       y2="28.369732" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12782"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12784"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10554-1"
+       id="linearGradient12786"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="48.126881"
+       y1="35.527008"
+       x2="35.096169"
+       y2="33.830193" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12788"
+       gradientUnits="userSpaceOnUse"
+       x1="599.35095"
+       y1="96.853073"
+       x2="601.25159"
+       y2="112.46191" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient10566-93"
+       id="linearGradient12790"
+       gradientUnits="userSpaceOnUse"
+       x1="605.41681"
+       y1="103.70177"
+       x2="606.94116"
+       y2="113.69411" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6414-3"
+       id="linearGradient12792"
+       gradientUnits="userSpaceOnUse"
+       x1="603.25"
+       y1="140.36218"
+       x2="603.7171"
+       y2="144.12111" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient6478-4"
+       id="linearGradient12794"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.650376,1.92597,3.13085,-0.716908,461.931,84.7801)"
+       x1="45.470558"
+       y1="35.187798"
+       x2="40.255276"
+       y2="36.286098" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient5565-0"
+       id="linearGradient12796"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.587295,1.73917,2.82718,-0.647373,475.354,90.1801)"
+       x1="55.874207"
+       y1="35.072224"
+       x2="37.686401"
+       y2="33.083126" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12798"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12800"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12802"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+    <radialGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient7359-4"
+       id="radialGradient12804"
+       gradientUnits="userSpaceOnUse"
+       gradientTransform="matrix(0.851063,0,0,0.851063,71.9558,39.4153)"
+       cx="483.13071"
+       cy="264.64523"
+       fx="483.13071"
+       fy="264.64523"
+       r="8.3085051" />
+  </defs>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="translate(-33.785574,76.85193)"
+     id="layer1"
+     inkscape:groupmode="layer"
+     inkscape:label="Layer 1">
+    <g
+       transform="translate(20.785574,15.148096)"
+       id="g1758">
+      <g
+         inkscape:label="Layer 1"
+         id="layer1-8"
+         style="display:inline"
+         transform="translate(-204.5471,-8.3623809)">
+        <g
+           id="g51234">
+          <g
+             inkscape:label="#g4018"
+             id="background"
+             transform="matrix(0.83773585,0,0,1.0487651,217.5471,-715.37408)">
+            <rect
+               style="fill:#e3dcc0"
+               id="rect1933"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+            <rect
+               ry="19.070024"
+               rx="23.873896"
+               y="602.36218"
+               x="0"
+               height="450"
+               width="530"
+               id="rect3092"
+               style="fill:url(#pattern51338);fill-opacity:1" />
+            <rect
+               style="fill:url(#radialGradient51340);fill-opacity:1"
+               id="rect3985"
+               width="530"
+               height="450"
+               x="0"
+               y="602.36218"
+               rx="23.873896"
+               ry="19.070024" />
+          </g>
+          <g
+             inkscape:label="Layer 1"
+             id="layer1-0"
+             transform="matrix(0,1,-1,0,-569.42108,5708.5683)">
+            <rect
+               width="0"
+               height="24.171429"
+               rx="60.428574"
+               ry="24.171429"
+               x="-788.32996"
+               y="3808.3428"
+               id="rect5314-36"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="translate(511.139,-788.394)"
+               id="g8484" />
+            <g
+               transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+               id="g6374"
+               style="fill:#ffffff" />
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="420.08853"
+               y="-763.33875"
+               id="rect5314-1-2"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+               style="opacity:0.30729232"
+               mask="url(#mask4631)"
+               id="g4596" />
+            <g
+               transform="translate(235.628,616.018)"
+               id="g3002" />
+            <g
+               transform="translate(71.1162,-7.34373)"
+               id="g4898">
+              <g
+                 id="g4900-4">
+                <g
+                   id="g4902-3" />
+              </g>
+            </g>
+            <g
+               transform="translate(979.728,-180.625)"
+               id="g3002-4-7" />
+            <g
+               transform="translate(815.216,-803.987)"
+               id="g4898-9-7">
+              <g
+                 id="g4900-9-8">
+                <g
+                   id="g4902-1-1" />
+              </g>
+            </g>
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text19594-4"
+               y="276.983"
+               x="500.69299"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan19596-6"
+                 y="276.983"
+                 x="500.69299" /></text>
+            <g
+               transform="translate(916.728,50.3749)"
+               id="g3002-3-2" />
+            <g
+               transform="translate(752.216,-572.987)"
+               id="g4898-2-2">
+              <g
+                 id="g4900-7-1">
+                <g
+                   id="g4902-8-8" />
+              </g>
+            </g>
+            <g
+               transform="translate(-218.272,-381.625)"
+               id="g21694-0">
+              <text
+                 sodipodi:linespacing="125%"
+                 x="321.965"
+                 y="658.60797"
+                 id="text21702-5"
+                 xml:space="preserve"
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                   x="321.965"
+                   y="658.60797"
+                   id="tspan21704-1" /></text>
+            </g>
+            <rect
+               width="0"
+               height="6"
+               rx="15"
+               ry="6"
+               x="1173.8944"
+               y="303.50519"
+               id="rect5314-3-3"
+               style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+            <g
+               inkscape:label="Layer 1"
+               id="layer1-4"
+               transform="translate(212.407,560.774)">
+              <rect
+                 width="0"
+                 height="24.171429"
+                 rx="60.428574"
+                 ry="24.171429"
+                 x="-788.32996"
+                 y="3808.3428"
+                 id="rect5314-14"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="translate(511.139,-788.394)"
+                 id="g8484-7" />
+              <g
+                 transform="matrix(0.867051,0,0,0.867051,313.234,-676.074)"
+                 id="g6374-8"
+                 style="fill:#ffffff" />
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="420.08853"
+                 y="-763.33875"
+                 id="rect5314-1-6"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <g
+                 transform="matrix(1.73,0,0,0.659171,291.251,175.936)"
+                 style="opacity:0.30729232"
+                 mask="url(#mask4631-7)"
+                 id="g4596-06" />
+              <g
+                 transform="translate(235.628,616.018)"
+                 id="g3002-8" />
+              <g
+                 transform="translate(71.1162,-7.34373)"
+                 id="g4898-4">
+                <g
+                   id="g4900-3">
+                  <g
+                     id="g4902-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(979.728,-180.625)"
+                 id="g3002-4-4" />
+              <g
+                 transform="translate(815.216,-803.987)"
+                 id="g4898-9-3">
+                <g
+                   id="g4900-9-9">
+                  <g
+                     id="g4902-1-3" />
+                </g>
+              </g>
+              <text
+                 style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+                 xml:space="preserve"
+                 id="text19594-8"
+                 y="276.983"
+                 x="500.69299"
+                 sodipodi:linespacing="125%"><tspan
+                   id="tspan19596-2"
+                   y="276.983"
+                   x="500.69299" /></text>
+              <g
+                 transform="translate(916.728,50.3749)"
+                 id="g3002-3-5" />
+              <g
+                 transform="translate(752.216,-572.987)"
+                 id="g4898-2-0">
+                <g
+                   id="g4900-7-4">
+                  <g
+                     id="g4902-8-7" />
+                </g>
+              </g>
+              <g
+                 transform="translate(-218.272,-381.625)"
+                 id="g21694-4">
+                <text
+                   sodipodi:linespacing="125%"
+                   x="321.965"
+                   y="658.60797"
+                   id="text21702-3"
+                   xml:space="preserve"
+                   style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+                     x="321.965"
+                     y="658.60797"
+                     id="tspan21704-3" /></text>
+              </g>
+              <rect
+                 width="0"
+                 height="6"
+                 rx="15"
+                 ry="6"
+                 x="1173.8944"
+                 y="303.50519"
+                 id="rect5314-3-0"
+                 style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5" />
+              <text
+                 sodipodi:linespacing="125%"
+                 transform="matrix(0,-1,1,0,0,0)"
+                 xml:space="preserve"
+                 style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;opacity:0.12604998;fill:#000000;fill-opacity:1;stroke:none;font-family:Interstate-Black"
+                 x="1740.2687"
+                 y="-5540.999"
+                 id="text28374"><tspan
+                   style="font-size:12.29920006px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans Bold"
+                   sodipodi:role="line"
+                   id="tspan28376"
+                   x="1740.2687"
+                   y="-5540.999">#49658</tspan></text>
+            </g>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:12.08570004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314"
+             y="5244.3931"
+             x="4432.2417"
+             ry="24.171429"
+             rx="60.428574"
+             height="24.171429"
+             width="0" />
+          <g
+             id="g8484-6"
+             transform="translate(5731.7105,647.6564)" />
+          <g
+             style="fill:#ffffff"
+             id="g6374-4"
+             transform="matrix(0.867051,0,0,0.867051,5533.8055,759.9764)" />
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-1"
+             y="672.71167"
+             x="5640.6602"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             id="g4596-3"
+             mask="url(#mask4631-8)"
+             style="opacity:0.30729232"
+             transform="matrix(1.73,0,0,0.659171,5511.8225,1611.9864)" />
+          <g
+             id="g3002-33"
+             transform="translate(5456.1995,2052.0684)" />
+          <g
+             id="g4898-8"
+             transform="translate(5291.6877,1428.7067)">
+            <g
+               id="g4900">
+              <g
+                 id="g4902" />
+            </g>
+          </g>
+          <g
+             id="g3002-4"
+             transform="translate(6200.2995,1255.4254)" />
+          <g
+             id="g4898-9"
+             transform="translate(6035.7875,632.0634)">
+            <g
+               id="g4900-9">
+              <g
+                 id="g4902-1" />
+            </g>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             x="5721.2646"
+             y="1713.0334"
+             id="text19594"
+             xml:space="preserve"
+             style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"><tspan
+               x="5721.2646"
+               y="1713.0334"
+               id="tspan19596" /></text>
+          <g
+             id="g3002-3"
+             transform="translate(6137.2995,1486.4253)" />
+          <g
+             id="g4898-2"
+             transform="translate(5972.7875,863.0634)">
+            <g
+               id="g4900-7">
+              <g
+                 id="g4902-8" />
+            </g>
+          </g>
+          <g
+             id="g21694"
+             transform="translate(5002.2995,1054.4254)">
+            <text
+               style="font-size:13.4364996px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:center;line-height:125%;text-anchor:middle;fill:#ffffff;fill-opacity:1;stroke:none;font-family:Interstate-Bold"
+               xml:space="preserve"
+               id="text21702"
+               y="658.60797"
+               x="321.965"
+               sodipodi:linespacing="125%"><tspan
+                 id="tspan21704"
+                 y="658.60797"
+                 x="321.965" /></text>
+          </g>
+          <rect
+             style="opacity:0.42290805;fill:#bfdce8;fill-opacity:0;stroke:#ffffff;stroke-width:3;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0.5"
+             id="rect5314-3"
+             y="1739.5555"
+             x="6394.4658"
+             ry="6"
+             rx="15"
+             height="6"
+             width="0" />
+          <g
+             transform="matrix(1.1935043,0,0,1.1935043,-56.738176,6.0556725)"
+             id="g9226">
+            <g
+               id="g17509"
+               transform="matrix(0.95549,0,0,0.95549,-131.63026,-97.114486)">
+              <g
+                 transform="matrix(-0.871732,0,0,0.875699,945.308,163.109)"
+                 mask="url(#mask7570-2)"
+                 id="g7663"
+                 style="opacity:0.53157899">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7667"
+                   style="fill:url(#linearGradient12740);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7669"
+                   style="fill:url(#linearGradient12742);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.24488,-5.533632 14.24488,-5.533632 L 579.37701,66.81781 z"
+                   id="path7671"
+                   style="fill:url(#linearGradient12744);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7673"
+                   style="fill:none;stroke:url(#linearGradient12746);stroke-width:1.57957995;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7675"
+                   style="fill:none;stroke:url(#linearGradient12748);stroke-width:2.10610008;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,41.25)"
+                   id="use7678">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5196"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12750);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5198"
+                     style="fill:url(#linearGradient12752);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,127.61454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7680"
+                   style="opacity:0.759843;fill:none;stroke:url(#linearGradient12754);stroke-width:1.05305004;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="translate(0,31)"
+                   id="g7682">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7684"
+                     style="fill:url(#linearGradient12756);fill-opacity:1;stroke:url(#linearGradient12758);stroke-width:2.10610008;stroke-miterlimit:4;stroke-dasharray:none" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7686"
+                     style="fill:url(#linearGradient12760);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,112.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7688"
+                   style="fill:url(#linearGradient12762);fill-opacity:1;stroke:url(#linearGradient12764);stroke-width:0.63183099;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,126.56345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7690"
+                   style="opacity:0.964567;fill:none;stroke:url(#linearGradient12766);stroke-width:0.95091498;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7692">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7694"
+                     style="opacity:0.680851;fill:url(#radialGradient12768);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7696"
+                     style="fill:url(#radialGradient12770);fill-opacity:1" />
+                </g>
+              </g>
+              <g
+                 transform="matrix(-0.875699,0,0,0.875699,947.549,115.264)"
+                 id="g7698">
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 547.04336,74.12912 -0.31771,58.18678 34.24767,27.60586 c 0,0 9.82102,-0.1632 19.18945,-2.57292 9.36843,-2.40973 12.97693,-5.61073 12.97693,-5.61073 l 0.32051,-58.608306 -34.05825,-26.212128 -32.3586,7.211444 z"
+                   id="path7700"
+                   style="fill:url(#linearGradient12772);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 581.03177,88.195275 c -0.004,20.446315 0.002,51.266475 -0.007,71.712905 11.38747,-0.13598 23.37442,-2.74467 32.63981,-7.59572 0.64357,-12.31248 0.24555,-35.41655 0.4895,-47.88923 0.0243,-3.65905 0.0486,-7.318106 0.0729,-10.977162 -11.04468,-2.0074 -22.1131,-3.969846 -33.19086,-5.87806 l -0.003,0.501813 -8.4e-4,0.125454 z"
+                   id="path7702"
+                   style="fill:url(#linearGradient12774);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 579.37701,66.81781 -32.20646,7.449329 35.13056,26.793401 c 0,0 9.30384,-0.40148 17.82367,-2.353188 8.49419,-1.951206 14.03777,-5.180079 14.03777,-5.180079 L 579.37701,66.81781 z"
+                   id="path7704"
+                   style="fill:url(#linearGradient12776);fill-opacity:1" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 549.21783,75.035008 33.10876,26.045102 c 0,0 7.98803,0.51239 17.35473,-1.636393 8.98177,-2.061026 13.23279,-5.555485 13.23279,-5.555485"
+                   id="path7706"
+                   style="fill:none;stroke:url(#linearGradient12778);stroke-width:1.57599998;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8351-5)" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 582.11919,101.4454 -0.22401,57.546"
+                   id="path7708"
+                   style="fill:none;stroke:url(#linearGradient12780);stroke-width:2.10133004;stroke-linecap:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter8323-5)" />
+                <g
+                   transform="translate(0,10.25)"
+                   id="use7710">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5186"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12782);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path5188"
+                     style="fill:url(#linearGradient12784);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 590.5192,153.11454 0.13144,-20.38841 c 6.60302,-0.65471 13.63644,-1.59016 19.48888,-4.93065 l -0.12956,20.09689 c -5.90438,3.34577 -12.7526,4.86706 -19.49076,5.22217 z"
+                   id="path7712"
+                   style="opacity:0.62621304;fill:none;stroke:url(#linearGradient12786);stroke-width:1.05066001;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none" />
+                <g
+                   id="g7714">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7716"
+                     style="fill:#cccccc;fill-opacity:1;stroke:url(#linearGradient12788);stroke-width:2.10133004;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10486-9)" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 588.80251,111.42247 c -0.42832,-1.07033 -0.21221,-2.94633 0.1719,-3.39282 7.58714,-0.40828 14.82979,-1.91945 20.79619,-5.20639 0.53107,1.05337 0.43208,3.34523 0.0181,3.95537 -6.25269,3.21547 -14.33119,4.97391 -20.98616,4.64384 z"
+                     id="path7718"
+                     style="fill:url(#linearGradient12790);fill-opacity:1" />
+                </g>
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 605.62012,141.65295 c 0,2.17979 -1.76911,4.30646 -3.9489,4.74701 -2.17979,0.44056 -3.9489,-0.971 -3.9489,-3.15079 0,-2.17979 1.76911,-4.30645 3.9489,-4.74701 2.17979,-0.44055 3.9489,0.971 3.9489,3.15079 z"
+                   id="path7720"
+                   style="fill:url(#linearGradient12792);fill-opacity:1;stroke:url(#linearGradient12794);stroke-width:0.63039899;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
+                <path
+                   inkscape:connector-curvature="0"
+                   d="m 591.4707,152.06345 0.1187,-18.58768 c 5.96258,-0.59121 12.31381,-1.43593 17.59862,-4.45242 l -0.117,18.32444 c -5.3317,3.02126 -11.5157,4.39499 -17.60032,4.71566 z"
+                   id="path7722"
+                   style="fill:none;stroke:url(#linearGradient12796);stroke-width:0.94875801;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10534-4)" />
+                <g
+                   transform="matrix(1.44587,0,0,1.44587,-117.545,-282.281)"
+                   id="g7724">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path7726"
+                     style="opacity:0.680851;fill:url(#radialGradient12798);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path7728"
+                     style="fill:url(#radialGradient12800);fill-opacity:1" />
+                </g>
+                <g
+                   transform="matrix(1.02462,0,0,1.02462,108.25,-131.553)"
+                   id="use7730">
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     id="path5236"
+                     style="opacity:0.680851;fill:url(#radialGradient12802);fill-opacity:1" />
+                  <path
+                     inkscape:connector-curvature="0"
+                     d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                     transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                     id="path5238"
+                     style="fill:url(#radialGradient12804);fill-opacity:1" />
+                </g>
+              </g>
+            </g>
+          </g>
+          <g
+             transform="translate(271,-329)"
+             id="g5300">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,266.42705,-63.62544)"
+               id="g8866">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g8868"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8870"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8872"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8874"
+                   style="fill:url(#linearGradient4708);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8876"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path8878"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8880"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8882"
+                   style="fill:url(#linearGradient4710)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8884"
+                   style="fill:url(#linearGradient4712);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8886"
+                   style="fill:url(#linearGradient4714);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8888"
+                   style="opacity:0.62254902;fill:url(#radialGradient4716);fill-opacity:1;stroke:url(#radialGradient4718);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8890"
+                   style="fill:url(#linearGradient4720);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g8892">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8894"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path8896"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path8898"
+                   style="fill:url(#linearGradient4722);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8900"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path8902"
+                   style="fill:url(#linearGradient4724);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path8904"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path8906"
+                   style="fill:url(#linearGradient4726)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 801.55,70.74 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon8908"
+                   style="fill:url(#linearGradient4728);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path8910"
+                   style="fill:url(#linearGradient4730);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path8912"
+                   style="opacity:0.96825406;fill:url(#radialGradient4732);fill-opacity:1;stroke:url(#radialGradient4734);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path8914"
+                   style="fill:url(#linearGradient4736);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path8916"
+                   style="opacity:0.71957703;fill:url(#radialGradient4738);fill-opacity:1;stroke:url(#radialGradient4740);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g8918">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path8920"
+                   style="opacity:0.680851;fill:url(#radialGradient4742);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path8922"
+                   style="fill:url(#radialGradient4744);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="283.6499"
+               y="335.79758"
+               id="text3608"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan3610"
+                 x="285.31396"
+                 y="335.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4746"
+                 sodipodi:role="line"
+                 x="283.6499"
+                 y="348.63757"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5410">using </tspan>SSSD with an LDAP backend</tspan></text>
+          </g>
+          <g
+             transform="translate(169,-217.33331)"
+             id="g5335">
+            <g
+               id="g4892"
+               transform="matrix(-0.6631863,0,0,0.67913371,367.88733,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g4894"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4896"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4898"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5370);fill-opacity:1"
+                   id="path4900"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4902"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path4904"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4906"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5372)"
+                   id="path4908"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5374);fill-opacity:1"
+                   id="polygon4910"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5376);fill-opacity:1"
+                   id="path4912"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5378);fill-opacity:1;stroke:url(#radialGradient5380);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4914"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5382);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4916"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g4918"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path4920"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path4922"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5384);fill-opacity:1"
+                   id="path4924"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path4926"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5386);fill-opacity:1"
+                   id="path4928"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path4930"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5388)"
+                   id="path4932"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5390);fill-opacity:1"
+                   id="polygon4934"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5392);fill-opacity:1"
+                   id="path4936"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5394);fill-opacity:1;stroke:url(#radialGradient5396);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path4938"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5398);fill-opacity:1;filter:url(#filter8391)"
+                   id="path4940"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5400);fill-opacity:1;stroke:url(#radialGradient5402);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path4942"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g4944"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5404);fill-opacity:1"
+                   id="path4946"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5406);fill-opacity:1"
+                   id="path4948"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4427"
+               y="333.29758"
+               x="386.11017"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="387.77423"
+                 id="tspan4429"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4748"
+                 y="346.13757"
+                 x="386.11017"
+                 sodipodi:role="line"><tspan
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+   id="tspan5408">using </tspan>SSSD with an IPA backend</tspan></text>
+          </g>
+          <text
+             sodipodi:linespacing="125%"
+             id="text4497"
+             y="199.29758"
+             x="284.07538"
+             style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:125%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+             xml:space="preserve"><tspan
+               style="font-size:13px"
+               id="tspan4501"
+               y="199.29758"
+               x="284.07538"
+               sodipodi:role="line">IPA</tspan></text>
+          <g
+             transform="translate(36,-105.66666)"
+             id="g5416">
+            <g
+               id="g5046"
+               transform="matrix(-0.6631863,0,0,0.67913371,501.21208,-63.62544)">
+              <g
+                 style="opacity:0.15161288"
+                 id="g5048"
+                 mask="url(#mask7729)"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5050"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5052"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5451);fill-opacity:1"
+                   id="path5054"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5056"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   id="path5058"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5060"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5453)"
+                   id="path5062"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5455);fill-opacity:1"
+                   id="polygon5064"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5457);fill-opacity:1"
+                   id="path5066"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.62254902;fill:url(#radialGradient5459);fill-opacity:1;stroke:url(#radialGradient5461);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5068"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5463);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5070"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+              </g>
+              <g
+                 id="g5072"
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   id="path5074"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#eeeeec"
+                   id="path5076"
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5465);fill-opacity:1"
+                   id="path5078"
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   id="path5080"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5467);fill-opacity:1"
+                   id="path5082"
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   id="path5084"
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5469)"
+                   id="path5086"
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z" />
+                <polygon
+                   style="fill:url(#linearGradient5471);fill-opacity:1"
+                   id="polygon5088"
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   points="801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 779.03,76.36 " />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5473);fill-opacity:1"
+                   id="path5090"
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.96825406;fill:url(#radialGradient5475);fill-opacity:1;stroke:url(#radialGradient5477);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   id="path5092"
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#linearGradient5479);fill-opacity:1;filter:url(#filter8391)"
+                   id="path5094"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.71957703;fill:url(#radialGradient5481);fill-opacity:1;stroke:url(#radialGradient5483);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   id="path5096"
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z" />
+              </g>
+              <g
+                 id="g5098"
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)">
+                <path
+                   inkscape:connector-curvature="0"
+                   style="opacity:0.680851;fill:url(#radialGradient5485);fill-opacity:1"
+                   id="path5100"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+                <path
+                   inkscape:connector-curvature="0"
+                   style="fill:url(#radialGradient5487);fill-opacity:1"
+                   id="path5102"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z" />
+              </g>
+            </g>
+            <text
+               xml:space="preserve"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               x="519.57751"
+               y="332.79758"
+               id="text4433"
+               sodipodi:linespacing="107.00001%"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 sodipodi:role="line"
+                 id="tspan4435"
+                 x="521.13611"
+                 y="332.79758">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4750"
+                 sodipodi:role="line"
+                 x="519.57751"
+                 y="345.63757"><tspan
+   id="tspan5412"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_LDAP/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(-112,6)"
+             id="g5489">
+            <g
+               transform="matrix(-0.6631863,0,0,0.67913371,650.68426,-63.62544)"
+               id="g4988">
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,469.611)"
+                 mask="url(#mask7729)"
+                 id="g4990"
+                 style="opacity:0.15161288">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4992"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path4994"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path4996"
+                   style="fill:url(#linearGradient5142);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path4998"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -2399.7812,-930.90625 c -1.268,-0.006 -2.5207,0.11544 -3.7813,0.40625 -10.0602,2.37559 -205.3024,42.85038 -216.3125,45.625 -11.01,2.77461 -10.375,18.56253 -10.375,18.5625 0,0 0,160.88488 0,170.90625 0,24.66528 16.2812,33.93749 16.2812,33.9375 l 0.4063,-0.4375 0,0.6875 238.4375,-50.40625 0,-206.5625 -0.5312,0.125 0.125,-0.15625 c 0,0 -11.993,-12.63142 -24.25,-12.6875 z"
+                   transform="matrix(0.27971,0,0,0.27971,1234.04,339.689)"
+                   id="path5000"
+                   style="opacity:0.6;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:9.12038898;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9827)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5002"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5004"
+                   style="fill:url(#linearGradient5144)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5006"
+                   style="fill:url(#linearGradient5146);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5008"
+                   style="fill:url(#linearGradient5148);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5010"
+                   style="opacity:0.62254902;fill:url(#radialGradient5150);fill-opacity:1;stroke:url(#radialGradient5152);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5012"
+                   style="fill:url(#linearGradient5154);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.05466,0,0,1.05466,-591.196,390.512)"
+                 id="g5014">
+                <path
+                   d="m -17.40756,71.794022 c 0,4.661543 -6.938903,9.302492 -15.474049,10.371957 -8.535146,1.069466 -15.459912,-1.83435 -15.459912,-6.495892 0,-4.650872 6.924766,-9.300722 15.459912,-10.370186 8.535146,-1.069466 15.474049,1.843249 15.474049,6.494121 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5016"
+                   style="opacity:0.54368902;fill:#000000;fill-opacity:1;stroke:#000000;stroke-width:1.69162905;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter9847)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 554.22884,153.24013 c 0,7.00094 -10.50735,13.46424 -23.43183,14.44713 -12.92448,0.9829 -23.41042,-3.88388 -23.41042,-10.88482 0,-6.98491 10.48594,-13.46261 23.41042,-14.4455 12.92448,-0.9829 23.43183,3.89828 23.43183,10.88319 z"
+                   id="path5018"
+                   style="fill:#eeeeec"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 550.05237,151.50845 c 0,5.1608 -8.52226,9.89422 -19.0082,10.58317 -10.50734,0.69035 -19.0296,-2.92323 -19.0296,-8.08402 0,-5.14695 8.52226,-9.89422 19.0296,-10.58457 10.48594,-0.68895 19.0082,2.93847 19.0082,8.08542 z"
+                   id="path5020"
+                   style="fill:url(#linearGradient5156);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -44.835878,72.015266 c -1.060184,1.455132 -0.594327,3.138079 0.536695,4.025399 2.156389,1.708398 5.082402,3.073433 10.724311,2.653611 1.026566,-0.07399 0.97974,0.843545 -0.04683,0.988165 -5.956482,0.82375 -12.111075,-0.757856 -13.59149,-3.219192 -0.94492,-1.558147 -0.408226,-3.73352 1.444395,-5.11258 0.781631,-0.590222 1.445597,-0.06097 0.932915,0.664597 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5022"
+                   style="fill:#ffffff;fill-opacity:1;filter:url(#filter5917)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 521.67761,146.90092 25.20492,-5.66761 c 4.94408,-0.96428 6.84054,9.51 2.60487,10.41331 l -26.1224,5.81121 c -3.22719,0.67383 -4.97361,-2.05733 -5.7435,-4.86826 l 4.05611,-0.69728 0,-4.99137 0,0 z"
+                   id="path5024"
+                   style="fill:url(#linearGradient5158);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 512.42636,147.01672 53.61501,-11.10044 0,-42.902366"
+                   id="path5026"
+                   style="fill:none;stroke:#ffffff;stroke-width:2.95566964;stroke-linecap:round"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 502.88993,154.67086 c 0,0 -4.56036,-2.59119 -4.56036,-9.49031 0,-2.80307 0,-47.808359 0,-47.808359 0,0 -0.1771,-4.411974 2.9025,-5.18806 3.0796,-0.776084 57.68835,-12.096956 60.50229,-12.761432 3.76095,-0.867648 7.84658,3.427868 7.84658,3.427868 l -66.69101,71.820293 z"
+                   id="path5028"
+                   style="fill:url(#linearGradient5160)"
+                   inkscape:connector-curvature="0" />
+                <polygon
+                   points="779.03,76.36 801.55,70.74 801.55,51.99 801.55,51.99 779.03,57.6 "
+                   transform="matrix(2.96153,0.142819,0,3.08118,-1804.12,-191.801)"
+                   id="polygon5030"
+                   style="fill:url(#linearGradient5162);fill-opacity:1" />
+                <path
+                   d="m 564.03593,89.66154 -56.33869,11.92883 0,44.86258 56.33869,-11.92882 0,-44.86259 z"
+                   id="path5032"
+                   style="fill:url(#linearGradient5164);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 535.36042,140.66309 28.74795,-5.82814 -0.18444,-42.313671 C 537.9577,97.412364 535.34776,126.123 535.36042,140.66309 z"
+                   id="path5034"
+                   style="opacity:0.96825406;fill:url(#radialGradient5166);fill-opacity:1;stroke:url(#radialGradient5168);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter10668)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m -52.386391,73.001455 0,-37.555659 c 0,-0.266399 0.332998,-0.737469 0.566909,-0.778079 L -9.0284478,23.467619 c 1.1533088,-0.307007 2.6618381,1.488411 1.5085279,1.795419 l -42.7742701,11.352311 0,36.918902 c 0.01949,1.312499 -2.092201,0.758585 -2.092201,-0.532796 z"
+                   transform="matrix(1.51427,0.0730253,0,1.50185,580.589,46.6874)"
+                   id="path5036"
+                   style="fill:url(#linearGradient5170);fill-opacity:1;filter:url(#filter8391)"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 564.10819,134.19796 -55.77093,10.3176 -2.93951,-40.61617 c 25.54773,-1.27974 58.71044,16.45435 58.71044,30.29857 z"
+                   id="path5038"
+                   style="opacity:0.71957703;fill:url(#radialGradient5172);fill-opacity:1;stroke:url(#radialGradient5174);stroke-width:1.6290437;stroke-miterlimit:4;stroke-dasharray:none;filter:url(#filter7106)"
+                   inkscape:connector-curvature="0" />
+              </g>
+              <g
+                 transform="matrix(1.46143,0,0,1.46143,-766.443,107.052)"
+                 id="g5040">
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   id="path5042"
+                   style="opacity:0.680851;fill:url(#radialGradient5176);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+                <path
+                   d="m 491.43921,264.64523 c 7.1e-4,4.58916 -3.71934,8.30979 -8.3085,8.30979 -4.58917,0 -8.30922,-3.72063 -8.30851,-8.30979 -7.1e-4,-4.58916 3.71934,-8.30979 8.30851,-8.30979 4.58916,0 8.30921,3.72063 8.3085,8.30979 z"
+                   transform="matrix(0.425532,0,0,0.425532,277.543,152.03)"
+                   id="path5044"
+                   style="fill:url(#radialGradient5178);fill-opacity:1"
+                   inkscape:connector-curvature="0" />
+              </g>
+            </g>
+            <text
+               sodipodi:linespacing="107.00001%"
+               id="text4439"
+               y="333.29758"
+               x="669.04968"
+               style="font-size:11.23178864px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-indent:0;text-align:center;text-decoration:none;line-height:107.00000525%;letter-spacing:normal;word-spacing:normal;text-transform:none;direction:ltr;block-progression:tb;writing-mode:lr-tb;text-anchor:middle;baseline-shift:baseline;color:#000000;fill:#555753;fill-opacity:1;fill-rule:nonzero;stroke:none;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate;font-family:Droid Sans;-inkscape-font-specification:Droid Sans Bold"
+               xml:space="preserve"><tspan
+                 style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans"
+                 y="333.29758"
+                 x="670.60828"
+                 id="tspan4441"
+                 sodipodi:role="line">Client configuration </tspan><tspan
+                 style="font-size:12px"
+                 id="tspan4752"
+                 y="346.13757"
+                 x="669.04968"
+                 sodipodi:role="line"><tspan
+   id="tspan5414"
+   style="font-size:12px;font-weight:normal;line-height:107.00000525%;-inkscape-font-specification:Droid Sans">using </tspan>PAM_KRB5/NSS_LDAP</tspan></text>
+          </g>
+          <g
+             transform="translate(539.98213,665.63497)"
+             id="g3002-35" />
+          <g
+             transform="translate(375.47031,42.27285)"
+             id="g4898-37">
+            <g
+               id="g4900-5">
+              <g
+                 id="g4902-5" />
+            </g>
+          </g>
+          <g
+             transform="translate(321.48515,123.56711)"
+             id="g3002-4-44" />
+          <g
+             transform="translate(156.97333,-499.79501)"
+             id="g4898-3">
+            <g
+               id="g4900-3-7">
+              <g
+                 id="g4902-3-9" />
+            </g>
+          </g>
+          <g
+             transform="translate(4.49242,441.24827)"
+             id="g9694" />
+          <g
+             transform="translate(-160.01938,-182.11385)"
+             id="g9696">
+            <g
+               id="g9698">
+              <g
+                 id="g9700" />
+            </g>
+          </g>
+          <g
+             transform="translate(531.70846,712.31515)"
+             id="g11586" />
+          <g
+             transform="translate(367.19664,88.95298)"
+             id="g11591">
+            <g
+               id="g11593">
+              <g
+                 id="g11595" />
+            </g>
+          </g>
+          <g
+             transform="translate(945.16259,126.17676)"
+             id="g13960" />
+          <g
+             transform="translate(780.65077,-497.18536)"
+             id="g13962">
+            <g
+               id="g13964">
+              <g
+                 id="g13966" />
+            </g>
+          </g>
+          <g
+             id="g6425"
+             transform="matrix(-0.58230043,0,0,1.2021785,341.20931,-1013.0128)"
+             style="fill:#5c3566" />
+          <text
+             xml:space="preserve"
+             style="font-size:40px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+             x="902.75421"
+             y="196.70628"
+             id="text13535"><tspan
+               sodipodi:role="line"
+               id="tspan13537"
+               x="902.75421"
+               y="196.70628" /></text>
+          <path
+             id="path18414"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSQ);marker-end:url(#TriangleOutS7);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,-44.15908 -100.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,130.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -72.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,289.61762 -100.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-113.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -72.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSE);marker-end:url(#TriangleOutSf);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6366" />
+          <path
+             id="path6368"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSg);marker-end:url(#TriangleOutSG);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             d="m 521.5471,175.61762 -78.43205,0 c -4.9389,0 -9.59211,-2.05831 -9.59211,-11.45785 l 0.0557,-15.72674 c 0,-4.93891 -2.0583,-9.59211 -11.45784,-9.59211 l -94.2111,0"
+             sodipodi:nodetypes="cccccc"
+             inkscape:connector-curvature="0" />
+          <path
+             inkscape:connector-curvature="0"
+             sodipodi:nodetypes="cccccc"
+             d="m 521.5471,65.84092 -78.43205,0 c -4.9389,0 -9.59211,2.05831 -9.59211,11.45785 l 0.0557,36.72674 c 0,4.93891 -2.0583,9.59211 -11.45784,9.59211 l -94.2111,0"
+             style="color:#000000;fill:none;stroke:#888a85;stroke-width:4.4000001;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;marker-start:url(#TriangleInSJ);marker-end:url(#TriangleOutS2);visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+             id="path6370" />
+        </g>
+      </g>
+      <g
+         id="layer2"
+         inkscape:label="sdfsdf"
+         style="display:none"
+         transform="translate(-204.5471,-8.3623809)">
+        <rect
+           style="opacity:0.22325583;fill:#180e00;fill-opacity:1;fill-rule:nonzero;stroke:#211601;stroke-width:2.10500002;stroke-linecap:round;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:0.09661835;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+           id="rect26435"
+           width="1620"
+           height="951.42859"
+           x="-308.57144"
+           y="92.362144"
+           ry="26.574863"
+           rx="26.574863" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/icon.svg b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/icon.svg
similarity index 100%
rename from public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/icon.svg
rename to public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/icon.svg
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/kinit_admin.png b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/kinit_admin.png
new file mode 100644
index 0000000..a0b81e1
Binary files /dev/null and b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/images/kinit_admin.png differ
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html
new file mode 100644
index 0000000..369bae3
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeIPA: Identity/Policy Management</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and cl
 ients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="next" href="Preface.html" title="Preface" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="id4431660" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">15</span></div><div
 ><h1 id="id4431660" class="title">FreeIPA: Identity/Policy Management</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 0.1</p><div><h3 class="corpauthor">
+		<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
+
+	</h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3184771" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+		Copyright <span class="trademark"></span>© 2011 Red Hat.
+	</div><div class="para">
+		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
+	</div><div class="para">
+		Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
+	</div><div class="para">
+		Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
+	</div><div class="para">
+		For guidelines on the permitted uses of the Fedora trademarks, refer to <a href="https://fedoraproject.org/wiki/Legal:Trademark_guidelines">https://fedoraproject.org/wiki/Legal:Trademark_guidelines</a>.
+	</div><div class="para">
+		<span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the United States and other countries.
+	</div><div class="para">
+		All other trademarks are the property of their respective owners.
+	</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
+			Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.
+		</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="Preface.html#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="Document_Conventions.html">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="Document_Conventions.html#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="feedback.html">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="doc-history.html">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="installing-ipa.html">1. Installing a FreeIPA Server<
 /a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="Installing_the_IPA_Server_Packages.html">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="creating-server.html">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href=
 "creating-server.html#install-command">1.3.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="creating-server.html#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-examples">1.3.3. Examples of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="creating-server.html#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.ht
 ml#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="Uninstalling_IPA_Servers.html">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="setting-up-clients.html">2. Setting up Systems as FreeIPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#fedora-client-setup">2.1. Setting up a Fedora System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#fedora-pkgs">2.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">2.1.2
 . Configuring Kerberos</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#fedora-Configuring_NFS_v4_with_Kerberos">2.1.3. Configuring NFS v4 with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="Using_Microsoft_Windows.html">2.2. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">2.3. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">2.3.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.3.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">2.4
 . Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">2.4.2. Configuring Kerberos and PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">2.4.5. Testing the Configuration</a></span></d
 t></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">2.5. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">2.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">2.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">2.6. Configuring a M
 acintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.6.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.6.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macin
 tosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">2.6.5. Accessing the FreeIPA Server Using SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Macintosh_OS_X-Configuring_System_Login">2.6.6. Configuring System Login</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="basic-usage.html">3. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#using-the-ui">3.1. Using the IPA UI</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.1.1. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="basic-usage.html#sect-Enterprise_Identity_Management_Guide-Configuring_a_Browser_to_Work_with_IPA-Enabling_UsernamePassword_Authentication_in_Your_Browser">3.1.2. Enabling Username
 /Password Authentication in Your Browser</a></span></dt></dl></dd><dt><span class="section"><a href="logging-in.html">3.2. Logging into the IPA UI</a></span></dt><dt><span class="section"><a href="switching-users.html">3.3. Switching Users</a></span></dt></dl></dd><dt><span class="chapter"><a href="managing-clients.html">4. Managing Clients in the FreeIPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">4.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">4.1.1. Adding Hosts to a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">4.1.2. Removing Hosts from a FreeIPA DNS</a></span></dt><dt><span class=
 "section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">4.1.3. Managing DNS Zones</a></span></dt></dl></dd><dt><span class="section"><a href="enrolling-machines.html">4.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">4.2.1. Manual Host Enrollment with Privileged Administrator</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">4.2.2. Manual Host Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">4.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="sec
 tion"><a href="renaming-machines.html">4.3. Renaming Machines</a></span></dt><dt><span class="section"><a href="config-virt-machines.html">4.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="certs.html">4.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="certs.html#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">4.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html">4.6. Client Problems</a></span></dt><dt><span class="section"><a href="uninstalling-clients.html">4.7. Uninstalling a FreeIPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="users.html">5. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="users.html#home-di
 rectories">5.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="adding-users.html">5.2. Adding Users</a></span></dt><dt><span class="section"><a href="editing-users.html">5.3. Editing Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html">5.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html#sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">5.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html">5.5. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise
 _Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">5.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html">5.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">5.6.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">5.6.2. Editing FreeIPA Groups</a></span></dt><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">5.6.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html">5.7. Setting an Individual Password Policy</a></span></dt>
 <dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">5.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">5.7.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">5.7.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">5.7.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guid
 e-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">5.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">5.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">5.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">5.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">5.7.9. Using Local Logins</a></span
 ></dt></dl></dd><dt><span class="section"><a href="searching.html">5.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">5.8.1. Searching for Users</a></span></dt><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">5.8.2. Searching for Groups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="kerberos.html">6. Identity: Using FreeIPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Prin
 cipals.html">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section
 "><a href="rotating-keys.html">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html">6.6. Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="automount.html">7. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-auto
 mount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="active-directory.html">8. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">8.1. About Active Directory, IPA, and Identity Ma
 nagement</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="configuring-active-directory.html">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">8.5. Modifying Synchronization Agr
 eements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">8.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="nis.html">9. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="sectio
 n"><a href="nis.html#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Id
 entity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="migrintg-from-nis.html">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="authz.html">10. Policy: Configuring Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="authz.html#configuring-host-access">10.1.
  Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">10.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">10.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="sudo.html">11. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#about-sudo">11.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">11.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">11.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span clas
 s="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">11.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">11.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-sudo.html">11.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">11.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">11.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></dd><
 dt><span class="chapter"><a href="server-config.html">12. Configuring the IPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">12.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">12.1.1. Server-side Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="creating-roles.html">12.2. Creating Roles</a></span></dt><dt><span class="section"><a href="self-service.html">12.3. Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html">12.4. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="search-limits.html">12.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="disabling-anon-binds.ht
 ml">12.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html">12.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">12.7.1. Assigning UIDs and GIDs</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html">12.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_an
 d_Certificate_Authorities-Installing_Your_Own_Certificate">12.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">12.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#Using_OCSP">12.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">12.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">12.10. Using IPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Cluster
 ed_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">12.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">12.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html">12.11. Creating DNS Entries for FreeIPA Replicas</a></span></dt><dt><span class="section"><a href="promoting-replica.html">12.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="logging.html">12.13. IPA Server Logging</a></span></dt></dl></dd><dt><span class="appendix"><a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html">A. 
 Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html">B. Services: Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html">B.2. Using certmonger</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html">B.3. Using certmonger with NSS</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html">B.4. Using certmonger with IPA</a></span></dt></dl></dd><dt><span class="a
 ppendix"><a href="Migrating_from_a_Directory_Server_to_IPA.html">C. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterpr
 ise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_
 Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Managem
 ent_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html">C.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring
  SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C
 .3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="Glossary.html">Glossary</a></span></dt><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
new file mode 100644
index 0000000..d4a085e
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. Installing a FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="doc-history.html" title="4. Document Change History" /><link rel="next" href="Installing_the_IPA_Server_Packages.html" title="1.2. Installing the FreeIPA Server Packages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="doc-history.html"><strong>Prev</strong></a></li><li c
 lass="next"><a accesskey="n" href="Installing_the_IPA_Server_Packages.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="installing-ipa" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Installing a FreeIPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl>
 </dd><dt><span class="section"><a href="Installing_the_IPA_Server_Packages.html">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="creating-server.html">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-command">1.3.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="creating-server.html#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-examples">1.3.3. Examples of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="creating-server.html#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl>
 <dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="chap-Enterprise_Identity_Management_Guide-Setting_up_IPA_Replicas.html#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="Uninstalling_IPA_Servers.html">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></div><div class="para">
+		The FreeIPA domain is defined and managed by a FreeIPA <span class="emphasis"><em>server</em></span> which is essentially a domain controller. There can be multiple domain controllers within a domain for load-balancing and failover tolerance. These additional servers are called <span class="emphasis"><em>replicas</em></span> of the master FreeIPA server.
+	</div><div class="para">
+		Both FreeIPA servers and replicas only run on Fedora systems. For both servers and replicas, the necessary packages must be installed and then the FreeIPA server or replica itself is configured through setup scripts, which configure all of the requisite services.
+	</div><div class="section" id="Preparing_for_an_IPA_Installation"><div class="titlepage"><div><div><h2 class="title" id="Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</h2></div></div></div><div class="para">
+			Before you install FreeIPA, ensure that the installation environment is suitably configured. You also need to provide certain information during the installation and configuration procedures, including realm names and certain usernames and passwords. This section describes the information that you need to provide.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</h3></div></div></div><div class="para">
+				A basic user entry is about 1 KB in size, as is a simple host entry with a certificate. The structure of the directory tree and the number of indexes in the Directory Server instance can impact the hardware required for the best performance. <a class="xref" href="installing-ipa.html#tab.Minimum_hardware_requirements_for_IPA">Table 1.1, “Minimum Hardware Requirements”</a> lists the recommended minimums. For customized systems, additional indexes, or larger user entries, it is more effective to increase the RAM than to increase the disk space because the Directory Server stores much of its data in cache. Add info for disk layout/size recommendations, from https://www.redhat.com/archives/freeipa-users/2011-May/msg00012.html
+			</div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+					The Directory Server instance used by the FreeIPA server can be tuned to increase performance. For tuning information, see the Directory Server documentation at <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html</a>.
+				</div></div></div><div class="para">
+				The system requirements for both 32-bit and 64-bit platforms are the same.
+			</div><div class="table" id="tab.Minimum_hardware_requirements_for_IPA"><h6>Table 1.1. Minimum Hardware Requirements</h6><div class="table-contents"><table summary="Minimum Hardware Requirements" border="1"><colgroup><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /><col width="25%" align="center" /></colgroup><thead><tr><th align="center">
+								Minimum Hardware Requirements
+							</th><th align="center">
+								10,000 - 250,000 Entries
+							</th><th align="center">
+								250,000 - 1,000,000 Entries
+							</th><th align="center">
+								Over 1,000,000 Entries
+							</th></tr></thead><tbody><tr><td align="left">
+								CPU
+							</td><td colspan="3" align="center">
+								P3; 500MHz
+							</td></tr><tr><td align="left">
+								RAM
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td><td align="center">
+								1 GB
+							</td></tr><tr><td align="left">
+								Disk Space
+							</td><td align="center">
+								2 GB
+							</td><td align="center">
+								4 GB
+							</td><td align="center">
+								8 GB
+							</td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</h3></div></div></div><div class="para">
+				Most of the packages that a FreeIPA server depends on are installed as dependencies when the FreeIPA packages are installed. There are some packages, however, which are required before installing the FreeIPA packages:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Kerberos 1.9
+					</div></li><li class="listitem"><div class="para">
+						The <span class="package">named</span> and <span class="package">bind-dyndb-ldap</span> packages for DNS
+					</div></li></ul></div></div><div class="section" id="prerequisites"><div class="titlepage"><div><div><h3 class="title" id="prerequisites">1.1.3. System Prerequisites</h3></div></div></div><div class="para">
+				The FreeIPA server is set up using a configuration script, and this script makes certain assumption about the host system. If the system does not meet these prerequisites, then server configuration may fail.
+			</div><div class="section" id="prereq-ds"><div class="titlepage"><div><div><h4 class="title" id="prereq-ds">1.1.3.1. Directory Server</h4></div></div></div><div class="para">
+					There must not be any instances of 389 Directory Server installed on the host machine.
+				</div></div><div class="section" id="prereq-system"><div class="titlepage"><div><div><h4 class="title" id="prereq-system">1.1.3.2. System Files </h4></div></div></div><div class="para">
+					The server script overwrites system files to set up the FreeIPA domain. The system should be clean, without custom configuration for services like DNS and Kerberos, before configuring the FreeIPA server.
+				</div></div><div class="section" id="prereq-ports"><div class="titlepage"><div><div><h4 class="title" id="prereq-ports">1.1.3.3. System Ports</h4></div></div></div><div class="para">
+					FreeIPA uses a number of ports to communicate with its services. These ports, listed in <a class="xref" href="installing-ipa.html#tab.ipa-ports">Table 1.2, “FreeIPA Ports”</a>, must be open and available for FreeIPA to work. They cannot be in use by another service or blocked by a firewall. To make sure that these ports are available, try <code class="command">iptables</code> to list the available ports or <code class="command">nc</code>, <code class="command">telnet</code>, or <code class="command">nmap</code> to connect to a port or run a port scan.
+				</div><div class="table" id="tab.ipa-ports"><h6>Table 1.2. FreeIPA Ports</h6><div class="table-contents"><table summary="FreeIPA Ports" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+									Service
+								</th><th>
+									Ports
+								</th></tr></thead><tbody><tr><td>
+									OCSP responder
+								</td><td>
+									9180
+								</td></tr><tr><td>
+									HTTP/HTTPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>80</td></tr><tr><td>443</td></tr></table>
+
+								</td></tr><tr><td>
+									LDAP/LDAPS
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>389</td></tr><tr><td>636</td></tr></table>
+
+								</td></tr><tr><td>
+									Kerberos<sup>[<a id="ft.udp-tcp" href="#ftn.ft.udp-tcp" class="footnote">a</a>]</sup>
+								</td><td>
+									<table border="0" summary="Simple list" class="simplelist"><tr><td>88</td></tr><tr><td>464</td></tr></table>
+
+								</td></tr><tr><td>
+									DNS<sup>[<a href="installing-ipa.html#ftn.ft.udp-tcp" class="footnoteref">a</a>]</sup>
+								</td><td>
+									53
+								</td></tr><tr><td>
+									NTP<sup>[<a id="id3249230" href="#ftn.id3249230" class="footnote">b</a>]</sup>
+								</td><td>
+									123
+								</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
+										This service uses both TCP adn UDP ports.
+									</p></div><div class="footnote"><p><sup>[<a id="ftn.id3249230" href="#id3249230" class="para">b</a>] </sup>
+										This service uses UDP ports only.
+									</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-DNS">1.1.3.4. DNS</h4></div></div></div><div class="para">
+					FreeIPA uses DNS for the FreeIPA clients to find (<span class="emphasis"><em>discover</em></span>) the FreeIPA servers. The DNS service can be managed by FreeIPA itself, or FreeIPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and FreeIPA services like, LDAP, Kerberos, and SSL may fail to work.
+				</div><div class="section" id="dns-requirements"><div class="titlepage"><div><div><h5 class="title" id="dns-requirements">1.1.3.4.1. DNS Requirements</h5></div></div></div><div class="para">
+						Regardless of whether the DNS is within the FreeIPA server or external, the server host must have DNS properly configured:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								The server's machine name must be set and resolve to its public IP address. The fully-qualified domain name cannot resolve to the loopback address. It must resolve to the machine's public IP address, not to <code class="systemitem">127.0.0.1</code>. The output of the <code class="command">hostname</code> command cannot be <code class="systemitem">localhost</code> or <code class="systemitem">localhost6</code>.
+							</div></li><li class="listitem"><div class="para">
+								The hostname must be fully qualified. For example, <code class="systemitem">ipa.example.com</code>.
+							</div></li><li class="listitem"><div class="para">
+								The reverse of the address that the hostname resolves to must match the hostname.
+							</div></li><li class="listitem"><div class="para">
+								The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the FreeIPA server, but it does need to be fully functional.
+							</div><div class="para">
+								If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install FreeIPA to automatically configure a suitable DNS.
+							</div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">1.1.3.4.2. FreeIPA-Generated DNS File</h5></div></div></div><div class="para">
+						To help create and configure a suitable DNS setup, the FreeIPA installation script creates a sample zone file. During the installation, FreeIPA displays a message similar to the following:
+					</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
+</pre><div class="para">
+						You should use this file in your DNS zone file.
+					</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">1.1.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
+						<span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in a FreeIPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+					</div><div class="para">
+						<code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific FreeIPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+					</div><div class="para">
+						To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+					</div><pre class="programlisting">positive-time-to-live   group           3600
+negative-time-to-live   group           60
+positive-time-to-live   hosts           3600
+negative-time-to-live   hosts           20
+</pre></div><div class="section" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="form-Enterprise_Identity_Management_Guide-DNS-DNS_and_Kerberos">1.1.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
+						The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+					</div><div class="para">
+						If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example: 
+<pre class="programlisting">10.0.0.1    ipa.example.com  ipa</pre>
+						 The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. FreeIPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
+					</div><div class="para">
+						A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The FreeIPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+					</div><div class="para">
+						The FreeIPA installation process includes checks to ensure that the FreeIPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing a FreeIPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the FreeIPA server will use itself as a DNS from that point forward.
+					</div><div class="para">
+						The FreeIPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								DNS forwarders must be specified as IP addresses, not as hostnames.
+							</div></div></div>
+
+					</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Preparing_for_an_IPA_Installation-Configuring_Networking">1.1.3.5. Configuring Networking</h4></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_Networking_Services">1.1.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
+						The default networking service used by Fedora is NetworkManager, and due to the way this service works, it can cause problems with FreeIPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in a FreeIPA environment and disable the NetworkManager service.
+					</div><div class="orderedlist" id="proc-Enterprise_Identity_Management_Guide-Configuring_Networking_Services-To_configure_networking_services_for_IPA"><ol><li class="listitem"><div class="para">
+								Boot the machine into single-user mode and run the following commands:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManager off; service NetworkManager stop</span></pre></li><li class="listitem"><div class="para">
+								If <code class="systemitem">NetworkManagerDispatcher</code> is installed, ensure that it is stopped and disabled:
+							</div><pre class="programlisting"><span class="perl_Comment"># chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop</span></pre></li><li class="listitem"><div class="para">
+								Then, make sure that the <code class="systemitem">network</code> service is properly started. 
+<pre class="programlisting"><span class="perl_Comment"># chkconfig network on; service network start</span></pre>
+
+							</div></li><li class="listitem"><div class="para">
+								Ensure that static networking is correctly configured.
+							</div></li><li class="listitem"><div class="para">
+								Restart the system.
+							</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Networking-Configuring_the_etchosts_File">1.1.3.5.2. Configuring the /etc/hosts File</h5></div></div></div><div class="para">
+						You need to ensure that your <code class="filename">/etc/hosts</code> file is configured correctly. A misconfigured file can prevent the FreeIPA command-line tools from functioning correctly and can prevent the FreeIPA web interface from connecting to the FreeIPA server.
+					</div><div class="para">
+						Configure the <code class="filename">/etc/hosts</code> file to list the FQDN for the FreeIPA server <span class="emphasis"><em>before</em></span> any aliases. Also ensure that the hostname is not part of the <code class="literal">localhost</code> entry. The following is an example of a valid hosts file:
+					</div><pre class="programlisting">127.0.0.1	localhost.localdomain	localhost
+::1		localhost6.localdomain6	localhost6
+192.168.1.1	ipaserver.example.com	ipaserver
+</pre><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							Do not omit the <code class="systemitem">IPv4</code> entry in the <code class="filename">/etc/hosts</code> file. This entry is required by the FreeIPA web service.
+						</div></div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="doc-history.html"><strong>Prev</strong>4. Document Change History</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Installing_the_IPA_Server_Packages.html"><strong>Next</strong>1.2. Installing the FreeIPA Server Packages</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/introduction.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/introduction.html
new file mode 100644
index 0000000..f0a2818
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/introduction.html
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. Introduction to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="index.html" title="Enterprise Identity Management Guide" /><link rel="prev" href="doc-history.html" title="4. Document Change History" /><link rel="next" href="ipa-components.html" title="1.2. Identity Management: Authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="doc-history.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="
 ipa-components.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="introduction" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Introduction to IPA</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="introduction.html#what-is-ipa">1.1. IPA Defined</a></span></dt><dd><dl><dt><span class="section"><a href="introduction.html#ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</a></span></dt><dd><dl><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</a></span></dt><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</a></span></dt><dt><span class="section"><a href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture
 -IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</a></span></dt></dl></dd><dt><span class="section"><a href="introduction.html#ipa-domains">1.1.2. About IPA Domains</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-components.html">1.2. Identity Management: Authentication</a></span></dt><dt><span class="section"><a href="policy.html">1.3. Defining Policies: Authorization</a></span></dt><dt><span class="section"><a href="deployment-scenarios.html">1.4. Planning IPA</a></span></dt></dl></div><div class="para">
+		XXXXX introXXXXXXXX
+	</div><div class="section" id="what-is-ipa"><div class="titlepage"><div><div><h2 class="title" id="what-is-ipa">1.1. IPA Defined</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div><div class="para">
+			IPA is an integrated security information management solution which combines Red Hat Enterprise Linux, Red Hat Directory Server, MIT Kerberos, and NTP. It provides web browser and command-line interfaces, and its numerous administration tools allow an administrator to quickly install, set up, and administer one or more servers for centralized authentication and identity management.
+		</div><div class="para">
+			The latest version of IPA extends the integration of DNS, includes a Certificate System Server, an enhanced administrative framework, support for host identities, netgroups, automount by location and other features.
+		</div><div class="para">
+			IPA focuses on making centralized identity and policy easy to manage in Linux and Unix environments, and includes interoperability with the Windows environment.
+		</div><div class="section" id="ipa-v-ldap"><div class="titlepage"><div><div><h3 class="title" id="ipa-v-ldap">1.1.1. IPA v. LDAP: A More Focused Type of Service</h3></div></div></div><div class="para">
+				XXXXXXXXXX fix me XXXXXXXX
+			</div><div class="para">
+				The following diagram provides a high-level view of the current IPA architecture. It is broken down into three main components: the IPA core; the management station; and the managed host. Each of these components is described in more detail below.
+			</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-High_level_IPA_Architecture"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_arch.png" alt="High-level IPA Architecture" /></div></div><h6>Figure 1.1. High-level IPA Architecture</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-The_IPA_Core">1.1.1.1. The IPA Core</h4></div></div></div><div class="para">
+					The IPA core consists of the servers, services, and other utilities necessary to provide the fundamental IPA functionality. This includes the management framework, the directory server, the KDC, the web server, and the DNS.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Kerberos_KDC"><h5 class="formalpara">Kerberos KDC</h5>
+						The Kerberos KDC is the Kerberos authentication server, and provides authentication services for users, hosts, and services. It stores its data in the directory server.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Directory_Server"><h5 class="formalpara">Directory Server</h5>
+						The directory server is the core storage system of the IPA server. The directory server stores all of the information about user accounts used by the KDC for authentication, groups, hosts, services, netgroups and policy information. If configured and used, DNS uses the same instance of the directory server to store DNS information. The directory server provides a multi-master replication capability so that multiple IPA replicas can be deployed.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Management_Framework"><h5 class="formalpara">Management Framework</h5>
+						The management framework is an abstraction layer which provides some business logic on top of the directory server. The management of data in the DS is performed over the XML-RPC interface through the management framework.
+					</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+						Direct modifications to the DS data is strongly discouraged unless explicitly mentioned in the documentation.
+					</div></div></div><div class="para">
+					The management framework uses a pluggable architecture that allows adding or extending existing objects in IPA by third parties.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-DNS"><h5 class="formalpara">DNS</h5>
+						The DNS is the Domain Name Service. This is an optional component that can be installed and configured at any time. Alternatively, an existing DNS server can be used. In this case, however, there will be no tight integration between DNS management and the management of hosts that IPA provides.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-Web_UI"><h5 class="formalpara">Web UI</h5>
+						The web UI provides web-based management services for the IPA server.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Core-NTP"><h5 class="formalpara">NTP</h5>
+						NTP is an optional service, but can be enabled on the IPA server, in which case the IPA server becomes the NTP server for the deployment. You can use other NTP servers as desired.
+					</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Management_Stations">1.1.1.2. IPA Management Stations</h4></div></div></div><div class="para">
+					The management station is used to perform administrative tasks on the IPA server. IPA provides two interfaces for these tasks.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Management_Stations-Command_Line_Interface_CLI"><h5 class="formalpara">Command Line Interface (CLI)</h5>
+						The CLI performs management tasks using the management framework over the XML-RPC interface. Every management operation that can be performed against the IPA server can be done using this interface. The client side of the administrative interface is a package that needs to be installed on the Management Station.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Management_Stations-Browser_Interface"><h5 class="formalpara">Browser Interface</h5>
+						The browser interface is used for web-based management. It connects to the management framework using the JSON RPC.
+					</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">1.1.1.3. IPA Managed Hosts</h4></div></div></div><div class="para">
+					An IPA <em class="firstterm">managed host</em> is a host that is managed by IPA. The definition of "manage" in this context can be stated as "being able to retrieve a keytab and certificates on behalf of another host or service". This management is established by enrolling the host with IPA, a task performed by the <code class="command">ipa-client-install</code> command. As a result of this enrollment, <code class="systemitem">SSSD</code> and <code class="systemitem">certmonger</code> are configured (they are aware of the location of the IPA server), the keytab is provisioned and the host certificate is created. The host certificate is not used by IPA but is created nonetheless, for possible use by services that might be running on the host. The web server is one example of this.
+				</div><div class="para">
+					As a result of user authentication against the KDC, the TGT (ticket-granting ticket) is stored on the client machine. That ticket is used to access different services that are members of the same Kerberos domain. All services need to be registered in IPA and have a keytab provisioned for them. To do this, you need to create a service record in IPA and then execute the <code class="command">ipa-getkeytab</code> on the host where the service will be running. Note that this operation is independent of making the host a managed host. The service can run on either a managed host or an unmanaged host.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-SSSD"><h5 class="formalpara">SSSD</h5>
+						When configured to use IPA via its IPA back end, SSSD provides user authentication, identity look ups and HBAC (Host-based Access Control) enforcement. The host enrollment and configuration of SSSD are performed automatically by the <code class="command">ipa-client-install</code> command.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-certmonger"><h5 class="formalpara">certmonger</h5>
+						<code class="systemitem">certmonger</code> is an unattended service that can monitor the certificates on the client system and renew them on a scheduled basis when they are about to expire. It can also be used to request new certificates for the services running on the system or for a different system, for example when a management server or hypervisor requests certificates for a set of virtual machines.
+					</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-Extending_the_Permissions_of_IPA_Managed_Hosts"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Managed_Hosts-Extending_the_Permissions_of_IPA_Managed_Hosts">1.1.1.3.1. Extending the Permissions of IPA Managed Hosts</h5></div></div></div><div class="para">
+						As discussed in <a class="xref" href="introduction.html#sect-Enterprise_Identity_Management_Guide-High_level_IPA_Architecture-IPA_Managed_Hosts">Section 1.1.1.3, “IPA Managed Hosts”</a>, the definition of "manage" is "being able to retrieve a keytab and certificates on behalf of another host or service". Every host and service has a <em class="parameter"><code>managedby</code></em> entry. By default, a host can manage itself and all of its services. It is also possible to allow a host to manage other hosts, or services on other hosts, by updating the appropriate delegations or providing a suitable <em class="parameter"><code>managedby</code></em> entry. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								If a host is provided with a <em class="parameter"><code>managedby</code></em> entry to another host, it does not mean management of all services on that host. Each delegation has to be performed independently.
+							</div></div></div>
+
+					</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Service_Management"><div class="titlepage"><div><div><h6 class="title" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Service_Management">1.1.1.3.1.1. Delegating Service Management</h6></div></div></div><div class="para">
+							This section describes how to create a new host and a service on that host, and then delegate management of that service to another host. In this example, the IPA server is installed on <code class="systemitem">slinky.example.com</code>
+						</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Delegating_Service_Management-To_delegate_service_management_to_another_host"><h6>Procedure 1.1. To delegate service management to another host</h6><ol class="1"><li class="step"><div class="para">
+									Create a new host: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add panther.example.com</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Create a service on this host: 
+<pre class="screen"><code class="command"># ipa service-add test/panther.example.com</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Delegate managing the service: 
+<pre class="screen"><code class="command"># ipa service-add-host --hosts=slinky panther</code></pre>
+
+								</div><div class="para">
+									You can now use the host service principal on <code class="systemitem">slinky</code> to manage <code class="systemitem">panther</code>: 
+<pre class="screen"><code class="command"># kinit -kt /etc/krb5.keytab host/`hostname`</code>
+<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/test.keytab -p test/panther.example.com</code>
+Keytab successfully retrieved and stored in: /tmp/test.keytab</pre>
+
+								</div></li><li class="step"><div class="para">
+									To create a ticket for this service, create a CSR and then run the following command: 
+<pre class="screen"><code class="command"># ipa cert-request --add --principal=test/panther.example.com panther.csr</code>
+  Certificate: MIICETCCAXqgA...[snip]
+  Subject: CN=panther.example.com,O=EXAMPLE.COM
+  Issuer: CN=EXAMPLE.COM Certificate Authority
+  Not Before: Tue Feb 08 18:51:51 2011 UTC
+  Not After: Mon Feb 08 18:51:51 2016 UTC
+  Fingerprint (MD5): c1:46:8b:29:51:a6:4c:11:cd:81:cb:9d:7c:5e:84:d5
+  Fingerprint (SHA1):
+  01:43:bc:fa:b9:d8:30:35:ee:b6:54:dd:a4:e7:d2:11:b1:9d:bc:38
+  Serial number: 1005
+</pre>
+
+								</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Host_Management"><div class="titlepage"><div><div><h6 class="title" id="sect-Enterprise_Identity_Management_Guide-Extending_the_Permissions_of_IPA_Managed_Hosts-Delegating_Host_Management">1.1.1.3.1.2. Delegating Host Management</h6></div></div></div><div class="para">
+							This section describes how to delegate management of one host to another host. This example uses the same hosts as those used in the previous example.
+						</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Delegating_Host_Management-To_delegate_host_management_to_another_host"><h6>Procedure 1.2. To delegate host management to another host</h6><ol class="1"><li class="step"><div class="para">
+									Ensure you have <code class="systemitem">admin</code> credentials and then add the appropriate <em class="parameter"><code>managedby</code></em> entry: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add-managedby --hosts=slinky panther</code></pre>
+
+								</div></li><li class="step"><div class="para">
+									Obtain a TGT as the host <code class="systemitem">slinky</code> and then retrieve a keytab for <code class="systemitem">panther</code>: 
+<pre class="screen"><code class="command"># kinit -kt /etc/krb5.keytab host/`hostname`</code>
+<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/panther.keytab -p host/panther.example.com</code>
+Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
+
+								</div></li></ol></div></div></div></div></div><div class="section" id="ipa-domains"><div class="titlepage"><div><div><h3 class="title" id="ipa-domains">1.1.2. About IPA Domains</h3></div></div></div><div class="para">
+				XXXXXXXXXX fix me XXXXXXXX
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="doc-history.html"><strong>Prev</strong>4. Document Change History</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-components.html"><strong>Next</strong>1.2. Identity Management: Authentication</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html
new file mode 100644
index 0000000..7b0ac10
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.9. Setting an IPA Server as an Apache Virtual Host</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html" title="12.8. Configuring Certificates and Certificate Authorities" /><link rel="next" href="ipa-cluster.html" title="12.10. Using IPA in a Cluster" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
 ass="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">12.9. Setting an IPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
+			If you have a standard Apache instance running on port 80, you can configure IPA to run on a secondary port, for example, on port 8089. You should be aware, however, that in this configuration, IPA does not use <code class="systemitem">SSL</code>; all requests will use standard <code class="systemitem">HTTP</code>.
+		</div><div class="para">
+			The following procedure assumes that IPA is configured to run on port 80, and that you want to move it to port 8089.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_IPA_to_run_as_an_Apache_Virtual_Host-To_configure_IPA_to_run_on_port_8089"><h6>Procedure 12.4. To configure IPA to run on port 8089:</h6><ol class="1"><li class="step"><div class="para">
+					Log in as the <code class="systemitem">root</code> user.
+				</div></li><li class="step"><div class="para">
+					Edit the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file. Add the following three lines to the beginning of the file:
+				</div><pre class="programlisting">Listen 8089
+NameVirtualHost *:8089
+&lt;VirtualHost *:8089&gt;
+</pre></li><li class="step"><div class="para">
+					Add the following line to the end of the file:
+				</div><pre class="programlisting">&lt;/VirtualHost&gt;
+</pre><div class="para">
+					This wraps the entire IPA configuration in a virtual host, and ensures that Apache is listening to that port.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You cannot use port 8080. This port is used by the <code class="systemitem">ipa_webgui</code> service.
+					</div></div></div></li><li class="step"><div class="para">
+					Comment out the following rewrite rules from the <code class="filename">/etc/httpd/conf.d/ipa.conf</code> file:
+				</div><pre class="programlisting">----------------------------------------------------------------------
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+RewriteCond %{HTTP_HOST}    !^host.foo.com$ [NC]
+RewriteRule ^/(.*)          http://host.foo.com/$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
+RewriteCond %{SERVER_PORT}  !^443$
+RewriteCond %{REQUEST_URI}  !^/(errors|config|favicon.ico)
+RewriteRule ^/(.*)          https://host.foo.com/$1 [L,R=301,NC]
+---------------------------------------------------------------------
+</pre></li><li class="step"><div class="para">
+					Reload the <code class="systemitem">httpd</code> service.
+				</div><div class="para">
+					
+<pre class="screen"><code class="command"># service httpd reload</code></pre>
+
+				</div></li></ol></div><div class="para">
+			This configures IPA to run on port 8089, leaving port 80 free for your normal web site.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong>12.8. Configuring Certificates and Certificate Au...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong>12.10. Using IPA in a Cluster</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html
new file mode 100644
index 0000000..c657898
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.10. Using IPA in a Cluster</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="ipa-apache.html" title="12.9. Setting an IPA Server as an Apache Virtual Host" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html" title="12.11. Creating DNS Entries for FreeIPA Replicas" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class=
 "docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">12.10. Using IPA in a Cluster</h2></div></div></div><div class="para">
+			The IPA server currently does not specifically handle the case of a service running in a cluster. That is, the IPA server is not <em class="firstterm">cluster aware</em>. It is possible to configure a clustered service to be part of IPA, although a certain amount of manual configuration is required. This involves sharing and synchronizing Kerberos keys across all of the participating hosts, and also configuring services running on the hosts to respond to whatever names the clients want to use.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">12.10.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
+				Use the following procedure to set up the Kerberos credentials for an environment where your managed host is a cluster of nodes.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><h6>Procedure 12.5. Configuring Kerberos Credentials for a Clustered Environment</h6><ol class="1"><li class="step"><div class="para">
+						Enroll all of the hosts in the IPA domain, and collect any keytabs that have been set up. At a minimum, this is <code class="filename">/etc/krb5.keytab</code>, although additional services may have their keys in other files.
+					</div></li><li class="step"><div class="para">
+						Use the <code class="command">ktutil</code> command to produce a single keytab file that contains the contents of all of the keytab files.
+					</div><ol class="a"><li class="step"><div class="para">
+								For each file, use the <code class="command">rkt</code> command to read the keys from that file.
+							</div></li><li class="step"><div class="para">
+								Use the <code class="command">wkt</code> command to write all of the keys which have been read to a new keytab file.
+							</div></li></ol></li><li class="step"><div class="para">
+						Replace the keytab files on each host with the newly-created keytab file.
+					</div></li></ol></div><div class="para">
+				Each host in this cluster should now be able to impersonate any other host.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">12.10.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
+					Additional service-specific configuration may be required if cluster members do not reset their hostnames when they take over for a failed service. 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								For <code class="systemitem">sshd</code>, set <em class="parameter"><code>GSSAPIStrictAcceptorCheck no</code></em> in <code class="filename">/etc/ssh/sshd_config</code>
+							</div></li><li class="listitem"><div class="para">
+								For <code class="systemitem">mod_auth_kerb</code>, set <em class="parameter"><code>KrbServiceName Any</code></em> in <code class="filename">/etc/httpd/conf.d/auth_kerb.conf</code>
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">12.10.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
+					For SSL servers, it is important that the subject name or a <em class="parameter"><code>subjectAlternativeName</code></em> value for the server's certificate look correct when a client connects to the clustered item. The simplest way to do this is to keep the private key and certificate synchronized across all of the hosts, but it is better to share the private key if possible. Ensuring that certificates issued to each cluster member contain <em class="parameter"><code>subjectAlternativeName</code></em> values naming all of the cluster members should satisfy any client connection requirements.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">12.10.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
+				One aspect of applying IPA in a cluster use case is using the same service principal for multiple services, spread across different machines. This is a simple procedure and could be implemented as follows: 
+				<div class="orderedlist"><ol><li class="listitem"><div class="para">
+							Retrieve a service principal in the normal way, using the <code class="command">ipa-getkeytab</code> command, or use the keytab that is set up when the host joins the realm. That is, by using <code class="command">ipa-join</code>, which creates or updates the <code class="filename">/etc/krb5.keytab</code> file with a host/principal.
+						</div></li><li class="listitem"><div class="para">
+							When you have the principal in a keytab on the system, you can direct multiple servers or services to use the same file, or you can copy the file to discrete locations as required.
+						</div></li></ol></div>
+
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong>12.9. Setting an IPA Server as an Apache Virtual ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Next</strong>12.11. Creating DNS Entries for FreeIPA Replicas</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-components.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-components.html
new file mode 100644
index 0000000..5987c52
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-components.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Identity Management: Authentication</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="prev" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="next" href="policy.html" title="1.3. Defining Policies: Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="introduction.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="p
 olicy.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-components"><div class="titlepage"><div><div><h2 class="title" id="ipa-components">1.2. Identity Management: Authentication</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="introduction.html"><strong>Prev</strong>Chapter 1. Introduction to IPA</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="policy.html"><strong>Next</strong>1.3. Defining Policies: Authorization</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-files.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-files.html
new file mode 100644
index 0000000..8d58117
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-files.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.4. A Summary of IPA Server Configuration Files and Directories</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="basic-usage.html" title="Chapter 4. Basic Usage" /><link rel="prev" href="switching-users.html" title="4.3. Switching Users" /><link rel="next" href="managing-clients.html" title="Chapter 5. Managing Clients in the IPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="switching-users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" hr
 ef="managing-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-files"><div class="titlepage"><div><div><h2 class="title" id="ipa-files">4.4. A Summary of IPA Server Configuration Files and Directories</h2></div></div></div><div class="para">
+			XXXXXXXXXXX FIX ME XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="switching-users.html"><strong>Prev</strong>4.3. Switching Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong>Chapter 5. Managing Clients in the IPA Domain</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html
new file mode 100644
index 0000000..dbff81f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Index</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div class="index" id="id3400652"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div clas
 s="index"></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong>Glossary</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html
new file mode 100644
index 0000000..dd453e5
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Setting Kerberos Ticket Policies</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html" title="6.3. Creating and Using Service Principals" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Sit
 e" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong></a></li></ul><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">6.2. Setting Kerberos Ticket Policies</h2></div></div></div><div class="para">
+			Kerberos tickets are issued subject to the restraints of the <em class="firstterm">Kerberos ticket policy</em>. This policy defines the maximum ticket lifetime and also the maximum renewal age, the period during which the ticket is renewable. You can use the <code class="command">ipa krbtpolicy-mod</code> command to modify the policy to suit your environment. You can also use the <code class="command">ipa krbtpolicy-reset</code> command to reset the policy to the default values.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Use the following command to restart the KDC: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div></div></div><div class="para">
+			Kerberos authentication is the core of the FreeIPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+		</div><div class="para">
+			FreeIPA uses a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age; that is, the period during which the ticket is renewable. You can also create a per-user ticket policy by specifying the user login.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Changes to the global policy require a restart of the KDC service to take effect, as follows: 
+<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+
+			</div><div class="para">
+				Changes to per-user policies take effect immediately for newly-requested tickets, for example, when the user next runs <code class="command">kinit</code>.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong>Chapter 6. Identity: Using FreeIPA for a Kerberos...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong>6.3. Creating and Using Service Principals</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html
new file mode 100644
index 0000000..1b769f7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="searching.html" title="5.8. Searching for Users and Groups" /><link rel="next" href="kerb-policies.html" title="6.2. Setting Kerberos Ticket Policies" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="searching.html"><strong>Prev</strong></a></li><li class="next"><a accessk
 ey="n" href="kerb-policies.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Servic
 e">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html">6.6. Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">6.1.
  About Kerberos</h2></div></div></div><div class="para">
+			The Kerberos server is a part of FreeIPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <em class="firstterm">ticket</em>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
+		</div><div class="para">
+			To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <em class="firstterm">ticket-granting ticket</em> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+		</div><div class="para">
+			<code class="systemitem">Kerberos</code> is a network authentication protocol which allows users to authenticate to services with the help of a KDC. <code class="systemitem">Kerberos</code> authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <em class="firstterm">principal names</em>, and those users and services are often referred to simply as <em class="firstterm">principals</em>.
+		</div><div class="para">
+			A service principal consists of three components: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						the service name
+					</div></li><li class="listitem"><div class="para">
+						the fully-qualified domain name (FQDN)
+					</div></li><li class="listitem"><div class="para">
+						the Kerberos realm
+					</div></li></ul></div>
+
+		</div><div class="para">
+			The service name is an arbitrary case-sensitive string, such as <code class="systemitem">host</code>, <code class="systemitem">HTTP</code>, <code class="systemitem">ldap</code>, or <code class="systemitem">DNS</code>. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the <code class="systemitem">host</code> service principal.
+		</div><div class="para">
+			The syntax, or structure, of a service principal is as follows: <code class="systemitem">service/FQDN at REALM</code>. For example, the host service principal for a machine named <code class="systemitem">test.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code> would be <code class="systemitem">host/test.example.com at EXAMPLE.COM</code>. By convention, this principal is stored in <code class="filename">/etc/krb5.keytab</code>.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				When you run the <code class="command">ipa-client-install</code> command, it retrieves the host service principal and stores it in the <code class="filename">/etc/krb5.keytab</code> file. This host principal is stored within the host record so that the service commands cannot be used with this principal. The idea behind this is that after you have run the <code class="command">ipa-client-install</code> command, your client should be fully prepared to participate in the FreeIPA network.
+			</div></div></div><div class="para">
+			Clients use service principals to inform the KDC which service they need a ticket for. The KDC uses the key assigned to the service principal to encrypt the service ticket it grants to client. Service principals and their associated keys are stored in a keytab file. If the KDC has the service principal and the key assigned to that principal, it can still provide the client with a ticket, but the service server will not be able to decrypt the ticket without the key stored in that keytab file.
+		</div><div class="para">
+			Service principals are typically released per service, although it is possible for one service principal to be used for more than one service.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-The_Importance_of_Service_Principals_and_keytabs"><h5 class="formalpara">The Importance of Service Principals and keytabs</h5>
+				Service principals and their associated keys play a critical role in a <code class="systemitem">Kerberos</code>-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their <code class="systemitem">Kerberos</code> credentials.
+			</div><div class="para">
+			For example, if a user tries to mount an <code class="systemitem">NFS</code> directory using <code class="systemitem">Kerberos</code>, then both the <code class="systemitem">NFS</code> server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the FreeIPA <code class="systemitem">NFS</code> configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Service_Principals_and_Key_Tables_keytabs-Protecting_keytab_Files"><h5 class="formalpara">Protecting keytab Files</h5>
+				To protect your keytab files, consider the following general rules with respect to their permissions and ownership: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Owner: <span class="property">uid</span> of the process that will use the keytab
+						</div></li><li class="listitem"><div class="para">
+							Mode: 0600
+						</div></li></ul></div>
+				 For example, set the owner of the <span class="application"><strong>Apache</strong></span> keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Clients attempting to mount <code class="systemitem">NFS</code> exports rely on the existence of a valid principal and secret key on both the <code class="systemitem">NFS</code> server and the client host. Clients themselves should not have access to the <code class="systemitem">NFS</code> keytab. The ticket for the <code class="systemitem">NFS</code> connection will be given to clients from the KDC.
+			</div><div class="para">
+				Failure to export an updated keytab can cause problems that are difficult to isolate. For example, existing service connections may continue to function, but no new connections may be possible.
+			</div><div class="para">
+				Due to the critical role that keytabs play in authenticating users and services, and the issues that can arise if they are compromised, ensure that all keytab files are appropriately secured, and have suitable file ownership and permissions established.
+			</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="searching.html"><strong>Prev</strong>5.8. Searching for Users and Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="kerb-policies.html"><strong>Next</strong>6.2. Setting Kerberos Ticket Policies</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html
new file mode 100644
index 0000000..49561cc
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Logging into the IPA UI</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="basic-usage.html" title="Chapter 3. Basic Usage" /><link rel="prev" href="basic-usage.html" title="Chapter 3. Basic Usage" /><link rel="next" href="switching-users.html" title="3.3. Switching Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="basic-usage.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="switching-users
 .html"><strong>Next</strong></a></li></ul><div class="section" id="logging-in"><div class="titlepage"><div><div><h2 class="title" id="logging-in">3.2. Logging into the IPA UI</h2></div></div></div><div class="para">
+			To be able to perform any administrative task you need to authenticate to the server. During the configuration step you were prompted to create two users. The first of these, <code class="literal">Directory Manager</code>, is the superuser, used to perform rare, low-level tasks. The second user, <code class="literal">admin</code>, is used to perform normal administrative activities.
+		</div><div class="para">
+			To authenticate as the <code class="literal">admin</code> user:
+		</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+					Open a new terminal window. This is to ensure that all default aspects of the environment (especially paths) are set correctly.
+				</div></li><li class="step"><div class="para">
+					In this window, type <code class="command">kinit admin</code>.
+				</div></li><li class="step"><div class="para">
+					When you are prompted to enter a password, use the password that you specified during the configuration step for the <code class="literal">admin</code> user.
+				</div></li></ol></div><div class="para">
+			As a result of this operation you will acquire what is known as a Kerberos <em class="firstterm">ticket</em>. You can use the <code class="command">klist</code> command to inspect the details of the ticket that you have acquired.
+		</div><div class="para">
+			You can now authenticate using the newly-created user and temporary password. Type <code class="command">kinit &lt;user login&gt;</code> to log in to IPA. This will prompt you for a password and then immediately request a password change.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The <span class="application"><strong>Kerberos</strong></span> client libraries used by the <code class="command">kinit</code> utility have some limitations. One of these limitations is the fact that the on-disc ticket storage is overwritten with any new invocation of <code class="command">kinit</code>. This means that if you authenticated as <code class="systemitem">admin</code>, then added user <code class="systemitem">foo</code>, set their password and then tried to authenticate as that user, the administrator's ticket would be lost. To prevent this from happening, a special environment variable, <code class="varname">KRB5CCNAME</code>, can be used. This allows you to keep credential caches separate in different shells. Refer to the <code class="command">kinit</code> man page for more information.
+			</div></div></div><div class="para">
+			You can browse the IPA man pages and help system to explore other IPA commands. Please take some time to become familiar with the ways other IPA objects can be created and modified.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="basic-usage.html"><strong>Prev</strong>Chapter 3. Basic Usage</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="switching-users.html"><strong>Next</strong>3.3. Switching Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html
new file mode 100644
index 0000000..6e67051
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.13. IPA Server Logging</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="promoting-replica.html" title="12.12. Promoting a Read-Only Replica to an IPA Server" /><link rel="next" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
 <a accesskey="p" href="promoting-replica.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Next</strong></a></li></ul><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">12.13. IPA Server Logging</h2></div></div></div><div class="para">
+			If you are using the IPA command-line tools or the WebUI to manage IPA data then you should refer to the following sections to help troubleshoot any problems.
+		</div><div class="para">
+			You should first check the <code class="filename">/var/log/httpd/error_log</code> file. This may contain more information on the error and/or a python stacktrace.
+		</div><div class="para">
+			To see the LDAP queries that are being made by the framework you can inspect the <code class="filename">/var/log/dirsrv/slapd-INSTANCE/access</code> file. Note that this file is buffered and so it only writes to disk about every 30 seconds.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Server_Debugging_Output"><h5 class="formalpara">Increasing Server Debugging Output</h5>
+				To increase the server debugging output you can create the <code class="filename">/etc/ipa/server.conf</code> file and include the following entry: 
+<pre class="programlisting">[global]
+debug=True</pre>
+				 You need to restart the <code class="systemitem">httpd</code> daemon for this change to take effect.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Server-Increasing_Client_Debugging_Output"><h5 class="formalpara">Increasing Client Debugging Output</h5>
+				You can increase debugging output on the client with the <code class="option">-v</code> global option: 
+<pre class="screen"><code class="command">$ ipa -v user-show admin</code></pre>
+				 You can use the <code class="option">-v</code> option twice to display the XML-RPC exchange: 
+<pre class="screen"><code class="command">$ ipa -vv user-show admin</code></pre>
+
+			</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="promoting-replica.html"><strong>Prev</strong>12.12. Promoting a Read-Only Replica to an IPA Se...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Next</strong>Appendix A. Frequently Asked Questions</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html
new file mode 100644
index 0000000..0ee1488
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. Managing Clients in the FreeIPA Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="switching-users.html" title="3.3. Switching Users" /><link rel="next" href="enrolling-machines.html" title="4.2. Enrolling Machines" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="switching-users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href=
 "enrolling-machines.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="managing-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. Managing Clients in the FreeIPA Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">4.1. Working with DNS</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">4.1.1. Adding Hosts to a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">4.1.2. Removing Hosts from a FreeIPA DNS</a></span></dt><dt><span class="section"><a href="managing-clients.html#sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing
 _DNS_Zones">4.1.3. Managing DNS Zones</a></span></dt></dl></dd><dt><span class="section"><a href="enrolling-machines.html">4.2. Enrolling Machines</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Privileged_Administrator">4.2.1. Manual Host Enrollment with Privileged Administrator</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Manual_Host_Enrollment_with_Separation_of_Duties">4.2.2. Manual Host Enrollment with Separation of Duties</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#sect-Enterprise_Identity_Management_Guide-Enrollment_Scenarios-Bulk_Host_Deployment">4.2.3. Bulk Host Deployment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">4.3. Renaming Machines</a></span></dt><dt><span class="section"><a hr
 ef="config-virt-machines.html">4.4. Reconfiguring Virtual Machines</a></span></dt><dt><span class="section"><a href="certs.html">4.5. Configuring Certificate-Based Machine Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="certs.html#sect-Enterprise_Identity_Management_Guide-Configuring_Machine_Authentication-Authentication_Usage_Scenarios">4.5.1. Authentication Usage Scenarios</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html">4.6. Client Problems</a></span></dt><dt><span class="section"><a href="uninstalling-clients.html">4.7. Uninstalling a FreeIPA Client</a></span></dt></dl></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Command_Line_Tools-Working_with_DNS">4.1. Working with DNS</h2><
 /div></div></div><div class="para">
+			A number of benefits exist if you take advantage of FreeIPA's ability to automatically install and configure a DNS, in particular the ability to ease the modification of DNS records when adding hosts to FreeIPA. For example, options exist to add and remove IP addresses, A entries, PTR entries, etc. These options are not available if you are not using a FreeIPA-based DNS.
+		</div><div class="para">
+			IPA stores all DNS information as discrete records in LDAP, and communicates with LDAP using the <span class="package">bind-dyndb-ldap</span> plug-in and the <code class="filename">install/share/60basev2.ldif</code> schema. You can install and configure the DNS as part of the FreeIPA server installation, using the <code class="option">--setup-dns</code> option, or you can add it later using the <code class="command">ipa-dns-install</code> command.
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				The following options are currently only available with IPv4 addresses.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Adding_Hosts_to_an_IPA_DNS">4.1.1. Adding Hosts to a FreeIPA DNS</h3></div></div></div><div class="para">
+				If you are using a FreeIPA-based DNS system, you can use the <code class="option">--ip-address</code> and <code class="option">--force</code> options to the <code class="command">ipa host-add</code> command to provide the IP address and hostname of the FreeIPA machine to the DNS. For example, 
+<pre class="screen"><code class="command">$ ipa host-add --force --ip-address=192.168.166.31 puma.example.com </code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Removing_Hosts_from_an_IPA_DNS">4.1.2. Removing Hosts from a FreeIPA DNS</h3></div></div></div><div class="para">
+				IPA provides the <code class="command">ipa host-del</code> command to delete FreeIPA hosts. You can pass the <code class="option">--updatedns</code> option to this command to remove the associated records from the DNS. It will attempt to remove any record, A, AAAA, PTR, NS, SRV, and other entries that reference this host. For example, 
+<pre class="screen"><code class="command">$ ipa host-del --updatedns puma</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Managing_DNS_Zones">4.1.3. Managing DNS Zones</h3></div></div></div><div class="para">
+				IPA provides all the necessary commands to create and manage zones in a FreeIPA-managed DNS server. You can create and delete zones and add entries to any of these zones using the appropriate FreeIPA commands.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_DNS_Zones">4.1.3.1. Adding DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnszone-add</code> command to add a new zone to your DNS server. You can pass optional attributes on the command line, and you will be prompted for any required information. The following example demonstrates adding a new zone to your top-level domain.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You need to restart the <code class="systemitem">named</code> service whenever you create a new zone, otherwise the DNS server will not reply successfully to queries asking for records in the new zone. This is a one-time operation; any subsequent changes to the zone do not require any further action to be effective.
+					</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_add_the_sub_domain_translation_to_the_ipadocs.org_domain"><h6>Procedure 4.1. To add the sub-domain "translation" to the ipadocs.org domain</h6><ol class="1"><li class="step"><div class="para">
+							Ensure you have a valid Kerberos ticket: 
+<pre class="screen"><code class="command">$ kinit admin</code>
+Password for admin at IPADOCS.ORG:</pre>
+
+						</div></li><li class="step"><div class="para">
+							Run the following command to add the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-add translation.ipadocs.org</code></pre>
+
+						</div></li><li class="step"><div class="para">
+							Reload the <code class="systemitem">named</code> service (ensure you have <code class="systemitem">root</code> privileges): 
+<pre class="screen"><code class="command"># service named reload</code></pre>
+
+						</div></li></ol></div><div class="para">
+					Use the <code class="command">ipa dnszone-show</code> command to display details about the new zone: 
+<pre class="screen"><code class="command">$ ipa dnszone-show translation.ipadocs.org</code>
+  Zone name: translation.ipadocs.org
+  Authoritative name server: ipaserver.ipadocs.org.
+  Administrator e-mail address: root.translation.ipadocs.org.
+  SOA serial: 2011090201
+  SOA refresh: 3600
+  SOA retry: 900
+  SOA expire: 1209600
+  SOA minimum: 3600
+  Active zone: TRUE</pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><h5 class="formalpara">Using Dynamic DNS Updates</h5>
+						Dynamic DNS updates are not enabled by default for new DNS zones served by FreeIPA; that is, zones added by the <code class="command">ipa dnszone-add</code> command. This may lead to errors in the <code class="command">ipa-client-install</code> script when it joins this domain and tries to add a DNS record pointing to this new client.
+					</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Adding_DNS_Zones-To_enable_dynamic_DNS_updates"><h6>Procedure 4.2. To enable dynamic DNS updates</h6><ul><li class="step"><div class="para">
+							Use the following command to enable dynamic updates:
+						</div><pre class="screen"><code class="command">$ ipa dnszone-mod clients.example.com --allow-dynupdate \ </code>
+                        <code class="command">--update-policy="grant TESTRELM krb5-self * A; grant TESTRELM krb5-self * AAAA;"</code></pre><div class="para">
+							In this example, <code class="systemitem">clients.example.com</code> is the custom DNS domain managed by the FreeIPA server and TESTRELM is the Kerberos realm.
+						</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Adding_Records_to_DNS_Zones">4.1.3.2. Adding Records to DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-add</code> command to add various types of records to DNS zones. The following examples demonstrate adding some of these types of records.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv4_Type_A_Resource_Records"><h5 class="formalpara">Adding IPv4 (Type A) Resource Records</h5>
+						Type A resource records map hostnames to IPv4 addresses. To add a type A resource record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165</code></pre>
+						 This creates the record <code class="uri">www.example.com</code> with the IP address 10.64.14.165. Refer to <a href="http://tools.ietf.org/html/rfc1035">http://tools.ietf.org/html/rfc1035</a> for detailed information on Type A resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_IPv6_Type_AAAA_Resource_Records"><h5 class="formalpara">Adding IPv6 (Type AAAA) Resource Records</h5>
+						Type AAAA resource records (<em class="firstterm">quad-A records)</em> map hostnames to IPv6 addresses. Uses the same command syntax to add AAAA resource records, as follows: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+						 This creates the same record as in the previous example but with an IPv6 address. Refer to <a href="http://tools.ietf.org/html/rfc3596">http://tools.ietf.org/html/rfc3596</a> for detailed information on Type AAAA resource records.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Adding_Records_to_DNS_Zones-Adding_Service_SRV_Resource_Records"><h5 class="formalpara">Adding Service (SRV) Resource Records</h5>
+						<em class="firstterm">Service (SRV) resource records</em> map service names, for example, LDAP, to the DNS name of the server that is providing that particular service. Use the <code class="command">ipa dnsrecord-add</code> command to add SRV records to the DNS database. You need to add these records using a particular format for both the name of the record and the associated RDATA. For example: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="0 100 389 ipaserver.ipadocs.org"</code>
+<code class="command">$ ipa dnsrecord-add translation.ipadocs.org _ldap._tcp \</code>
+<code class="command">--srv-rec="1 100 389 ipareplica.ipadocs.org"</code></pre>
+
+					</div><div class="para">
+					Each record must be entered using the format <em class="replaceable"><code>_service._protocol</code></em>. RDATA is entered using the format <em class="replaceable"><code>"priority weight port target"</code></em>. Refer to <a href="http://tools.ietf.org/html/rfc2782">http://tools.ietf.org/html/rfc2782</a> for a detailed explanation.
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa dnsrecord-add</code> command only creates forward entries, not reverse entries.
+					</div></div></div><div class="para">
+					IPA DNS integration supports the following DNS record types: 
+<pre class="programlisting">A, AAAA, A6, AFSDB, APL, CERT, CNAME, DHCID, DLV, DNAME, DNSKEY, DS, HIP, IPSECKEY, KX, LOC,
+MX, NAPTR, NS, NSEC, NSEC3, NSEC3PARAM, PTR, RRSIG, RP, SIG, SPF, SRV, SSHFP, TA, TXT</pre>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">4.1.3.3. Deleting Records from DNS Zones</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa dnsrecord-del</code> command to remove records from DNS zones. The following examples demonstrate how to remove the records added in the preceding examples.
+				</div><div class="para">
+					To remove the A type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --a-rec 10.64.14.213</code></pre>
+
+				</div><div class="para">
+					To remove the AAAA type record from the "www" record, run the following command: 
+<pre class="screen"><code class="command">$ ipa dnsrecord-del example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</code></pre>
+
+				</div><div class="para">
+					Alternatively, you can use the <code class="option">--del-all</code> option to remove all associated records.
+				</div><div class="para">
+					You can also delegate zones if you want to allow other areas of your company intranet to reach your DNS server, or if you want to allow access from outside your firewalls. Refer to the <a href="http://www.isc.org/software/bind/documentation">ISC BIND documentation</a> for further information.
+				</div><div class="para">
+					Refer to the <code class="command">ipa help dns</code> help page for more information about working with DNS and FreeIPA.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="switching-users.html"><strong>Prev</strong>3.3. Switching Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="enrolling-machines.html"><strong>Next</strong>4.2. Enrolling Machines</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html
new file mode 100644
index 0000000..604a179
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.3. Migrating from NIS to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="nis.html" title="Chapter 9. Identity: Integrating with NIS Domains and Netgroups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html" title="9.2. Configuring the Network Information Service (NIS)" /><link rel="next" href="authz.html" title="Chapter 10. Policy: Configuring Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul clas
 s="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong></a></li></ul><div class="section" id="migrintg-from-nis"><div class="titlepage"><div><div><h2 class="title" id="migrintg-from-nis">9.3. Migrating from NIS to IPA</h2></div></div></div><div class="para">
+			The IPA development team researched the topic of how netgroups are typically used in order to better determine an optimal migration design solution. This research shows that the main use cases for netgroups are the aggregation of users and the aggregation of hosts, but not both at the same time. IPA does not provide a special script or command to facilitate the migration of customers' existing netgroups to IPA. This operation must be performed by the system administrator himself or with the help of professional services. This chapter provides some guidelines to ease the process of migrating netgroups to IPA.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</h3></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					These procedures are guidelines only, and are provided to help clean your environment and make it more manageable. It is not a definitive set of instructions, and administrators need to be creative and factor in the real constraints present in their environment. If any steps described below are not possible due to independent conditions, we recommend migrating netgroups on a one-to-one basis. This is described later in this chapter.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment"><h6>Procedure 9.1. To prepare your environment</h6><ol class="1"><li class="step"><div class="para">
+						Inspect your client applications and determine which kind of grouping information they need from the central server. For example, if netgroups exist that contain only users, and any applications that rely on these netgroups can be converted to use UNIX groups instead of netgroups, then we recommend doing so. If this is not possible, we still recommend creating UNIX groups out of the netgroups. If no applications use them, we recommend deleting these netgroups altogether. Refer to the following example:
+					</div><ol class="a"><li class="step"><div class="para">
+								Given the following netgroup: <code class="systemitem">(host1, user1, )(host2, user2,)(host3, user3, )...</code>, create a group consisting of the users <code class="systemitem">user1</code>, <code class="systemitem">user2</code>, and <code class="systemitem">user3</code> (assuming it does not already exist).
+							</div></li><li class="step"><div class="para">
+								Create a netgroup that has a <em class="parameter"><code>memberUser</code></em> attribute equal to the DN of the newly-created group. This netgroup will be equivalent to your original netgroup.
+							</div></li></ol></li><li class="step"><div class="para">
+						Migrating hosts is more straightforward. The creation of a host group automatically triggers the creation of a netgroup that is linked to the newly-created host group. This functionality is enabled by default, and can be managed with the following commands: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage status</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage disable</code>
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">ipa-host-net-manage enable</code>
+								</div></li></ul></div>
+
+					</div><div class="para">
+						This can be disabled when the clients no longer use netgroups for aggregation of hosts.
+					</div></li><li class="step"><div class="para">
+						If none of the above recommendations are possible and the netgroups need to be converted on a one-to-one basis, then:
+					</div><ol class="a"><li class="step"><div class="para">
+								Ensure that all users referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Ensure that all hosts referenced by a netgroup have been migrated. If not, then create them.
+							</div></li><li class="step"><div class="para">
+								Create a netgroup with the same name as the original netgroup.
+							</div></li><li class="step"><div class="para">
+								Add users and hosts as direct members of the netgroup, or, alternatively, put them into groups and then add those groups as members to the netgroup.
+							</div><div class="para">
+								For IPA clients, both methods result in the same thing — having the users and hosts managed in the netgroup — but from an administrative perspective, it may be simpler in some environments to use one option instead of the other.
+							</div></li></ol></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</h3></div></div></div><div class="para">
+				There are three main approaches that can be taken to the actual migration procedure:
+			</div><div class="orderedlist"><ol><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Dump the netgroups from the source into an LDIF file.
+							</div></li><li class="listitem"><div class="para">
+								Create a script that follows the instructions in <a class="xref" href="migrintg-from-nis.html#proc-Enterprise_Identity_Management_Guide-Preparing_Your_Environment-To_prepare_your_environment">Procedure 9.1, “To prepare your environment”</a> to convert the LDIF format into an LDIF file that contains IPA native objects.
+							</div></li><li class="listitem"><div class="para">
+								Run the conversion script and load the resulting LDIF file into IPA using the <code class="command">ldapmodify</code> command.
+							</div><div class="para">
+								Refer to <a href="http://linux.die.net/man/1/ldapmodify">http://linux.die.net/man/1/ldapmodify</a> or a similar man page for more details.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Create a script to retrieve data from the source (by parsing the LDIF file or by connecting to the original source of information using the client utility).
+							</div></li><li class="listitem"><div class="para">
+								Create a second script that invokes a sequence of IPA CLI commands. This script uses the information from the first script to create user, user group, host, host group and netgroup entries, and to create the appropriate associations.
+							</div><div class="para">
+								Refer to the IPA CLI help system for more details. Use the <code class="command">ipa help</code> command to display a list of available topics.
+							</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Use the UI to manually create a new structure of netgroups.
+							</div></li></ol></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong>9.2. Configuring the Network Information Service ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong>Chapter 10. Policy: Configuring Authorization</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html
new file mode 100644
index 0000000..61522e0
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. Identity: Integrating with NIS Domains and Netgroups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html" title="8.7. Winsync Agreement Failures" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html" title="9.2. Configuring the Network Information Service (NIS)" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
 png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="nis" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. Identity: Integrating with NIS Domains and Netgroups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="nis.html#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_
 IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="migrintg-from-nis.html">9.
 3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></div><div class="section" id="about-nis"><div class="titlepage"><div><div><h2 class="title" id="about-nis">9.1. About NIS and IPA</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</h3></div></div></div><div class="para">
+				Netgroups are a concept introduced in the directory service NIS. They were designed to contain users, hosts (machines) and other netgroups. A netgroup is a user-host-domain triplet. Refer to the following for more details about netgroups and their uses:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<a href="http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4">http://compute.cnr.berkeley.edu/cgi-bin/man-cgi?netgroup+4</a>
+					</div></li><li class="listitem"><div class="para">
+						<a href="http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F">http://directory.fedoraproject.org/wiki/Howto:Netgroups#What_are_NIS_netgroups_good_for.3F</a>
+					</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Do not read beyond the section "What are NIS netgroups good for?"; netgroup entries are different in IPA.
+				</div></div></div><div class="para">
+				Despite this difference, it is important to underline that there are two plug-ins in IPA that make the data in the new format available via NIS or the old standard RFC2307 and RFC2307bis LDAP schema. For details, refer to the documentation and examples at: <a href="https://fedorahosted.org/slapi-nis/">https://fedorahosted.org/slapi-nis</a>. The entries stored using the new schema are converted into the standard NIS netgroup map and served via the NIS protocol by the first plug-in described on the slapi-nis project page and the compatibility plug-in can be used to create a virtual LDAP view that matches the standard 2307 or 2307bis schema for netgroups using the IPA-specific schema.
+			</div><div class="para">
+				Historically, netgroups have been used to define groups of hosts or users. The advantage of netgroups for user aggregation has been that netgroups allow nesting while normal UNIX user groups do not. Netgroups also provide the only way to aggregate hosts. There is no notion of host groups in NIS, although for effective centralized system management they are definitely needed. It is important to understand that netgroups are collections of entities, be they users, hosts, or both, but there is no relation between particular user-host pairs defined in the netgroup triplet.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</h3></div></div></div><div class="para">
+				IPA defines both user groups and host groups, each of which allow nesting. This is a much cleaner way of aggregation and allows better separation of duties and access control. In an IPA deployment, netgroups are a much less attractive approach to grouping than with other LDAP-based systems compliant with RFC 2307 (this defines the LDAP schema for users, groups, netgroups and other maps).
+			</div><div class="para">
+				Client-side applications, for example, SUDO, need netgroups because there is no alternative to host grouping on the client side. Consequently, netgroups are far from obsolete on the client side. A lot of effort is still required within SSSD and IPA to provide clean interfaces to reliably (both online and offline) relay centrally-managed information to applications running on a client machine. IPA therefore provides a way to define and store netgroups, but they are viewed as secondary to user groups and host groups.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Approach_to_Netgroups-How_IPA_Stores_Netgroups">9.1.2.1. How IPA Stores Netgroups</h4></div></div></div><div class="para">
+					IPA stores netgroups in a different format from that specified in RFC2307 and RFC2307bis. The netgroup entries defined by the IPA schema allow relating different objects (users, groups, hosts, host groups) to each other. IPA also provides what is known as a <em class="firstterm">compat (compatibility)</em> plug-in. This plug-in creates a virtual view of the data stored in native IPA entries in the format expected by the RFC-compliant clients. This means that even though the internal data representation of netgroups is different from the RFC, this deviation does not affect clients due to the presence of the <code class="systemitem">compat</code> plug-in.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Comparison_of_Schema"><h5 class="formalpara">Comparison of Schema</h5>
+						To realize the differences, we can compare the standard RFC schema for netgroups and the schema used by IPA. IPA defines the following object class:
+					</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup'
+  DESC 'IPA version of NIS netgroup'
+  SUP ipaAssociation
+  STRUCTURAL
+  MAY ( externalHost $ nisDomainName $ member $ memberOf )
+  X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The IPA netgroup object class is derived from the association object class:
+				</div><pre class="programlisting">objectClasses: (2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation'
+    ABSTRACT
+    MUST ( ipaUniqueID $ cn )
+    MAY ( memberUser $ userCategory $
+    memberHost $ hostCategory $
+    ipaEnabledFlag $ description )
+    X-ORIGIN 'IPA v2' )</pre><div class="para">
+					The RFC2307bis schema defines the netgroup object as:
+				</div><pre class="programlisting">objectClasses: (1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+    SUP top
+    STRUCTURAL
+    DESC 'Abstraction of a netgroup. May refer to other netgroups'
+    MUST cn
+    MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-How_IPA_Stores_Netgroups-Discussion"><h5 class="formalpara">Discussion</h5>
+						The <em class="parameter"><code>nisNetgroupTriple</code></em> is a string consisting of the host-user-domain triplet. The IPA format allows referencing of other objects present in IPA, such as users and groups, instead of manually adding them to the value of the netgroup triplet. Such an arrangement provides a better administrative experience when a user or group is removed or renamed. Inspecting the <em class="parameter"><code>memberUser</code></em> attribute of the association, you can see that it can hold the DN of a user or a user group. In the same way, the <em class="parameter"><code>memberHost</code></em> attribute can hold a reference to a host or a host group entry. This means that the netgroup can function as a wrapper for groups of users and groups of hosts.
+					</div><div class="para">
+					For examples and more information on the meaning of the user and host category attributes, refer to: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities ">http://www.freeipa.org/page/DS_Design_Summary#Association_of_Different_Entities </a>
+							</div></li><li class="listitem"><div class="para">
+								<a href="http://www.freeipa.org/page/DS_Design_Summary#Netgroups">http://www.freeipa.org/page/DS_Design_Summary#Netgroups</a>
+							</div></li></ul></div>
+
+				</div></div></div><div class="section" id="adding-netgroups"><div class="titlepage"><div><div><h3 class="title" id="adding-netgroups">9.1.3. Adding Netgroups</h3></div></div></div><div class="para">
+				NIS groups traditionally contain a so-called netgroup triple of the format: (machine, user, domain)
+			</div><pre class="screen">machine - machine name, a host name
+user - user name
+domain - NIS domain of the machine and user
+</pre><div class="para">
+				IPA does not use this triple. Instead, it uses the membership relationship between LDAP entries. It is a simple matter to add users, hosts, and even their groups as members of a netgroup. The domain field is constant for each netgroup and defaults to the current IPA domain.
+			</div><div class="para">
+				The following is an example of a netgroup displayed using the IPA CLI:
+			</div><pre class="screen"><code class="command"># ipa netgroup-show net1</code>
+Netgroup name: net1
+Description: test netgroup
+NIS domain name: panda
+Member User: admin
+Member Host: icefloat.panda</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					There is no necessary relationship between the machine and the user. Only one of those fields is usually used at a time to avoid confusion.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</h3></div></div></div><div class="para">
+				The IPA netgroup management plug-in conforms to the Create, Read, Update, Delete (CRUD) command-naming conventions used in all other plug-ins that ship with the default IPA installation. You can use the following command to display a list of the IPA commands available for working with netgroups:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command"># ipa help netgroup</code></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Creating_New_Netgroups"><h5 class="formalpara">Creating New Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add</code> command to add new netgroups to IPA:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				NAME - the name of the netgroup (can be anything, but must be unique)
+			</div><div class="para">
+				DESCRIPTION - the netgroup description (required)
+			</div><div class="para">
+				NISDOMAIN - the NIS domain name. Defaults to the current IPA domain
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Deleting_Netgroups"><h5 class="formalpara">Deleting Netgroups</h5>
+					Use the <code class="command">ipa netgroup-del</code> command to delete IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-del NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Displaying_Netgroups"><h5 class="formalpara">Displaying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-show</code> command to display information about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-show NAME</code></pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Modifying_Netgroups"><h5 class="formalpara">Modifying Netgroups</h5>
+					Use the <code class="command">ipa netgroup-mod</code> command to modify details about IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-mod NAME [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN]</code></pre><div class="para">
+				Same as <code class="command">ipa netgroup-add</code>, except modifying the description is required and NISDOMAIN does not default to anything.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Searching_for_Netgroups"><h5 class="formalpara">Searching for Netgroups</h5>
+					Use the <code class="command">ipa netgroup-find</code> command to search for IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-find [CRITERIA] [--name=NAME] [--desc=DESCRIPTION] [--nisdomain=NISDOMAIN] [--uuid=UUID]</code></pre><div class="para">
+				CRITERIA is an optional substring, and if included in the query it must appear in either the name, the description or the NIS domain of the groups you are searching for. Other options are the same as <code class="command">ipa netgroup-add</code>, except that nothing is required and there are no default values. There is a new <code class="envar">UUID</code> option that allows searching netgroups by <code class="envar">ipaUniqueID</code>. If one of these options is set, the command returns only exact matches of this option.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Adding_Users_and_Hosts_to_Netgroups"><h5 class="formalpara">Adding Users and Hosts to Netgroups</h5>
+					Use the <code class="command">ipa netgroup-add-member</code> command to add users and hosts to IPA netgroups:
+				</div><pre class="screen"><code class="command"># ipa netgroup-add-member NAME [--users=USERS] [--groups=GROUPS] [--hosts=HOSTS] \</code>
+  <code class="command">[--hostgroups=HOSTGROUPS] [--netgroups=NETGROUPS]</code></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Removing_Users_and_Hosts_From_Netgroups"><h5 class="formalpara">Removing Users and Hosts From Netgroups</h5>
+					Use the <code class="command">ipa netgroup-remove-member</code> command to remove users and hosts from IPA netgroups:
+				</div><pre class="screen">
+		<div class="cmdsynopsis"><p><code class="command">ipa netgroup-remove-member</code> {
+					NAME
+				} [
+					--users=USERS
+				] [
+					--groups=GROUPS
+				] [
+					--hosts=HOSTS
+				] [
+					--hostgroups=HOSTGROUPS
+				] [
+					--netgroups=NETGROUPS
+				]</p></div></pre><div class="para">
+				USERS, GROUPS, HOSTS, HOSTGROUPS, and NETGROUPS are comma-separated lists of names of the appropriate objects.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Netgroup_Commands-Examples">9.1.4.1. Examples</h4></div></div></div><div class="para">
+					The following examples provide an introduction to using the <code class="command">ipa netgroup-*</code> commands:
+				</div><pre class="screen">
+<code class="command"># ipa netgroup-add net0 --desc="test netgroup"</code>
+  Netgroup name: net0
+  Description: test netgroup
+  NIS domain name: pavlova
+  IPA unique ID: 9e6e089c-2089-11df-b677-5452004c033a
+
+<code class="command"># ipa netgroup-mod net0 --desc="description change"</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+
+<code class="command"># ipa netgroup-add-member net0 --users=admin --hosts=testbox.pavlova</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member User: admin
+  Member Host: testbox.pavlova
+-------------------------
+Number of members added 2
+-------------------------
+
+<code class="command"># ipa netgroup-remove-member net0 --users=admin</code>
+  Netgroup name: net0
+  Description: description change
+  NIS domain name: pavlova
+  Member Host: testbox.pavlova
+---------------------------
+Number of members removed 1
+---------------------------
+
+<code class="command"># ipa netgroup-del net0</code>
+
+<code class="command"># ipa netgroup-show net0</code>
+ipa: ERROR: no such entry
+</pre></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Prev</strong>8.7. Winsync Agreement Failures</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Next</strong>9.2. Configuring the Network Information Service ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/policy.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/policy.html
new file mode 100644
index 0000000..d32e16d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/policy.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Defining Policies: Authorization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Drafts-Enterprise_Identity_Management_Guide-1-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Drafts');
+              
+	      addID('Drafts.1');
+              
+              addID('Drafts.1.books');
+	      addID('Drafts.1.Enterprise_Identity_Management_Guide');
+              </script><link rel="home" href="index.html" title="Enterprise Identity Management Guide" /><link rel="up" href="introduction.html" title="Chapter 1. Introduction to IPA" /><link rel="prev" href="ipa-components.html" title="1.2. Identity Management: Authentication" /><link rel="next" href="deployment-scenarios.html" title="1.4. Planning IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.redhat.com"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.redhat.com"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-components.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" 
 href="deployment-scenarios.html"><strong>Next</strong></a></li></ul><div class="section" id="policy"><div class="titlepage"><div><div><h2 class="title" id="policy">1.3. Defining Policies: Authorization</h2></div></div></div><div class="para">
+			XXXXXXXXXX fix me XXXXXXXX
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-components.html"><strong>Prev</strong>1.2. Identity Management: Authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="deployment-scenarios.html"><strong>Next</strong>1.4. Planning IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
new file mode 100644
index 0000000..c225148
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.12. Promoting a Read-Only Replica to an IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html" title="12.11. Creating DNS Entries for FreeIPA Replicas" /><link rel="next" href="logging.html" title="12.13. IPA Server Logging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
 a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="logging.html"><strong>Next</strong></a></li></ul><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">12.12. Promoting a Read-Only Replica to an IPA Server</h2></div></div></div><div class="para">
+			The only difference between a replica and the master server is that the master owns the self-signed CA. If you copy the appropriate files from the master to the replica, import the CA into the replica directory server, and delete the existing replication agreements, that replica will then appear as a master server.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				If you install with the <code class="option">--selfsign</code> option, follow this procedure if you want to promote a replica to a master. This is because the private key for the self-signed CA is stored in the Apache database (<code class="filename">/etc/httpd/alias</code>). The private key for a Dogtag Certificate System CA is stored in its own security database.
+			</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Promoting_Replicas_to_Function_as_Master_Servers-To_promote_a_replica_to_a_master_server"><h6>Procedure 12.6. To promote a replica to a master server:</h6><ol class="1"><li class="step"><div class="para">
+					Copy the <code class="filename">/var/lib/ipa/ca_serialno</code> file from the master to the replica.
+				</div></li><li class="step"><div class="para">
+					Import the CA into the replica DS NSS database, as follows: 
+<pre class="screen"># cd /etc/dirsrv/slapd-REALM
+# pk12util -i /path/to/cacert.p12 -d .
+</pre>
+
+				</div><div class="para">
+					The password on the <code class="filename">PKCS#12</code> file is stored as <code class="filename">/etc/dirsrv/slapd-REALM/pwdfile.txt</code> on the original server.
+				</div></li><li class="step"><div class="para">
+					Delete the existing replication agreements, as follows: 
+<pre class="screen"># ipa-replica-manage del master.example.com
+</pre>
+
+				</div></li></ol></div><div class="para">
+			You now have two identical IPA servers, neither of which know about the other. You can shut down the old master and bring up the new machine (if you are introducing a new replica into your network). Create a replica file on the new master and install it on the new machine.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html"><strong>Prev</strong>12.11. Creating DNS Entries for FreeIPA Replicas</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging.html"><strong>Next</strong>12.13. IPA Server Logging</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html
new file mode 100644
index 0000000..1f28307
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.3. Renaming Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="prev" href="enrolling-machines.html" title="4.2. Enrolling Machines" /><link rel="next" href="config-virt-machines.html" title="4.4. Reconfiguring Virtual Machines" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="enrolling-machines.html"><strong>Prev</stron
 g></a></li><li class="next"><a accesskey="n" href="config-virt-machines.html"><strong>Next</strong></a></li></ul><div class="section" id="renaming-machines"><div class="titlepage"><div><div><h2 class="title" id="renaming-machines">4.3. Renaming Machines</h2></div></div></div><div class="para">
+			The hostname of a system is critical for the correct operation of Kerberos and SSL. Both of these security mechanisms rely on the hostname to ensure that communication is occurring between the specified hosts, and that no "man-in-the-middle" or other attacks are affecting the system.
+		</div><div class="para">
+			In an environment where virtual machines are commonplace, or perhaps in a clustered environment, copying, moving, and renaming hosts could be quite common, resulting in frequent demands for renames of machines.
+		</div><div class="para">
+			Fedora does not provide a simple rename command to facilitate the renaming of a FreeIPA host. Renaming a host in a FreeIPA domain involves deleting the entry in FreeIPA, uninstalling the client software, changing the hostname, and re-enrolling using the new name.
+		</div><div class="para">
+			Due to the nature of service principals, renaming hosts also requires the regeneration of service principals. Each service has a Kerberos principal in the form of <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;@&lt;REALM&gt;</code>, for example, <code class="systemitem">ldap/server.example.com at EXAMPLE.COM</code>. This principal can be referred to as a "service principal". In some cases the <code class="systemitem">@&lt;REALM&gt;</code> is omitted, leaving only <code class="systemitem">&lt;service name&gt;/&lt;hostname&gt;</code>. (The "/" is a "slash" separator, not an "or" operator.)
+		</div><div class="para">
+			The following procedure renames the host <code class="systemitem">server.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code>, to the new hostname <code class="systemitem">master.example.com</code>. This procedure uses example file names, hostnames and domain names throughout; you need to update these examples to suit your own environment.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Renaming_IPA_Machines-To_rename_an_IPA_machine"><h6>Procedure 4.3. To rename a FreeIPA machine:</h6><ol class="1"><li class="step"><div class="para">
+					Identify which services are running on the machine. These need to be re-created when the machine is re-enrolled: 
+<pre class="screen"><code class="command"># ipa service-find server.example.com</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Each host has a default service which does not appear in the list of services. This service can be referred to as the "host service". The service principal for the host service is <code class="systemitem">host/&lt;hostname&gt;</code>, for example, <code class="systemitem">host/server.example.com</code>. This principal can also be referred to as the "host principal".
+					</div></div></div></li><li class="step"><div class="para">
+					Identify all host groups to which this machine belongs: 
+<pre class="screen"><code class="command"># ipa hostgroup-find server.example.com</code></pre>
+
+				</div><div class="para">
+					Identify which of these services have certificates associated with them. The <code class="systemitem">host</code> service always has an associated certificate, so no further action is required for this service.
+				</div></li><li class="step"><div class="para">
+					For any principals in addition to the standard <code class="systemitem">host</code> principal, you need to determine the location of the corresponding keytabs for these services on <code class="systemitem">server.example.com</code>. The keytab location is different for each service, and FreeIPA does not store this information.
+				</div></li><li class="step"><div class="para">
+					On <code class="systemitem">server.example.com</code>, un-enroll from the FreeIPA domain: 
+<pre class="screen"><code class="command"># ipa-client-install --uninstall</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					For each identified keytab other than <code class="filename">/etc/krb5.keytab</code>, remove the old principals: 
+<pre class="screen"><code class="command"># ipa-rmkeytab -k /path/to/keytab -r EXAMPLE.COM</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					On another machine using <code class="systemitem">admin</code> (or delegated) credentials, remove the host. This will remove all services and revoke all certificates issued for this host via those services: 
+<pre class="screen"><code class="command"># ipa host-del server.example.com</code></pre>
+
+				</div><div class="para">
+					At this point the host has been completely removed from FreeIPA, and can be recreated with the new name.
+				</div></li><li class="step"><div class="para">
+					Rename the machine to <code class="systemitem">master.example.com</code>.
+				</div></li><li class="step"><div class="para">
+					Re-enroll with FreeIPA: 
+<pre class="screen"><code class="command"># ipa-client-install</code></pre>
+
+				</div><div class="para">
+					This generates a <code class="systemitem">host</code> principal for <code class="systemitem">master.example.com</code> in <code class="filename">/etc/krb5.keytab</code>.
+				</div></li><li class="step"><div class="para">
+					For every service that needs a new keytab, run the following command: 
+<pre class="screen"><code class="command"># ipa service-add &lt;service name&gt;/master.example.com</code></pre>
+
+				</div></li><li class="step"><div class="para">
+					If you need certificates for services, use either <code class="command">certmonger</code> or the FreeIPA administration tools.
+				</div></li><li class="step"><div class="para">
+					Re-add the host to any applicable host groups.
+				</div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="enrolling-machines.html"><strong>Prev</strong>4.2. Enrolling Machines</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="config-virt-machines.html"><strong>Next</strong>4.4. Reconfiguring Virtual Machines</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html
new file mode 100644
index 0000000..5e556e6
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.5. Rotating Keys</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="6.4. Refreshing Kerberos Tickets" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html" title="6.6. Kerberos Errors" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
 Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Next</strong></a></li></ul><div class="section" id="rotating-keys"><div class="titlepage"><div><div><h2 class="title" id="rotating-keys">6.5. Rotating Keys</h2></div></div></div><div class="para">
+			Kerberos keys are similar to passwords, and in the interests of security they should occasionally be changed. The frequency of these changes may be determined by company or other policies. Each key has an associated version number, which are stored in the <em class="parameter"><code>KVNO</code></em> parameter.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Rotating_Kerberos_Keys-Obtaining_a_new_service_principal_Kerberos_key"><h5 class="formalpara">Obtaining a new service principal Kerberos key</h5>
+				Use the <code class="command">ipa-getkeytab</code> command to create a new Kerberos key. For example, use the following command to refresh your FreeIPA keytab: 
+<pre class="screen"><code class="command"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+				 This will add a new set of keys to your existing keytab. That is, you should now have two identical sets of principals, each with a separate <em class="parameter"><code>KVNO</code></em>.
+			</div><div class="para">
+			Use the <code class="command">klist</code> command to view the existing keys: 
+<pre class="screen"><code class="command"># klist -kt /etc/dirsrv/ds.keytab</code>
+Ticket cache: FILE:/tmp/krb5cc_0
+Default principal: admin at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+03/08/11 13:57:18  03/09/11 13:57:16  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+03/08/11 13:57:27  03/09/11 13:57:16  HTTP/ipa.example.com at EXAMPLE.COM
+03/08/11 13:57:32  03/09/11 13:57:16  ldap/ipa.example.com at EXAMPLE.COM
+</pre>
+
+		</div><div class="para">
+			Use the <code class="command">kvno</code> command to display the version number of a service ticket that you have been issued: 
+<pre class="screen"><code class="command"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+			 The <code class="option">-c</code> option specifies which credentials cache to use. The credentials cache (Ticket cache) is included in the output of the <code class="command">klist</code> command, above.
+		</div><div class="para">
+			Tickets issued against the old service will continue to work as expected but new tickets will be issued using the highest <em class="parameter"><code>KVNO</code></em>. This is to avoid any disruption to system operations. No service restart should be needed.
+		</div><div class="para">
+			You should maintain the old records for at least the amount of time that valid tickets are issues (8 hours by default) so that any clients that have a ticket encrypted with the old key will continue to work. However, there is no real need to remove old keys.
+		</div><div class="para">
+			FreeIPA does not currently provide an automated method of performing this task for all service tickets. Use the following queries to display a list of all services that have been issued keytabs: 
+<pre class="screen"><code class="command"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code>
+<code class="command"># ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' \</code>
+  <code class="command">'(krblastpwdchange=*)' krbprincipalname</code></pre>
+
+		</div><div class="para">
+			This will display service and host keytab information. It is not possible to determine if it has a key directly, but you can infer that a keytab was issued by looking at the last change date.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong>6.4. Refreshing Kerberos Tickets</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Next</strong>6.6. Kerberos Errors</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html
new file mode 100644
index 0000000..93f2a9d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5. Setting Default Search Limits</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html" title="12.4. Specifying Default User Settings" /><link rel="next" href="disabling-anon-binds.html" title="12.6. Disabling Anonymous Binds" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pr
 evious"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="disabling-anon-binds.html"><strong>Next</strong></a></li></ul><div class="section" id="search-limits"><div class="titlepage"><div><div><h2 class="title" id="search-limits">12.5. Setting Default Search Limits</h2></div></div></div><div class="para">
+			You can set limits on the number of records returned when performing various queries, for example when you run the <code class="command">ipa user-find</code> command. These limits are specified by the <em class="parameter"><code>Search size limit</code></em> attribute in the default IPA configuration. The default value for this attribute is 100.
+		</div><div class="para">
+			To view the current configuration, run the <code class="command"># ipa config-show</code> command. Refer to the <code class="command">ipa help config</code> help page for more information.
+		</div><div class="para">
+			The following is a sample IPA configuration:
+		</div><pre class="screen">[ming at myserver ~]$ ipa config-show
+Max username length: 32
+Home directory base: /home
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 20
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			You can use the <code class="command">ipa config-mod</code> command to specify a suitable value for the <em class="parameter"><code>Search size limit</code></em> attribute. For example, if you set this value to 10, the <code class="command">ipa user-find</code> command will only return 10 entries, even if many more entries exist. If you set this value to 0 (zero) or −1, it means that there are no restrictions on the number of entries that can be returned.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_Limits_for_Search_Results-Setting_search_size_limits"><h6>Procedure 12.2. Setting search size limits</h6><ul><li class="step"><div class="para">
+					To set the <em class="parameter"><code>Search size limit</code></em> attribute to 50, run the following command: 
+<pre class="programlisting"><code class="command"># ipa config-mod --searchrecordslimit=50</code></pre>
+
+				</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to be aware of the potential performance impact of setting the search size limit too high. You need to determine a suitable balance between the benefits of always returning all entries matched by a search, and the performance gained by implementing a search filter.
+			</div><div class="para">
+				Note also that if the size limit is set too high or removed completely it might affect the behavior of UI screens.
+			</div></div></div><div class="para">
+			You can configure various aspects of the IPA search functionality to suit your deployment. For example, you can restrict the number of fields upon which a user can base a search, or limit the number of records returned for any particular search.
+		</div><div class="para">
+			IPA supports the following search configuration attributes:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Time Limit</code></em>: The maximum time, in seconds, that a search will run before failing.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Search Records Limit</code></em>: The maximum number of records that a search can return. Set this value to zero (0) to specify no limit. The directory server limit (the default value is 2000) still applies.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>User Search Fields</code></em>: For a user search, specifies the fields to search for the values entered by a user.
+				</div></li><li class="listitem"><div class="para">
+					<em class="parameter"><code>Group Search Fields</code></em>: For a group search, specifies the fields to search for the values entered by a user.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. For example, to specify a search time limit of 60 seconds, use the following command: 
+<pre class="screen"><code class="command"># ipa config-mod --searchtimelimit=60</code></pre>
+			 Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="para">
+			If you add attributes to the user or group search fields, you should also create a new <code class="systemitem">LDAP</code> index for those attributes to avoid performance degradation. Conversely, the existence of too many indexes can impact write performance, so you need to balance one against the other.
+		</div><div class="para">
+			Refer to <a href="http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Indexes-Creating_Indexes.html">Creating Indexes</a> in the <em class="citetitle">Directory Server Administration Guide</em> for information on creating indexes.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Prev</strong>12.4. Specifying Default User Settings</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="disabling-anon-binds.html"><strong>Next</strong>12.6. Disabling Anonymous Binds</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html
new file mode 100644
index 0000000..ffd0363
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.8. Searching for Users and Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="user-pwdpolicy.html" title="5.7. Setting an Individual Password Policy" /><link rel="next" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="user-pwdpolicy.html"><strong
 >Prev</strong></a></li><li class="next"><a accesskey="n" href="kerberos.html"><strong>Next</strong></a></li></ul><div class="section" id="searching"><div class="titlepage"><div><div><h2 class="title" id="searching">5.8. Searching for Users and Groups</h2></div></div></div><div class="para">
+			FreeIPA provides extensive search capabilities, which enable you to perform simple and partial-match searches on a range of attributes, including:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					First Name (givenname)
+				</div></li><li class="listitem"><div class="para">
+					Last Name (sn)
+				</div></li><li class="listitem"><div class="para">
+					Login (uid)
+				</div></li><li class="listitem"><div class="para">
+					Job Title (title)
+				</div></li><li class="listitem"><div class="para">
+					Organizational Unit Name (ou)
+				</div></li><li class="listitem"><div class="para">
+					Phone Number (telephoneNumber)
+				</div></li></ul></div><div class="para">
+			Searches are not case sensitive, and automatically search across multiple fields. Search results are displayed with exact matches listed first, followed by partial matches.
+		</div><div class="para">
+			The default display lists users in alphabetical order. Click any column title to sort in alphabetical or numerical order. Click the title again to sort in reverse order. The sort order is indicated by an icon next to the title.
+		</div><div class="para">
+			Not all fields are indexed for searching. For example, you cannot search on the following user details:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Initials
+				</div></li><li class="listitem"><div class="para">
+					Account Status
+				</div></li><li class="listitem"><div class="para">
+					Home Directory
+				</div></li><li class="listitem"><div class="para">
+					Login Shell
+				</div></li><li class="listitem"><div class="para">
+					Gecos
+				</div></li><li class="listitem"><div class="para">
+					Home Page
+				</div></li></ul></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot use wildcards to search for users or groups. The search string must include at least one character that appears in one of the indexed search fields.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">5.8.1. Searching for Users</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users-Using_the_Command_Line">5.8.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa user-find</code> command to search for users from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa user-find</code> [
+							options
+						] {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find User utility, you can only search for a single string using the command line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa user-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa user-find</code> command to find users whose record contains the string "kay":
+				</div><pre class="screen">$ ipa user-find kay
+---------------
+2 users matched
+---------------
+User login: klim
+First name: Kay
+Last name: Lim
+Home directory: /home/klim
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+
+User login: kming
+First name: Kay
+Last name: Ming
+Home directory: /home/kming
+Login shell: /bin/sh
+Account disabled: False
+Member of groups: ipausers
+----------------------------
+Number of entries returned 2
+----------------------------</pre><div class="para">
+					If you do not see the entry that you are looking for, you may need to adjust the <code class="option">--searchrecordslimit</code> option in the default FreeIPA configuration.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">5.8.2. Searching for Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Searching_for_Groups-Using_the_Command_Line">5.8.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-find</code> command to search for groups from the command line. The basic syntax of this command is as follows: 
+					<div class="cmdsynopsis"><p><code class="command">ipa group-find</code> {
+							string
+						}</p></div>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						Unlike the web version of the Find Group utility, you can only search for a single string using the command-line version.
+					</div></div></div><div class="para">
+					Refer to the <code class="command">ipa group-find</code> man page for more information on the options available.
+				</div><div class="para">
+					The following example demonstrates using the <code class="command">ipa group-find</code> command to find groups that contain the string "documentation":
+				</div><pre class="screen">$ ipa group-find documentation
+---------------
+1 group matched
+---------------
+Group name: documentation
+Description: Group for all documentation authors
+GID: 1453400012
+Member users: dkim, mkang, lming, klim
+----------------------------
+Number of entries returned 1
+----------------------------</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa group-find</code> command searches both group names and group descriptions. If your search results are too extensive, use a more specific search string.
+					</div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="user-pwdpolicy.html"><strong>Prev</strong>5.7. Setting an Individual Password Policy</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="kerberos.html"><strong>Next</strong>Chapter 6. Identity: Using FreeIPA for a Kerberos...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html
new file mode 100644
index 0000000..7b268d5
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.4. Refreshing Kerberos Tickets</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html" title="6.3. Creating and Using Service Principals" /><link rel="next" href="rotating-keys.html" title="6.5. Rotating Keys" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><l
 i class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="rotating-keys.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</h2></div></div></div><div class="para">
+			Some compliance or company security policies may require that system administrators manually refresh Kerberos tickets, perhaps annually or more frequently. The current version of FreeIPA does not provide automatic renewal of Kerberos tickets.
+		</div><div class="para">
+			Manually refreshing Kerberos tickets is a two step process: you first need to find all of the keytabs that are older than a certain date, and then obtain a new keytab for the host or service in question. This process is described in detail below.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Refreshing_Kerberos_Tickets-How_to_manually_refresh_Kerberos_keytabs"><h6>Procedure 6.2. How to manually refresh Kerberos keytabs</h6><ol class="1"><li class="step"><div class="para">
+					Find all keytabs, both for host services and for any other services, issued before today. Use the following queries (update the dates as necessary): 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 
+<pre class="screen"><code class="command"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&amp;(krblastpwdchange&lt;=20110110000000)(krblastpwdchange&gt;=19710101000000))" dn krbprincipalname</code></pre>
+					 <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Dates are expressed in YYYYMMDD format, and times in HHMMSS format (GMT).
+						</div></div></div>
+
+				</div></li><li class="step"><div class="para">
+					Log into each machine and obtain a new keytab for the given service. To do this, you need to know the location of the keytab on the target system. For example, the default location for the <code class="systemitem">host/</code> principal is <code class="filename">/etc/krb5.keytab</code>. Use the <code class="command">ipa-getkeytab</code> command to retrieve a new <code class="systemitem">host/</code>principal: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM \</code>
+  <code class="command">-s ipa.example.com -k /etc/krb5.keytab</code></pre>
+
+				</div><div class="para">
+					To retrieve a new keytab for the <code class="systemitem">HTTP</code> service, run the following command instead: 
+<pre class="screen"><code class="command"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM \</code>
+<code class="command">-s ipa.example.com -k /etc/httpd/conf/ipa.keytab</code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command does not delete the old keytab in case it already exists in the file.
+					</div></div></div></li></ol></div><div class="para">
+			You can use the <code class="command">klist</code> command to view the new key version number (KVNO): 
+<pre class="screen"><code class="command"># klist -kt /path/to/keytab</code></pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				Some services, such as NFSv4, only support a limited set of encryption types. Ensure that you pass the appropriate arguments to the <code class="command">ipa-getkeytab</code> command.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Prev</strong>6.3. Creating and Using Service Principals</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="rotating-keys.html"><strong>Next</strong>6.5. Rotating Keys</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html
new file mode 100644
index 0000000..343ec1f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.8. Configuring Certificates and Certificate Authorities</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html" title="12.7. Implementing Unique UID and GID Attributes" /><link rel="next" href="ipa-apache.html" title="12.9. Setting an IPA Server as an Apache Virtual Host" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class
 ="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities">12.8. Configuring Certificates and Certificate Authorities</h2></div></div></div><div class="para">
+			IPA creates a self-signed Certificate Authority (<abbr class="abbrev">CA</abbr>) during the installation process. If you have your own or a preferred <abbr class="abbrev">CA</abbr>, however, and want to use your own certificates, IPA provides the necessary tools to import certificates for use by Directory Server and the <code class="systemitem">HTTP</code> server. While not a prerequisite for the correct operation of IPA, it is recommended that you save an <acronym class="acronym">ASCII</acronym> copy of your <abbr class="abbrev">CA</abbr> certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code> to ensure that users download the correct certificate.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">12.8.1. Installing Your Own Certificate</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by Directory Server, <code class="systemitem">HTTP</code> Server, or both.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Installing_Your_Own_Certificate-To_install_the_certificate_for_use_by_Directory_Server"><h5 class="formalpara">To install the certificate for use by Directory Server:</h5>
+					<code class="command"> # /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12 </code>
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">12.8.2. Using Your Own Certificate with Firefox</h3></div></div></div><div class="para">
+				To continue using the <span class="application"><strong>Firefox</strong></span> auto-configuration feature, you need an object-signing certificate, and you need to regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					The following procedure assumes that the signing certificate is provided as a PKCS#12 file.
+				</div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Using_Your_Own_Certificate_with_Firefox-To_use_your_own_certificate_with_Firefox"><h6>Procedure 12.3. To use your own certificate with Firefox:</h6><ol class="1"><li class="step"><div class="para">
+						Create a suitable directory and then create the new certificate database in that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/signdb</code>
+<code class="command"># certutil -N -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Import the signing certificate into that same directory. 
+<pre class="screen"><code class="command"># pk12util -i /path/to/pkcs12.p12 -d /tmp/signdb</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Make a temporary signing directory, and copy the IPA javascript file to that directory. 
+<pre class="screen"><code class="command"># mkdir /tmp/sign</code>
+<code class="command"># cp /usr/share/ipa/html/preferences.html /tmp/sign</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Use the certificate you created earlier to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file. 
+<pre class="screen"><code class="command"># signtool -d /tmp/signdb -k Signing_cert_nickname \</code>
+<code class="command">-Z /usr/share/ipa/html/configure.jar -e .html</code></pre>
+
+					</div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h3 class="title" id="Using_OCSP">12.8.3. Using OCSP</h3></div></div></div><div class="para">
+				<code class="systemitem">The Online Certificate Status Protocol (OCSP)</code> is natively provided by the CA embedded into FreeIPA. This is so that any client that supports it can use OCSP for certificate validity checks.
+			</div><div class="para">
+				The OCSP responder URL is encoded into the certificates issued by FreeIPA. In order for that responder to be available, port 9180 needs to be open in the firewall. The OCSP URL uses the following format: 
+<pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre>
+
+			</div><div class="para">
+				For more information on OCSP, refer to the RFC at <a href="http://www.ietf.org/rfc/rfc2560.txt">http://www.ietf.org/rfc/rfc2560.txt</a>
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html"><strong>Prev</strong>12.7. Implementing Unique UID and GID Attributes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong>12.9. Setting an IPA Server as an Apache Virtual ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
new file mode 100644
index 0000000..52dda60
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.4. Activating and Deactivating User Accounts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="editing-users.html" title="5.3. Editing Users" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html" title="5.5. Deleting FreeIPA Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="editing-u
 sers.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">5.4. Activating and Deactivating User Accounts</h2></div></div></div><div class="para">
+			FreeIPA user accounts can be set to a status of <code class="literal">Active</code> or <code class="literal">Inactive</code>. If you deactivate a user account, that user can no longer log in to FreeIPA, change their password, or perform any other tasks. Any existing connections will remain valid until their <code class="systemitem">Kerberos</code> TGT and other tickets expire, but they will not be able to renew them. The account and all associated information still exists, but is inaccessible by the user.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">5.4.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-enable</code> and <code class="command">ipa user-disable</code> commands to enable and disable user accounts, respectively. Refer to the following examples:
+			</div><div class="para">
+				To disable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-disable jsmith</code>
+			</div><div class="para">
+				To enable the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command"> $ ipa user-enable jsmith</code>
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="editing-users.html"><strong>Prev</strong>5.3. Editing Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Next</strong>5.5. Deleting FreeIPA Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html
new file mode 100644
index 0000000..96eb202
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.5. Deleting FreeIPA Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html" title="5.4. Activating and Deactivating User Accounts" /><link rel="next" href="user-groups.html" title="5.6. Creating User Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
 ass="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="user-groups.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users">5.5. Deleting FreeIPA Users</h2></div></div></div><div class="para">
+			If you delete a FreeIPA user account, all of the information stored in the entry for that identity is lost. This includes the user's full name, group membership, phone numbers, and passwords. The actual user account and home directory still exist, be they on a server, local machine, or other provider, but they are no longer accessible by FreeIPA.
+		</div><div class="para">
+			Unlike deactivation, if you delete a user account, it cannot be retrieved. If you need this user account again, you need to recreate it and add all of the account details manually.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Unlike in earlier versions of FreeIPA, it is now possible to delete the <code class="systemitem">admin</code> user. If, however, you delete all of the <code class="systemitem">admin</code> users then you will need to use the Directory Manager account to create a new administrative user. Alternatively, if you have a user in the group management role, they can add a new <code class="systemitem">admin</code> user.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">5.5.1. Using the Command Line</h3></div></div></div><div class="para">
+				Use the <code class="command">ipa user-del</code> command to delete user accounts. For example:
+			</div><div class="para">
+				To delete the <code class="systemitem">jsmith</code> user account:
+			</div><div class="para">
+				<code class="command">$ ipa user-del jsmith</code>
+			</div><div class="para">
+				If you intend to delete multiple users, you can use the <code class="option">--continue</code> option to prevent the command from stopping should it encounter any errors. For example:
+			</div><div class="para">
+				<code class="command">$ ipa user-del <code class="option">--continue</code> <em class="parameter"><code>user_01</code></em> <em class="parameter"><code>user_02</code></em> <em class="parameter"><code>user_03</code></em></code>
+			</div><div class="para">
+				If you run this command without using the <code class="option">--continue</code> option, FreeIPA will delete the listed user accounts unless it encounters any errors, at which point it stops. For example, if <em class="parameter"><code>user_02</code></em> did not exist, the previous command would only delete <em class="parameter"><code>user_01</code></em>; <em class="parameter"><code>user_03</code></em> would not be affected.
+			</div><div class="para">
+				The <code class="option">--continue</code> option returns a summary of successes and failures to <code class="systemitem">stdout</code>.
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html"><strong>Prev</strong>5.4. Activating and Deactivating User Accounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="user-groups.html"><strong>Next</strong>5.6. Creating User Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html
new file mode 100644
index 0000000..e5ec180
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.4. Specifying Default User Settings</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="self-service.html" title="12.3. Defining Self-Service Settings" /><link rel="next" href="search-limits.html" title="12.5. Setting Default Search Limits" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="self-service.html"><strong>Prev</strong></a></li><li class
 ="next"><a accesskey="n" href="search-limits.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings">12.4. Specifying Default User Settings</h2></div></div></div><div class="para">
+			You can configure the default settings for IPA users to suit your deployment. For example, you can specify the maximum username length, the default path to the <code class="filename">/home</code> directory, the default shell, and other attributes.
+		</div><div class="para">
+			IPA supports the following User Settings:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Maximum Username Length</strong></span> (<span class="property">ipaMaxUsernameLength</span>): The maximum length of any username. The default value is eight.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Root for Home Directories</strong></span> (<span class="property">ipaHomesRootDir</span>): The root directory for all home directories. The default value is <code class="filename">/home</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default Shell</strong></span> (<span class="property">ipaDefaultLoginShell</span>): The default shell for all user accounts. The default value is <code class="command">/bin/sh</code>
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default User Group</strong></span> (<span class="property">ipaDefaultPrimaryGroup</span>): The default group to which all newly created accounts are added. The default value is <code class="systemitem">ipausers</code>, which is automatically created during the IPA server installation process.
+				</div></li><li class="listitem"><div class="para">
+					<span class="guilabel"><strong>Default E-mail Domain</strong></span> (<span class="property">ipaDefaultEmailDomain</span>): The default domain used to create email addresses for all newly created accounts. The default is the domain to which the IPA server belongs.
+				</div></li></ul></div><div class="para">
+			Use the <code class="command">ipa config-mod</code> command to modify the default configuration attributes. The following is an example of how to set the maximum username length to 64 characters, and the default home directory to <code class="filename">/users/home</code>:
+		</div><pre class="screen"><code class="command"># ipa config-mod --maxusername=64 --homedirectory=/users/home</code>
+Max username length: 64
+Home directory base: /users/home
+Default shell: /bin/sh
+Default users group: ipausers
+Default e-mail domain: mydomain.net
+Search time limit: 2
+Search size limit: 100
+User search fields: uid,givenname,sn,telephonenumber,ou,title
+Group search fields: cn,description
+Migration mode: FALSE
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+			Refer to the <code class="command">ipa help config</code> page for more information.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				The default root directory for all home directories is <code class="filename">/home</code>, but it is the responsibility of the system administrator to ensure that whatever value is specified for this attribute is actually available.
+			</div><div class="para">
+				Fedora includes a <code class="systemitem">PAM</code> module called <code class="systemitem module">pam_mkhomedir</code> that can automatically create a home directory if one does not exist for the user authenticating against the system. IPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="self-service.html"><strong>Prev</strong>12.3. Defining Self-Service Settings</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="search-limits.html"><strong>Next</strong>12.5. Setting Default Search Limits</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
new file mode 100644
index 0000000..8fbba82
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.3. Creating and Using Service Principals</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerb-policies.html" title="6.2. Setting Kerberos Ticket Policies" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="6.4. Refreshing Kerberos Tickets" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cla
 ss="previous"><a accesskey="p" href="kerb-policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</h2></div></div></div><div class="para">
+			You can use the web interface to create service principals and also to search for existing service principals. For security and other reasons, however, it is not possible to retrieve a keytab using the web interface. This has to be done either on the command line on the system where the service is accessed, or on the FreeIPA server itself, and the keytab then exported to the client host.
+		</div><div class="para">
+			The following example demonstrates creating a service principal and keytab on a client host for the <code class="systemitem">HTTP</code> service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the FreeIPA server is <code class="systemitem">ipaserver.example.com</code>: 
+<pre class="screen"><code class="command"># kinit admin</code>
+<code class="command"># ipa host-add ipaclient.example.com</code>
+<code class="command"># ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com /</code>
+<code class="command">-k /etc/httpd/conf/ipa.keytab</code></pre>
+
+		</div><div class="para">
+			Note the location of the keytab. By default, <span class="application"><strong>FreeIPA</strong></span> saves its <code class="systemitem">HTTP</code> keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the FreeIPA interface would stop working, because the original key would also be deleted.
+		</div><div class="para">
+			Similar locations can be specified for each service that needs to be made Kerberos aware. There is no specific location that must be used, but, when using <code class="command">ipa-getkeytab</code>, you should avoid using <code class="filename">/etc/krb5.keytab</code>. This file should not contain service-specific keytabs; each service should have its keytab saved in a specific location and the access privileges (and possibly SELinux rules) should be configured so that only this service has access to the keytab.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The realm name is optional. The FreeIPA server automatically appends the <code class="systemitem">Kerberos</code> realm for which it is configured. You cannot specify a different realm.
+					</div></li><li class="listitem"><div class="para">
+						The hostname must resolve to a <code class="systemitem">DNS</code> A record for it to work with <code class="systemitem">Kerberos</code>. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
+					</div></li><li class="listitem"><div class="para">
+						The <code class="command">ipa-getkeytab</code> command is part of the <span class="package">freeipa-client</span> package, which is only available for Fedora 15 or later. For other clients, you need to use this procedure on the server and manually copy the keytab to the client.
+					</div></li><li class="listitem"><div class="para">
+						You can use the <code class="option">-e</code> flag to include a comma-separated list of encryption types to include in the keytab. This supersedes any default encryption type. Refer to the <code class="command">ipa-getkeytab</code> man page for more information.
+					</div></li></ul></div></div></div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				The <code class="command">ipa-getkeytab</code> command resets the secret for the specified principal. This means that all other keytabs for that principal are rendered invalid.
+			</div></div></div><div class="para">
+			FreeIPA provides a range of tools and commands to facilitate the creation and administration of services and the service principals and certificates required to use them. Some of this can be automated, but there will always be a certain amount of manual intervention required to create services and certificates after the initial joining of a host to a realm. These requirements and procedures are discussed in the following sections.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Prerequisites"><h5 class="formalpara">Prerequisites</h5>
+					Before you can create a service for a FreeIPA host, you need to ensure that the host exists. This should be true if it has already joined the realm. Use the following command to determine if the host exists: 
+<pre class="screen"><code class="command"># ipa host-show myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				If the host does <span class="emphasis"><em>not</em></span> exist in the realm, you will see an error message similar to the following: 
+<pre class="screen"><span class="errortext">ipa: ERROR: myserver.mydomain.net: host not found</span></pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-To_create_an_IPA_service"><h5 class="formalpara">To create a FreeIPA service:</h5>
+					Use the following command to create a service for that host: 
+<pre class="screen"><code class="command"># ipa service-add test/myserver.mydomain.net</code></pre>
+
+				</div><div class="para">
+				This will produce output similar to the following:
+			</div><pre class="screen">
+-------------------------------------------------------
+Added service "test/myserver.mydomain.net at MYDOMAIN.NET"
+-------------------------------------------------------
+  Principal: test/myserver.mydomain.net at MYDOMAIN.NET
+  Managed by: myserver.mydomain.net</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">6.3.1.1. Requesting a Certificate for a Service</h4></div></div></div><div class="para">
+					Use the following command to request a certificate for the new service. The certificate request is contained in the <code class="filename">example.csr</code> file. 
+<pre class="screen"><code class="command"># ipa cert-request --principal=test/myserver.mydomain.net example.csr </code></pre>
+
+				</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="option">--add</code> option to create the service when requesting the certificate.
+					</div></div></div><div class="para">
+					If necessary, create the CSR file using openssl. The following is an example session creating such a file:
+				</div><pre class="screen"><code class="command"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key</code>
+Generating a 2048 bit RSA private key
+.........................................................+++
+.............................+++
+writing new private key to 'private.key'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [XX]:AU
+State or Province Name (full name) []:QLD
+Locality Name (eg, city) [Default City]:BNE
+Organization Name (eg, company) [Default Company Ltd]:MYDOMAIN.NET
+Organizational Unit Name (eg, section) []:ECS
+Common Name (eg, your name or your server's hostname) []:myserver.mydomain.net
+Email Address []:authors at mydomain.net
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:</pre></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">6.3.1.2. Using certmonger to Manage Certificate Requests</h4></div></div></div><div class="para">
+					You can also use <span class="application"><strong>certmonger</strong></span> to manage the certificate request process for you. Use the following command to request a certificate: 
+<pre class="screen"><code class="command"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</code></pre>
+
+				</div><div class="para">
+					The <code class="filename">/etc/pki/nssdb</code> file is the global NSS database, and <code class="literal">Server-Cert</code> is the nickname of this certificate. There is nothing special about this name; it can be anything, but it does need to be unique within this database. Use the <code class="command">ipa-getcert list</code> command to display the current status of certificates managed by <span class="application"><strong>certmonger</strong></span>.
+				</div><div class="para">
+					If you use <span class="application"><strong>certmonger</strong></span> to request a certificate for a service, you need to use the <code class="option">-K &lt;principal&gt;</code> option. Without this option, <span class="application"><strong>certmonger</strong></span> assumes it is requesting a certificate for the host service (host/fqdn at REALM). For example:
+				</div><pre class="screen"><code class="command"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K</code>
+<code class="command">HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</code></pre><div class="para">
+					You need to use the <code class="option">-N</code> option to specify the subject when using the <code class="option">-K</code> option. The subject format is as follows: CN=&lt;fqdn&gt;,O=&lt;subject base&gt;
+				</div><div class="para">
+					You can configure the FreeIPA subject base as part of the FreeIPA server installation process; the default value is the same as the default value for the realm name, which is derived from the hostname by default. Use the following command to determine the subject base: 
+<pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code></pre>
+					 FreeIPA will reject requests with invalid subject base values.
+				</div><div class="para">
+					Refer to the <code class="systemitem">certmonger</code> man page and also to <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html#sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">Section B.1, “What is certmonger?”</a> for more information.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_an_IPA_Service-Using_NSS">6.3.1.3. Using NSS</h4></div></div></div><div class="para">
+					If you need to create an NSS database in which to store your key, use the <code class="command">certutil</code> command as follows: 
+<pre class="screen"><code class="command">$ certutil -N -d /path/to/database/dir</code>
+<code class="command">$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" \</code>
+<code class="command">-d /path/to/database/dir -a &gt; example.csr</code></pre>
+
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_NSS-CSR_File_Formats"><h5 class="formalpara">CSR File Formats</h5>
+						The format of the CSR is partly dependent upon the CA back end you are using.
+					</div><div class="para">
+					If you are using Dogtag, then the Common Name (CN) is the only part of the request subject that is used; all other components are ignored.
+				</div><div class="para">
+					If you are using the selfsigned CA back end, then the subject must match the configured certificate subject base. You can find this with:
+				</div><pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code>
+
+Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
+					This means you need to use MYDOMAIN.NET for the organization. FreeIPA will reject requests whose subject base differs from this value.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</h3></div></div></div><div class="para">
+				The following procedure describes how to configure <code class="systemitem">NFS</code> on the FreeIPA server and to set up an <code class="systemitem">NFS</code> service principal.
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 6.1. Configuring <code class="systemitem">NFS</code> on the FreeIPA Server</h6><ol class="1"><li class="step"><div class="para">
+						Configure the export directory. 
+<pre class="screen"><code class="command"># mkdir /export</code>
+<code class="command"># chmod 777 /export</code></pre>
+
+					</div></li><li class="step"><div class="para">
+						Configure the <code class="filename">/etc/exports</code> file as follows:
+					</div><div class="para">
+						
+<pre class="programlisting">/export  *(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5i(rw,fsid=0,insecure,no_subtree_check)
+/export  gss/krb5p(rw,fsid=0,insecure,no_subtree_check)
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						To enable secure <code class="systemitem">NFS</code>, add the following line to <code class="filename">/etc/sysconfig/nfs</code>
+					</div><div class="para">
+						
+<pre class="programlisting">SECURE_NFS=yes
+</pre>
+
+					</div></li><li class="step"><div class="para">
+						Add a service principal and keytab for <code class="systemitem">NFS</code>. 
+<pre class="screen"><code class="command"># ipa service-add nfs/ipaserver.example.com</code>
+<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com \</code>
+ <code class="command">-k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on an older Fedora machine, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's <code class="systemitem">rpc.gssd</code> and the server's <code class="systemitem">rpc.svcgssd</code> daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="step"><div class="para">
+						Run the following commands to reload the NFS configuration and restart the required services: 
+<pre class="screen"><code class="command"># exportfs -a</code>
+<code class="command"># restart services</code>
+<code class="command"># service nfs restart</code>
+<code class="command"># service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</code></pre>
+
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Note the use of the <code class="option">-k</code> option when restarting <code class="systemitem">rpcgssd</code>. This is necessary to update the NFS configuration with the path to the NFS keytab.
+						</div></div></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerb-policies.html"><strong>Prev</strong>6.2. Setting Kerberos Ticket Policies</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Next</strong>6.4. Refreshing Kerberos Tickets</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
new file mode 100644
index 0000000..b1793ac
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Configuring the Network Information Service (NIS)</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="nis.html" title="Chapter 9. Identity: Integrating with NIS Domains and Netgroups" /><link rel="prev" href="nis.html" title="Chapter 9. Identity: Integrating with NIS Domains and Netgroups" /><link rel="next" href="migrintg-from-nis.html" title="9.3. Migrating from NIS to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="nis.html"><strong>Prev</s
 trong></a></li><li class="next"><a accesskey="n" href="migrintg-from-nis.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">9.2. Configuring the Network Information Service (NIS)</h2></div></div></div><div class="para">
+			The Network Information Service (NIS) is an RPC service, used in conjunction with <code class="systemitem">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+		</div><div class="para">
+			IPA provides a NIS server plug-in to facilitate the integration of NIS clients with an IPA domain, including exposing any automount maps that have been configured.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</h3></div></div></div><div class="para">
+				Currently, when the NIS service is enabled, the server is automatically configured to serve the NIS domain with the IPA domain's name, and to serve IPA users, groups, and netgroups (passwd, group, and netgroup maps) to the NIS domain.
+			</div><div class="para">
+				If you have defined automount maps, these maps need to be manually added to the NIS server plug-in's configuration in the directory server in order to expose them to NIS clients.
+			</div><div class="para">
+				The NIS plug-in needs to know the name of the NIS domain, the name of the NIS map, how to find the directory entries to use as the NIS map's contents, and which attributes to use as the NIS map's key and value. Most of these settings will be the same for every map.
+			</div><div class="para">
+				The IPA server stores the automount maps, grouped by automount location, in the <em class="parameter"><code>cn=automount</code></em> branch of the IPA domain's tree.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Exposing_Automount_Maps_to_NIS_Clients-Example_Automount_Map_Configuration">9.2.1.1. Example Automount Map Configuration</h4></div></div></div><div class="para">
+					If you have created an automount map named <code class="filename">auto.example</code> in a location named "default", you first need to add an entry to the configuration for the NIS server running on a host named <code class="systemitem">dirsrv</code>, as follows: 
+<pre class="screen">LOCATION=default
+NISDOMAIN=example.com
+NISMAP=auto.master
+NISSERVER=dirsrv
+IPASUFFIX=`echo ${NISDOMAIN} | sed -e 's,^,dc=,g' -e 's,\.,\,dc=,g'`
+
+ldapadd -h ${NISSERVER} -x -D "cn=Directory Manager" -W &lt;&lt; EOF
+dn: nis-domain=${NISDOMAIN}+nis-map=${NISMAP},
+ cn=NIS Server, cn=plugins, cn=config
+objectClass: extensibleObject
+nis-domain: ${NISDOMAIN}
+nis-map: ${NISMAP}
+nis-filter: (objectclass=automount)
+nis-key-format: %{automountKey}
+nis-value-format: %{automountInformation}
+nis-base: automountmapname=${NISMAP}, ${LOCATION:+cn=${LOCATION},}
+ cn=automount, ${IPASUFFIX}
+
+EOF
+</pre>
+
+				</div><div class="para">
+					This entry instructs the plug-in to create a map named <code class="filename">auto.master</code> in the domain named <code class="systemitem">${NISDOMAIN}</code>, and that the data for that map should be read from the entries at and below <em class="parameter"><code>automountmapname=${NISMAP}</code></em>, which exists inside a container named <code class="systemitem">cn=${LOCATION}</code>. This container is in the automount section of the IPA data store. The keys for the entries in the automount map in NIS are the values of the <em class="parameter"><code>automountKey</code></em> attribute for the directory server entries, and the corresponding values in the NIS map are the values of the <em class="parameter"><code>automountInformation</code></em> attribute in those same entries.
+				</div><div class="para">
+					You then need to repeat the process for the <code class="filename">auto.direct</code> map, and then any other maps that you have defined.
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="nis.html"><strong>Prev</strong>Chapter 9. Identity: Integrating with NIS Domains...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="migrintg-from-nis.html"><strong>Next</strong>9.3. Migrating from NIS to IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html
new file mode 100644
index 0000000..ea71ca4
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.6. Client Problems</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="prev" href="certs.html" title="4.5. Configuring Certificate-Based Machine Authentication" /><link rel="next" href="uninstalling-clients.html" title="4.7. Uninstalling a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="certs.html"><strong>Prev
 </strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems">4.6. Client Problems</h2></div></div></div><div class="para">
+			If you are unable to log into a machine or the standard NSS tools fail to return user and group information (for example, <code class="command">getent passwd admin</code> fails), inspect the SSSD logs in <code class="filename">/var/log/sssd/</code>. You should start with the log file for your domain (<code class="filename">sssd_example.com.log</code>).
+		</div><div class="para">
+			To increase the log level, set <code class="varname">debug_level</code> = 9 in the <code class="literal">[domain/<em class="replaceable"><code>example.com</code></em>]</code> section of the <code class="filename">/etc/sssd/sssd.conf</code> file, and restart the <code class="systemitem">sssd</code> daemon for this change to take effect. Monitor the <code class="filename">/var/log/sssd/sssd_example.com.log</code> file for any relevant information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="certs.html"><strong>Prev</strong>4.5. Configuring Certificate-Based Machine Authen...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong>4.7. Uninstalling a FreeIPA Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html
new file mode 100644
index 0000000..a296164
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.6. Kerberos Errors</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="rotating-keys.html" title="6.5. Rotating Keys" /><link rel="next" href="automount.html" title="Chapter 7. Identity: Using Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong></a></li><li class="nex
 t"><a accesskey="n" href="automount.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</h2></div></div></div><div class="para">
+			If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes: 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the server: <code class="filename">/var/log/krb5kdc.log</code>
+					</div></li><li class="listitem"><div class="para">
+						If you were using the framework also look in <code class="filename">/var/log/httpd/error_log</code>
+					</div></li></ul></div>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong>6.5. Rotating Keys</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="automount.html"><strong>Next</strong>Chapter 7. Identity: Using Automount</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
new file mode 100644
index 0000000..6af68eb
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. HBAC Service Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="authz.html" title="Chapter 10. Policy: Configuring Authorization" /><link rel="prev" href="authz.html" title="Chapter 10. Policy: Configuring Authorization" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html" title="10.3. HBAC Services" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
 ref="authz.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">10.2. HBAC Service Groups</h2></div></div></div><div class="para">
+			HBAC service groups can contain any number of individual services (<em class="firstterm">members</em>), and are typically used to group similar services to make it easier to create HBAC rules. All HBAC service groups require a name and description. IPA provides a single default group, SUDO, used for SUDO-related services.
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvcgroup-find</code> command to display the existing HBAC groups: 
+<pre class="screen"><code class="command"># ipa hbacsvcgroup-find</code>
+----------------------------
+1 HBAC service group matched
+----------------------------
+  Service group name: SUDO
+  Description: Default group of SUDO related services
+----------------------------
+Number of entries returned 1
+----------------------------</pre>
+
+		</div><div class="para">
+			IPA provides commands for adding, removing and modifying HBAC service groups, adding and removing members to and from those groups, and displaying group information. Refer to the <code class="command">ipa help hbacsvcgroup</code> help page for more information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="authz.html"><strong>Prev</strong>Chapter 10. Policy: Configuring Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Next</strong>10.3. HBAC Services</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
new file mode 100644
index 0000000..c3b0e50
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. HBAC Services</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="authz.html" title="Chapter 10. Policy: Configuring Authorization" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html" title="10.2. HBAC Service Groups" /><link rel="next" href="sudo.html" title="Chapter 11. Policy: Using sudo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href=
 "sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sudo.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">10.3. HBAC Services</h2></div></div></div><div class="para">
+			HBAC services refer to the PAM services that the IPA HBAC system can control access to. HBAC service names must exactly match the service name that PAM is evaluating. For example, use the following command to add the <code class="systemitem">tftp</code> service as an HBAC service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-add tftp</code>
+-------------------------
+Added HBAC service "tftp"
+-------------------------</pre>
+
+		</div><div class="para">
+			Use the <code class="command">ipa hbacsvc-find</code> command to search for HBAC services. Note that in this example, two results are returned; the newly-added <code class="systemitem">tftp</code> service and the preexisting <code class="systemitem">ftp</code> service: 
+<pre class="screen"><code class="command"># ipa hbacsvc-find ftp</code>
+-----------------------
+2 HBAC services matched
+-----------------------
+Service name: ftp
+Description: ftp
+
+Service name: tftp
+----------------------------
+Number of entries returned 2
+----------------------------
+</pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">ipa help hbacsvc</code> help page for more information.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Prev</strong>10.2. HBAC Service Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sudo.html"><strong>Next</strong>Chapter 11. Policy: Using sudo</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html
new file mode 100644
index 0000000..75716f0
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.7. Implementing Unique UID and GID Attributes</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="disabling-anon-binds.html" title="12.6. Disabling Anonymous Binds" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html" title="12.8. Configuring Certificates and Certificate Authorities" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="doc
 nav"><li class="previous"><a accesskey="p" href="disabling-anon-binds.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes">12.7. Implementing Unique UID and GID Attributes</h2></div></div></div><div class="para">
+			An IPA deployment needs to handle the dual constraints of generating random UID and GID values, while ensuring that replicas never generate the same UID or GID value. It is also important to minimize the chance that any two deployments of IPA have overlapping ranges.
+		</div><div class="para">
+			The system administrator—or whoever is performing the IPA installation—can impact the logic that deals with these constraints only once, when the system is being installed.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">12.7.1. Assigning UIDs and GIDs</h3></div></div></div><div class="para">
+				To assign UIDs and GIDs, IPA uses the directory server DNA plug-in. This plug-in is configured with a range of IDs and will assign a new ID whenever an entry requiring the uidNumber or gidNumber attributes is added to the system.
+			</div><div class="para">
+				For simplicity, and to allow configuring User Private Groups (UPGs) at any time, IPA uses a single range of UIDs and GIDs, instead of using two separate ranges. When UPGs are active, the private group gidNumber is numerically identical to the uidNumber of its user.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Selecting_ID_Ranges">12.7.1.1. Selecting ID Ranges</h4></div></div></div><div class="para">
+					When the first IPA server is installed, a range of 200,000 IDs is randomly selected between the values 1MiB and 2GiB, approximately. There are 10,000 possible ranges. The selection of a random range provides a high probability of non-conflicting IDs if, at a later stage, a trust relationship or merge between two separate installations needs to occur.
+				</div><div class="para">
+					IDs are assigned in order by a single master, but ID ranges can be split and distributed between replicas. When a replica is installed it is configured with an invalid depleted range, and a place in the shared tree where it can expose information about the ranges it manages. The first time an allocation is needed, the replica will notice it has no more IDs available and will contact one of the other available masters (typically the one with the greatest available range). A special extended operation is performed to split the range in two, so that the original master and the replica will each receive half of the previously available range for their use. When a range comes close to depletion (by default when less than 100 IDs are available), a new range is requested.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Assigning_UIDs_and_GIDs-Adding_New_Ranges">12.7.1.2. Adding New Ranges</h4></div></div></div><div class="para">
+					If the domain-wide range is close to depletion, the system administrator needs to manually select and add a new range to one of the masters. All other replicas will manage sharing the range among them as necessary.
+				</div><div class="para">
+					To add a new range, the Directory Manager must connect to the LDAP server and add the new range as a dash-separated minimum/maximum value pair in the <em class="parameter"><code>dnaNextRange</code></em> attribute in the DNA configuration entry for the ranges in question. For example, the following command adds a new range of 100k values:
+				</div><pre class="screen"><code class="command">% ldapmodify -x -D "cn=Directory Manager" -W</code>
+Enter LDAP Password: *******
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: modify
+add: dnaNextRange
+dnaNextRange: 123400000-123500000</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						This command only adds the specified range of values; it does not check that the values in that range are actually available. This check will be performed when an attempt is made to allocate those values. If, for example, you added a range that contained mostly values that were already allocated, time would be lost as the system cycled through searching for unallocated values, and then finally failing if none were available.
+					</div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="disabling-anon-binds.html"><strong>Prev</strong>12.6. Disabling Anonymous Binds</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong>12.8. Configuring Certificates and Certificate Au...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
new file mode 100644
index 0000000..c76ec70
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>C.3. Performing a Client-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="C.2. Performing a Server-based Migration" /><link rel="next" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
  class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_
 Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Install SSSD first on the machines that can support it:
+					</div><div class="para">
+						<code class="command"># yum install sssd</code>
+					</div></li><li class="listitem"><div class="para">
+						Configure SSSD with the LDAP back end and point it to the existing DS deployment.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				Install IPA and migrate the existing DS data as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section C.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						Start moving clients that have SSSD installed from the LDAP back end to the IPA back end, and enroll them with IPA. This will download the required keys and certificates.
+					</div></li><li class="listitem"><div class="para">
+						Instruct users to use (that is, to log in at least once) the machines with SSSD and IPA back end, or go to the web page and authenticate.
+					</div></li><li class="listitem"><div class="para">
+						Monitor the user migration process using the following LDAP query. This query detects the state of the migration by determining which users do not have a Kerberos principal key but do have a password.
+					</div><div class="para">
+						This query will prompt for the Directory Manager password. 
+<pre class="screen"><code class="command">$ ldapsearch -LL -x -D 'cn=Directory Manager' -W -b 'cn=users,cn=accounts,dc=example,dc=com' \</code>
+<code class="command">'(&amp;(!(krbprincipalkey=*))(userpassword=*))' uid</code></pre>
+
+					</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+							It is important to include the quotes around the filter so that it is not interpreted by the shell.
+						</div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						As the user population is migrated (the Kerberos keys are generated), you can start reconfiguring other (non‐SSSD) clients as required. The clients can be set up in any state shown on the diagram above.
+					</div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of the clients is complete, decommission the DS.
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong>C.2. Performing a Server-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong>Glossary</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
new file mode 100644
index 0000000..6442d42
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>C.2. Performing a Server-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="prev" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="C.3. Performing a Client-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src=
 "Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Each phase of the migration should be performed as a single step.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+				The first phase of the migration consists of setting up IPA and migrating data from the existing DS to that used by IPA. This involves the use of the <code class="command">ipa migrate-ds</code> command, which dumps the user data from the original DS, converts it into a format suitable for use by IPA, and then loads the converted data into IPA.
+			</div><div class="para">
+				The <code class="command">ipa migrate-ds</code> command connects to the DS and binds as the <code class="systemitem">Directory Manager</code>, and then extracts all objectClass=person objects from ou=People. This can be changed using the <code class="option">--user-container</code> option. It also extracts all objects from ou=Groups. This can be changed using the <code class="option">--group-container</code> option. It adds all object classes and attributes required by IPA (if they are missing) and coverts DNs in attributes to match the IPA Directory Information Tree (DIT). The command returns an error if migration is not enabled.
+			</div><div class="para">
+				Refer to the <code class="command">ipa migrate-ds</code> help page for more details about this command (<code class="command">ipa help migrate-ds</code>).
+			</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure C.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
+						Install IPA, including any custom DS schema, on a different machine from the existing DS. Refer to 
+					</div></li><li class="step"><div class="para">
+						Use the following command to enable IPA migration mode:
+					</div><div class="para">
+						<code class="command"># ipa config-mod --enable-migration=TRUE</code>
+					</div></li><li class="step"><div class="para">
+						To migrate users and groups from an existing Directory Server using a default configuration, reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						To migrate users and groups from an existing IPAv1 installation using a default configuration, whose DS is reachable at <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em></code>, use the following command:
+					</div><div class="para">
+						<code class="command"># ipa migrate-ds --user-container=cn=users,cn=accounts \</code> <code class="command">--group-container=cn=groups,cn=accounts <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code></code>
+					</div><div class="para">
+						In this example, <code class="uri">ldap://<em class="replaceable"><code>example.com</code></em>:389</code> is the LDAP-URI and port number of the existing directory server from which you want to migrate your data. Update this URI to suit your own environment.
+					</div><div class="para">
+						Enter the <code class="systemitem">Directory Manager</code> password for the DS when prompted.
+					</div></li><li class="step"><div class="para">
+						Check the log file for errors and instructions on how to address them. 
+						<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+								The migration log file is currently not implemented. Instead, any error messages are printed to standard output.
+							</div></div></div>
+
+					</div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure C.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
+						Update the client configuration to use PAM_LDAP and NSS_LDAP to connect to IPA instead of connecting to DS, NIS, or using local files. 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									If the intention is to automatically generate the Kerberos keys when a user authenticates, the configuration should use startTLS and simple bind authentication. For this to occur, the IT department needs to ensure the IPA server certificate is copied to the client.
+								</div></li><li class="listitem"><div class="para">
+									If the intention is to install SSSD on a client at a later date, the startTLS and certificate requirements do not apply.
+								</div></li></ul></div>
+
+					</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+					You should not update your client configuration to use PAM_KRB5 and NSS_LDAP (that is, the equivalent of IPA v1) at this stage unless absolutely necessary. This is because the Kerberos keys will not yet exist in the IPA user entries, and consequently users will not be able to log in. If such a configuration is required, users can be directed to a specific web page on the IPA server after the data has been loaded into the IPA server. This page will prompt the user for their password and perform an LDAP bind. The DS password plug-in will capture these passwords and generate the Kerberos keys.
+				</div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Install SSSD on the machines that can support it:
+							</div><div class="para">
+								<code class="command"># yum install sssd</code>
+							</div></li><li class="listitem"><div class="para">
+								Configure SSSD to use IPA as a back end (Kerberos and LDAP). Installing SSSD and enrolling the client with IPA will ensure delivery of the machine Kerberos key and server certificate to the client. Refer to 
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
+					<div class="orderedlist"><ol><li class="listitem"><div class="para">
+								Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section C.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
+							</div></li><li class="listitem"><div class="para">
+								As the migration of the user population progresses (that is, as the Kerberos keys are generated on the IPA server), you can begin to configure other, non-SSSD clients to suit your requirements.
+							</div></li></ol></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						When the migration of all clients and users is complete, decommission the DS.
+					</div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong>Appendix C. Migrating from a Directory Server to ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong>C.3. Performing a Client-based Migration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
new file mode 100644
index 0000000..56c4a4b
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Setting up Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="next" href="configuring-active-directory.html" title="8.3. Configuring Active Directory Synchronization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="
 previous"><a accesskey="p" href="active-directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-active-directory.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</h2></div></div></div><div class="para">
+			The Windows Sync utility requires TLS/SSL to synchronize password changes. Therefore, you need to set up Active Directory as an SSL server. The easiest way to achieve this is to install Microsoft Certificate System in Enterprise Root Mode; Active Directory will then automatically enroll to retrieve its SSL server certificate.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You need to install both the <code class="command">winsync</code> and <code class="command">passsync</code> utilities to synchronize User IDs and attributes as well as passwords.
+			</div><div class="para">
+				You need to install the <code class="command">passsync</code> utility on all AD domain controllers to enable password synchronization from AD to IPA.
+			</div></div></div><div class="para">
+			Refer to the <a href="http://directory.fedoraproject.org/wiki/Howto:WindowsSync">Fedora Project Windows Sync Howto</a> for information on setting up Active Directory as an SSL server.
+		</div><div class="para">
+			After you have installed Microsoft Certificate System, you need to save the CA certificate in ASCII (PEM) format. This CA Certificate is required to create the synchronization agreement.
+		</div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-To_save_the_CA_certificate_in_ASCII_format"><h6>Procedure 8.1. To save the CA certificate in ASCII format:</h6><ol class="1"><li class="step"><div class="para">
+					Navigate to My Network Places and drill down to the CA distribution point. On Windows 2003 Server this is typically <code class="filename">C:\WINDOWS\system32\certsrv\CertEnroll\</code>
+				</div></li><li class="step"><div class="para">
+					Double-click the security certificate file (<code class="filename">.crt</code> file) to display the <span class="guilabel"><strong>Certificate</strong></span> dialog box.
+				</div></li><li class="step"><div class="para">
+					On the <span class="guilabel"><strong>Details</strong></span> tab, click <span class="guibutton"><strong>Copy to File</strong></span> to start the <span class="application"><strong>Certificate Export Wizard</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>Next</strong></span>, select <span class="guilabel"><strong>Base-64 encoded X.509 (.CER)</strong></span> and then click <span class="guibutton"><strong>Next</strong></span>.
+				</div></li><li class="step"><div class="para">
+					Specify a suitable directory and file name for the exported file. The file name is not important. Click <span class="guibutton"><strong>Next</strong></span> to export the certificate, and then click <span class="guibutton"><strong>Finish</strong></span>. You should receive a message stating that the export was successful.
+				</div></li><li class="step"><div class="para">
+					Click <span class="guibutton"><strong>OK</strong></span> to exit the wizard.
+				</div></li></ol></div><div class="para">
+			Refer to <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">Section 8.4, “Creating Synchronization Agreements”</a> for information on how to use the CA Certificate to create the synchronization agreement.
+		</div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Setting_up_Active_Directory-Select_Base_64_encoded_X.509_to_export_the_security_certificate_as_ASCII"><div class="figure-contents"><div class="mediaobject" align="center"><img src="images/ASCII_Cert_Export.png" align="middle" alt="Select Base-64 encoded X.509 to export the security certificate as ASCII" /></div></div><h6>Figure 8.1. Select Base-64 encoded X.509 to export the security certificate as ASCII</h6></div><br class="figure-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="active-directory.html"><strong>Prev</strong>Chapter 8. Identity: Integrating with Microsoft A...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-active-directory.html"><strong>Next</strong>8.3. Configuring Active Directory Synchroniz
 ation</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
new file mode 100644
index 0000000..df8f77e
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.4. Creating Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="configuring-active-directory.html" title="8.3. Configuring Active Directory Synchronization" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html" title="8.5. Modifying Synchronization Agreements" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
 _Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-active-directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</h2></div></div></div><div class="para">
+			Use the <code class="command">ipa-replica-manage connect</code> command to create synchronization agreements. The following command-line arguments apply to creating synchronization agreements:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					<code class="option">--winsync</code> — specifies that this is a Windows Sync agreement. Winsync replication occurs every five minutes.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--binddn</code> — the full DN of the user to use. The DS will bind to Active Directory as this user to read and write changes. This user requires read, search, and write permissions on the Active Directory subtree, including password changes, as well as permission to use the DirSync control (that is, it must be able to use replication).
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--bindpw</code> — the password for the user specified by the <code class="option">--binddn</code> argument.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--passsync</code> — the password for the Windows PassSync user, and a required argument to <code class="command">ipa-replica-manage</code> when creating winsync agreements.
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--cacert</code> — the full path and file name of the ASCII/PEM-encoded Windows Active Directory CA certificate. This certificate will be installed in the Directory Server certificate database as "Imported CA".
+				</div></li><li class="listitem"><div class="para">
+					<code class="option">--win-subtree</code> — the DN of the Windows subtree containing the users you want to synchronize. The default value is <em class="parameter"><code>cn=Users,$SUFFIX</code></em> — this is what Windows AD typically uses as the default value.
+				</div></li></ul></div><div class="para">
+			The following example illustrates adding a new WinSync agreement:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Creating_Synchronization_Agreements-Adding_a_WinSync_agreement_between_an_IPA_server_and_an_AD_server."><h6>Example 8.1. Adding a WinSync agreement between an IPA server and an AD server.</h6><div class="example-contents"><pre class="screen"><code class="command">ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=example,dc=com \</code>
+<code class="command">--bindpw password --passsync password --cacert /path/to/certfile.cer adserver.example.com -v</code></pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-active-directory.html"><strong>Prev</strong>8.3. Configuring Active Directory Synchronization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Next</strong>8.5. Modifying Synchronization Agreements</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
new file mode 100644
index 0000000..05b52ce
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.6. Deleting Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html" title="8.5. Modifying Synchronization Agreements" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html" title="8.7. Winsync Agreement Failures" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" hre
 f="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</h2></div></div></div><div class="para">
+			You can use the IPA administration tools to delete existing synchronization agreements. For example, to delete an agreement with the AD server <code class="systemitem">adserver.example.com</code>, run the following command:
+		</div><div class="para">
+			<code class="command"># ipa-replica-manage disconnect adserver.example.com</code>
+		</div><div class="para">
+			This removes the replication agreement between the IPA and AD servers. To complete the operation, you need to remove the AD certificate from the IPA server. Run the following command to remove the AD certificate:
+		</div><div class="para">
+			<code class="command"># certutil -D -d /etc/dirsrv/slapd-$REALM/ -n "Imported CA"</code>
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html"><strong>Prev</strong>8.5. Modifying Synchronization Agreements</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html"><strong>Next</strong>8.7. Winsync Agreement Failures</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
new file mode 100644
index 0000000..c4e3d2f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.5. Modifying Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html" title="8.4. Creating Synchronization Agreements" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html" title="8.6. Deleting Synchronization Agreements" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.pn
 g" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. M
 odifying Synchronization Agreements</h2></div></div></div><div class="para">
+			You can change the behavior of the synchronization agreement to suit the changing needs of your organization. You can modify a number of attributes related to the synchronization agreement using default tools provided with IPA.
+		</div><div class="para">
+			The following example illustrates changing the synchronization behavior of account lock status. By default, account lock status is synchronized between IPA and AD. This means that accounts that are locked in IPA are also locked (disabled) in AD, and vice versa. You can change this synchronization behavior as follows:
+		</div><div class="example" id="exam-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Configuring_the_IPA_WinSync_agreement_to_not_synchronize_account_lock_status_information."><h6>Example 8.2. Configuring the IPA WinSync agreement to not synchronize account lock status information.</h6><div class="example-contents"><pre class="screen"><code class="command">$ ldapmodify -x -D "cn=directory manager" -w password</code>
+dn: cn=ipa-winsync,cn=plugins,cn=config
+changetype: modify
+replace: ipaWinSyncAcctDisable
+ipaWinSyncAcctDisable: none
+
+modifying entry "cn=ipa-winsync,cn=plugins,cn=config"
+</pre></div></div><br class="example-break" /><div class="para">
+			The default value of the <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> attribute is <code class="literal">both</code>. If you change this value to <code class="literal">none</code>, as described in the example, account lock status synchronization is completely disabled. Valid values for <em class="parameter"><code>ipaWinSyncAcctDisable</code></em> are <code class="literal">both</code>, <code class="literal">to_ad</code>, <code class="literal">to_ds</code>, and <code class="literal">none</code>.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</h3></div></div></div><div class="para">
+				When you create synchronization agreements, two default containers are used as the source of the user accounts to synchronize between IPA and Windows Active Directory. IPA uses the <em class="parameter"><code>cn=users,cn=accounts,$SUFFIX</code></em> subtree as the default container, and Windows uses the <em class="parameter"><code>CN=Users,$SUFFIX</code></em> subtree. You can use the <em class="parameter"><code>--win-subtree</code></em> argument to the <code class="command">ipa-replica-manage connect</code> command to override the default Windows subtree.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					If you pass such arguments to the bash or other shell, ensure that you quote spaces and other shell metacharacters. For example, the argument <em class="parameter"><code>--win-subtree=cn=users, dc=example, dc=com</code></em> will fail. The argument <em class="parameter"><code>--win-subtree="cn=users, dc=example, dc=com"</code></em> will succeed.
+				</div></div></div><div class="para">
+				IPA does not currently support modifying the default synchronization container while you are creating the synchronization agreement. You can, however, change the container after the agreement has been established. To do so, you can either modify the <code class="filename">dse.ldif</code> file directly (ensure that you stop the directory server before editing this file), or use <code class="command">ldapmodify</code> to change <em class="parameter"><code>nsds7WindowsReplicaSubtree</code></em>.
+			</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html"><strong>Prev</strong>8.4. Creating Synchronization Agreements</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Next</strong>8.6. Deleting Synchronization Agreements</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
new file mode 100644
index 0000000..60d6d88
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.7. Winsync Agreement Failures</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html" title="8.6. Deleting Synchronization Agreements" /><link rel="next" href="nis.html" title="Chapter 9. Identity: Integrating with NIS Domains and Netgroups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
 ges/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="nis.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7. Winsync Agreement Failures</h2></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Symptom"><h5 class="formalpara">Symptom</h5>
+				If the creation of a winsync agreement fails, you may see an error message similar to the following: 
+<pre class="screen">"Update failed! Status: [81  - LDAP error: Can't contact LDAP server]
+</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Cause"><h5 class="formalpara">Cause</h5>
+				One example of this error occurring is if you use an invalid Windows Server Certificate when creating the winsync agreement. This can result in the wrong certificates being created in the certificate database in the <code class="filename">/etc/dirsrv/slapd-DOMAIN-NAME/</code> directory, and with same name, for example "Imported CA". The following is an example of a corrupt certificate database after such a failure (note the duplicate "Imported CA" entries): 
+<pre class="screen"><code class="command">$ certutil -L -d /etc/dirsrv/slapd-DOMAIN-NAME/</code>
+
+Certificate Nickname                                         Trust Attributes
+SSL,S/MIME,JAR/XPI
+
+CA certificate                                               CTu,u,Cu
+Imported CA                                                  CT,,C
+Server-Cert                                                  u,u,u
+Imported CA                                                  CT,,C</pre>
+
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Winsync_Agreement_Failures-Solution"><h5 class="formalpara">Solution</h5>
+				To resolve this issue, you need to clear the certificate database, as follows: 
+<pre class="screen"><code class="command"># certutil -d /etc/dirsrv/slapd-DOMAIN-NAME -D -n "Imported CA"</code></pre>
+
+			</div><div class="para">
+			This will delete the CA from the AD server ("Imported CA"). You need to do this after each failed invocation.
+		</div><div class="para">
+			You may also see the following message:
+		</div><pre class="screen">"Windows PassSync entry exists, not resetting password"
+</pre><div class="para">
+			This is not an error, but rather a notification that IPA is not re-adding the <code class="systemitem">passync</code> user, and neither is it changing the original password. The <code class="systemitem">passync</code> user is a special user entry that can change passwords in IPA.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html"><strong>Prev</strong>8.6. Deleting Synchronization Agreements</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="nis.html"><strong>Next</strong>Chapter 9. Identity: Integrating with NIS Domains...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html
new file mode 100644
index 0000000..4d98b26
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.11. Creating DNS Entries for FreeIPA Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="ipa-cluster.html" title="12.10. Using IPA in a Cluster" /><link rel="next" href="promoting-replica.html" title="12.12. Promoting a Read-Only Replica to an IPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</strong></a><
 /li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas">12.11. Creating DNS Entries for FreeIPA Replicas</h2></div></div></div><div class="para">
+			You can use the <code class="option">--ip-address</code> option with the <code class="command">ipa-replica-prepare</code> command to pre-create DNS entries for a replica. If you include this option, FreeIPA will add the A and PTR records for the replica to the DNS. For example: 
+<pre class="screen"><code class="command">$ ipa-replica-prepare master2.example.com --ip-address 192.168.1.2</code></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</strong>12.10. Using IPA in a Cluster</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong>12.12. Promoting a Read-Only Replica to an IPA Se...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html
new file mode 100644
index 0000000..a5d9554
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.2. Using certmonger</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html" title="B.3. Using certmonger with NSS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="
 Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger">B.2. Using certmonger</h2></div></div></div><div class="para">
+			Probably the simplest use case is to generate a certificate which is signed by the subject itself. These are not typically used in production, but are suitable for demonstration and testing purposes. Consider the following command:
+		</div><pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/server.crt -k /tmp/server.key</code></pre><div class="para">
+			This informs <code class="systemitem">certmonger</code> that we want a key to be stored in the file <code class="filename">/tmp/server.key</code>, to generate a corresponding certificate, and to store that certificate in the file <code class="filename">/tmp/server.crt</code>. Using <code class="command">selfsign-getcert</code> also implicitly tells <code class="systemitem">certmonger</code> to <span class="emphasis"><em>self-sign</em></span> the CSR, which it generates and uses internally, with the subject's own key. During this process, certmonger:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					checked for the existence of a key in the specified location
+				</div></li><li class="listitem"><div class="para">
+					having determined that no such key existed, proceeded to create one
+				</div></li><li class="listitem"><div class="para">
+					created the CSR
+				</div></li><li class="listitem"><div class="para">
+					used the same key to produce a signed certificate.
+				</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Prev</strong>Appendix B. Services: Working with certmonger</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Next</strong>B.3. Using certmonger with NSS</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html
new file mode 100644
index 0000000..2b3e6cd
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.4. Using certmonger with IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html" title="B.3. Using certmonger with NSS" /><link rel="next" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
 ges/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA">B.4. Using certmonger with IPA</h2></div></div></div><div class="para">
+			The only difference between using <code class="systemitem">certmonger</code> with the IPA CA and producing a self-signed certificate is changing the command prefix. Instead of using <code class="command">selfsign-getcert</code>, use the <code class="command">ipa-getcert</code> command. For example: 
+<pre class="screen"><code class="command">ipa-getcert request -r \</code>
+  <code class="command">-f /etc/httpd/conf/ssl.crt/server.crt \</code>
+  <code class="command">-k /etc/httpd/conf/ssl.key/server.key \</code>
+  <code class="command">-N CN=`hostname --fqdn` \</code>
+  <code class="command">-D `hostname --fqdn` \</code>
+  <code class="command">-U id-kp-serverAuth</code></pre>
+
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html"><strong>Prev</strong>B.3. Using certmonger with NSS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong>Appendix C. Migrating from a Directory Server to ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html
new file mode 100644
index 0000000..bd8e711
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.3. Using certmonger with NSS</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix B. Services: Working with certmonger" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html" title="B.2. Using certmonger" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html" title="B.4. Using certmonger with IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_C
 ontent/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_NSS">B.3. Using certmonger with NSS</h2></div></div></div><div class="para">
+			The previous example used plain files for holding the key and the certificate, but certmonger can also take advantage of NSS database storage. In this scenario, you need to pass the database's location and a nickname for the certificate to certmonger. Consider the following example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -d /tmp -n Test-Certificate</code></pre>
+
+		</div><div class="para">
+			You can specify a number of options on the command line for the CSR, such as the subject name and different types of SAN values, or you can accept the default values. For example: 
+<pre class="screen"><code class="command"># selfsign-getcert request -f /tmp/babs.crt -k /tmp/babs.key \</code>
+<code class="command">-N "CN=Bob Diddley" -K bdiddley at EXAMPLE.COM -E bob at example.com</code></pre>
+
+		</div><div class="para">
+			Refer to the <code class="command">getcert</code> man page for more information about the available command options.
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Prev</strong>B.2. Using certmonger</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger_with_IPA.html"><strong>Next</strong>B.4. Using certmonger with IPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html
new file mode 100644
index 0000000..453a15b
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix B. Services: Working with certmonger</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html" title="B.2. Using certmonger" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><
 li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Services: Working with certmonger</h1></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-What_is_certmonger">B.1. What is certmonger?</h2></div></div></div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon, together with its command line clients, attempts to simplify the process of generating public/private key pairs and Certificate Signing Requests (CSRs), and submitting CSRs to Certificate Authorities (CAs) for signing.
+		</div><div class="para">
+			The <code class="systemitem">certmonger</code> daemon also monitors certificates for imminent expiration and, with the help of a CA, can optionally refresh certificates that are about to expire. It can also drive the entire IPA enrollment process, from key generation through to enrollment itself and refreshing certificates.
+		</div><div class="para">
+			The set of certificates that <code class="systemitem">certmonger</code> monitors is tracked in files stored in a user-configurable directory. The default location is <code class="filename">/var/lib/certmonger/requests</code>.
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong>Appendix A. Frequently Asked Questions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger-Using_certmonger.html"><strong>Next</strong>B.2. Using certmonger</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/self-service.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/self-service.html
new file mode 100644
index 0000000..1dc1b07
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/self-service.html
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.3. Defining Self-Service Settings</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 12. Configuring the IPA Server" /><link rel="prev" href="creating-roles.html" title="12.2. Creating Roles" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html" title="12.4. Specifying Default User Settings" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a access
 key="p" href="creating-roles.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Next</strong></a></li></ul><div class="section" id="self-service"><div class="titlepage"><div><div><h2 class="title" id="self-service">12.3. Defining Self-Service Settings</h2></div></div></div><div class="para">
+			Self-service access control rules define the operations that an entity can perform on itself. These rules are attribute based; that is, they define what attributes can be modified for any particular entity. You can create self-service rules so that users can manage their own addresses, keep their contact details current, change their passwords, etc.
+		</div><div class="para">
+			Self-service rules are defined and managed by a number of sub-commands. Use the <code class="command">ipa help selfservice</code> command to display the list of available commands.
+		</div><div class="para">
+			The following example demonstrates how to add a new self-service rule that allows users to maintain their own name details. Note that access control rules whose names contain spaces or other special characters need to be quoted. 
+<pre class="screen"><code class="command">$ ipa selfservice-add "Users can manage their own name details" --permissions=write \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials</code>
+-----------------------------------------------------------
+Added selfservice "Users can manage their own name details"
+-----------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials</pre>
+
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-show</code> command to display the newly-created rule.
+		</div><div class="para">
+			You can use the <code class="command">ipa selfservice-mod</code> command to manage your self-service rules. For example, you can add or remove various attributes from any of the defined rules, or change the permissions. For example, you can add telephone contact details to the rule we created in the previous example: 
+<pre class="screen"><code class="command">$ ipa selfservice-mod "Users can manage their own name details" \</code>
+  <code class="command">--attrs=givenname,displayname,title,initials,homephone,mobile,telephonenumber</code>
+--------------------------------------------------------------
+Modified selfservice "Users can manage their own name details"
+--------------------------------------------------------------
+    Self-service name: Users can manage their own name details
+    Permissions: write
+  Attributes: givenname, displayname, title, initials, homephone, mobile, telephonenumber</pre>
+
+		</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+				You need to include all of the required attributes when you modify a self-service rule, including existing ones.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="creating-roles.html"><strong>Prev</strong>12.2. Creating Roles</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html"><strong>Next</strong>12.4. Specifying Default User Settings</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html
new file mode 100644
index 0000000..d2fd40d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Configuring the IPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="configuring-sudo.html" title="11.2. Configuring sudo" /><link rel="next" href="creating-roles.html" title="12.2. Creating Roles" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-sudo.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="cr
 eating-roles.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Configuring the IPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">12.1. Defining Access Controls within IPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">12.1.1. Server-side Access Control</a></span></dt></dl></dd><dt><span class="section"><a href="creating-roles.html">12.2. Creating Roles</a></span></dt><dt><span class="section"><a href="self-service.html">12.3. Defining Self-Service Settings</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Specifying_Default_User_Settings.html">12.4. Specifying Default User Settings</a></span></dt><dt><span cla
 ss="section"><a href="search-limits.html">12.5. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="disabling-anon-binds.html">12.6. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html">12.7. Implementing Unique UID and GID Attributes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-IPA_Concepts-Implementing_Unique_UID_and_GID_Attributes.html#sect-Enterprise_Identity_Management_Guide-Implementing_Unique_UID_and_GID_Attributes-Assigning_UIDs_and_GIDs">12.7.1. Assigning UIDs and GIDs</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html">12.8. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Id
 entity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">12.8.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">12.8.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_Certificates_and_Certificate_Authorities.html#Using_OCSP">12.8.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">12.9. Setting an IPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">12.10. Using IPA in a Clu
 ster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">12.10.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#sect-Enterprise_Identity_Management_Guide-Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">12.10.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Working_with_DNS-Creating_DNS_Entries_for_IPA_Replicas.html">12.11. Creating DNS Entries for FreeIPA Replicas</a></span></dt><dt><span class="section"><a href="promoting-replica.html">12.12. Promoting a Read-Only Replica to an IPA Server</a></span></dt><dt><span class="section"><a href="logging.html">12.13. IPA Ser
 ver Logging</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">12.1. Defining Access Controls within IPA</h2></div></div></div><div class="para">
+			Access control is a mechanism which defines user access. That is, it defines the rights that users and other objects have been granted in order to perform operations on other users or objects. When the IPA directory server receives a request, it uses the authentication information provided by the user in the bind operation together with <em class="firstterm">access control instructions (ACIs)</em> defined in the server to allow or deny access to directory information. The server can allow or deny permissions for actions, such as read, write, search, and compare, on directory server entries. The permission level granted to a user may depend on the authentication information provided.
+		</div><div class="para">
+			IPA implements a number of different methods for controlling access to the various objects, commands and processes that exist within an IPA domain. This includes a Kerberos Ticket Policy, a Password Policy, Host-based Access Control and SUDO Command Policies for controlling client access to services and commands; that is, outside of the IPA server, and a separate Access Control Model for controlling server-side objects; that is, LDAP entries within the IPA server.
+		</div><div class="para">
+			IPA relies on three separate types of access control rules:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Role-based rules: specify what operations an entity can perform based on its IPA Role.
+				</div></li><li class="listitem"><div class="para">
+					Self-service rules: specify what an entity can change within its own entry.
+				</div></li><li class="listitem"><div class="para">
+					Delegation rules: specify which groups can modify members of another group.
+				</div></li></ul></div><div class="para">
+			These three types of access control complement each other, and allow IPA administrators to create a very flexible set of access control permissions and restrictions.
+		</div><div class="para">
+			Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Users, groups, hosts, and host groups can be added to different IPA Roles. These roles provide the necessary permissions for access. You can create as many roles as you need to suit the requirements of your deployment.
+		</div><div class="para">
+			There are several aspects to working with roles. Because it is a hierarchical system, to create a fully operational role you need to create the role itself, add privileges to this role to establish what tasks it can and cannot perform, and finally add members to the role, such as users, groups, etc. The reverse is also true; if you remove a role, then any users or groups who relied on this role to perform certain tasks will no longer be able to do so.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				You cannot create nested roles. That is, a role cannot contain another role.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control">12.1.1. Server-side Access Control</h3></div></div></div><div class="para">
+				The IPA Access Control Model is based on the underlying 389 Directory Server access control model, which uses access control instructions (ACIs) to define user access within the system. An ACI is a construct that can express a complex set of access control information.
+			</div><div class="para">
+				As explained in the directory server documentation, the three main parts of an ACI statement are: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							Target
+						</div></li><li class="listitem"><div class="para">
+							Permission
+						</div></li><li class="listitem"><div class="para">
+							Bind Rule
+						</div></li></ul></div>
+
+			</div><div class="para">
+				The ACI structure itself is very flexible, but can also be confusing. IPA attempts to structure these ACIs in order to provide a formalized input and output that can be expressed on the command line and in the WebUI, while at the same time maintaining sufficient flexibility to create complex access control rules. In order to achieve this, IPA implements three types of access control. These are discussed in the following sections.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Server_side_Access_Control-Types_of_Access_Control">12.1.1.1. Types of Access Control</h4></div></div></div><div class="para">
+					IPA relies on three separate types of access control rules: 
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Role-based
+							</div></li><li class="listitem"><div class="para">
+								Self-service
+							</div></li><li class="listitem"><div class="para">
+								Delegation
+							</div></li></ul></div>
+					 These three types of access control complement each other, allowing IPA administrators to create a very flexible set of access control permissions and restrictions.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Role_based_Access_Control"><h5 class="formalpara">Role-based Access Control</h5>
+						Role-based access control (RBAC) is a hierarchical way of organizing access to the data managed by IPA. Different users who perform the same tasks within an organization are typically combined into a group, and this group is made a member of an IPA <em class="firstterm">Role</em>. This Role provides the member groups and users the necessary permissions to perform their assigned tasks.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Self_service_Access_Control"><h5 class="formalpara">Self-service Access Control</h5>
+						Self-service access control defines what operations an entity can perform on itself. This method of control is attribute based; that is, it defines what attributes can be modified for any particular entity. The ability of a user to update their own password is an example of self-service access control. Self-service access control applies to any authenticated entity performing an operation, not only to users. This method of access control should also be used with caution, to avoid the possibility that it lead to the elevation of an entity's privileges.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Delegation_Access_Control"><h5 class="formalpara">Delegation Access Control</h5>
+						Delegation access control defines what operations one group of users or entries can perform on another group of users or entries. In each case, the group of users or entries may be identified by a provided filter. The core difference between delegation access control rules and other rules is that the target—the object of the access control rule—is not a class of entries but rather a set of specific entries that are members of a group or retrieved by a specific filter. The delegation rules allow targeted management of specific user entries.
+					</div><div class="para">
+					In each case, the access control rule resolves the constituents of the IPA access control expression: "<em class="firstterm">Who</em> can do <em class="firstterm">What</em> to <em class="firstterm">Whom</em>". The following section explains these constituents in more detail.
+				</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-The_IPA_Access_Control_Expression">12.1.1.1.1. The IPA Access Control Expression</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Who_of_Access_Control"><h5 class="formalpara">The "Who" of Access Control</h5>
+							In simple grammatical terms, the "who" of an IPA <em class="firstterm">access control instruction (ACI)</em>, or expression, is the subject. It specifies the entity that interacts with the system and tries to perform an administrative task. This task could be an administrator adding a user, a user changing his home address, or a host requesting a certificate for a service running on the host.
+						</div><div class="para">
+						It is important to understand that the "who" is not necessarily a person; it can be any entity that has successfully authenticated against IPA. In order to authenticate against the IPA server, this entity, the "who", needs to have a Kerberos principal. After the entity has authenticated, it can connect to the IPA server and try to issue administrative commands. The system will either allow or deny the requested operation based on this entity's permissions.
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_What_of_Access_Control"><h5 class="formalpara">The "What" of Access Control</h5>
+							To continue the analogy with grammatical terms, the "what" of an IPA ACI is the verb. This specifies the actual administrative operation that the subject, the "who", is trying to perform. Such operations can target actual entries, such as adding or deleting users, or they can target specific attributes of entries, such as changing phone numbers for a user entry, or changing the member attributes of a group entry.
+						</div><div class="para">
+						Most entry attributes are optional, and the operations against attributes can be any of the following: 
+						<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+									<code class="command">Add</code> — allows the creation of a new attribute, or new values for multi-valued attributes.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Delete</code> — allows the removal of an attribute.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Read</code> — makes attributes accessible.
+								</div></li><li class="listitem"><div class="para">
+									<code class="command">Write</code> — allows modification of existing attributes.
+								</div></li></ul></div>
+
+					</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-The_IPA_Access_Control_Expression-The_Whom_of_Access_Control"><h5 class="formalpara">The "Whom" of Access Control</h5>
+							The "whom" of an IPA ACI is the object, or <em class="firstterm">target</em>, upon which the ACI acts. Targets can be expressed in different ways: 
+							<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+										As a class of entries, for example: <code class="classname">user</code>; <code class="classname">group</code>; <code class="classname">host</code>.
+									</div></li><li class="listitem"><div class="para">
+										As a location in a specific part of the directory tree, for example: everything under <em class="parameter"><code>cn=accounts</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a specific attribute potentially used in many types of entries, for example: the <em class="parameter"><code>cn</code></em> attribute.
+									</div></li><li class="listitem"><div class="para">
+										As a specific entry, for example: <em class="parameter"><code>fqdn=mycomp.mywork.com</code></em>.
+									</div></li><li class="listitem"><div class="para">
+										As a set of entries selected by filter, for example: <em class="parameter"><code>cn="filter"</code></em>.
+									</div></li></ul></div>
+
+						</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Types_of_Access_Control-Directory_Server_ACIs_and_IPA_Access_Control_Types">12.1.1.1.2. Directory Server ACIs and IPA Access Control Types</h5></div></div></div><div class="para">
+						The following table summarizes the relationship between the different Directory Server ACI components and the IPA access control types.
+					</div><div class="table" id="tabl-Enterprise_Identity_Management_Guide-Directory_Server_ACIs_and_IPA_Access_Control_Types-Summary_mapping_table_of_Directory_Server_ACI_component_types_to_IPA_access_control_types."><h6>Table 12.1. Summary mapping table of Directory Server ACI component types to IPA access control types.</h6><div class="table-contents"><table summary="Summary mapping table of Directory Server ACI component types to IPA access control types." border="1"><colgroup><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /><col align="left" width="25%" /></colgroup><thead><tr><th align="left">
+										Type of Access Control
+									</th><th align="left">
+										Target
+									</th><th align="left">
+										Permission
+									</th><th align="left">
+										Bind Rule
+									</th></tr></thead><tbody><tr><td align="left">
+										Role-based
+									</td><td align="left">
+										An entry as a whole (for add and delete), or a set of attributes of an entry.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										<div class="para">
+											Taskgroup.
+										</div>
+										 <div class="para">
+											(A taskgroup is a special internal entry developed as part of IPA to construct the access control hierarchy. A taskgroup is a "container" that is granted permission to perform specific tasks.)
+										</div>
+
+									</td></tr><tr><td align="left">
+										Self-service
+									</td><td align="left">
+										Attributes within the entity's own entry.
+									</td><td align="left">
+										Write permission for specific attributes. All attributes are readable unless globally hidden.
+									</td><td align="left">
+										The entity who authenticated.
+									</td></tr><tr><td align="left">
+										Delegation
+									</td><td align="left">
+										A group of users or a set of entries selected by a filter.
+									</td><td align="left">
+										Write, Add, or Delete. Read is implied.
+									</td><td align="left">
+										A group of users, usually a group of administrative users.
+									</td></tr></tbody></table></div></div><br class="table-break" /></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-sudo.html"><strong>Prev</strong>11.2. Configuring sudo</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="creating-roles.html"><strong>Next</strong>12.2. Creating Roles</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html
new file mode 100644
index 0000000..66f8da6
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. Setting up Systems as FreeIPA Clients</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Uninstalling_IPA_Servers.html" title="1.5. Uninstalling FreeIPA Servers and Replicas" /><link rel="next" href="Using_Microsoft_Windows.html" title="2.2. Configuring a Microsoft Windows System as a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Uninstallin
 g_IPA_Servers.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Using_Microsoft_Windows.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Setting up Systems as FreeIPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="setting-up-clients.html#fedora-client-setup">2.1. Setting up a Fedora System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#fedora-pkgs">2.1.1. Installing the Client Configuration Packages and Setup Script</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">2.1.2. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="setting-up-clients.html#fedora-Configuring_NFS_v4_with_Kerberos">2.1.3. Configuring NFS v4
  with Kerberos</a></span></dt></dl></dd><dt><span class="section"><a href="Using_Microsoft_Windows.html">2.2. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">2.3. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_10">2.3.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.3.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">2.4. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Cli
 ent_on_HP_UX-Configuring_LDAP_Authentication">2.4.1. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Kerberos_and_PAM">2.4.2. Configuring Kerberos and PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.4.3. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.4.4. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Testing_the_Configuration">2.4.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">2.5. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt
 ><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.5.1. Prerequisites</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.5.2. Configuring Client Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_SSH_Access">2.5.3. Configuring Client SSH Access</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Testing_System_Login">2.5.4. Testing System Login</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">2.6. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_
 IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.6.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.6.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.6.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.6.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Accessing_the_IPA_Server_Using_SSH">2.6.5. Accessing the FreeIPA Server Using SSH</a></span></dt><dt><sp
 an class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Macintosh_OS_X-Configuring_System_Login">2.6.6. Configuring System Login</a></span></dt></dl></dd></dl></div><div class="para">
+		A <span class="emphasis"><em>client</em></span> is any system which is a member of the FreeIPA domain. While this is frequently a Fedora system (and FreeIPA has special tools to make configuring Fedora clients very simple), machines with other operating systems can also be added to the FreeIPA domain.
+	</div><div class="para">
+		One important aspect of a FreeIPA client is that <span class="emphasis"><em>only</em></span> the system configuration determines whether the system is part of the domain. (The configuration includes things like belonging to the Kerberos domain, DNS domain, and having the proper authentication and certificate setup.) FreeIPA does not require any sort of agent or daemon running on a client.
+	</div><div class="para">
+		This chapter explains how to configure a system to join a FreeIPA domain.
+	</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+			Clients can only be configured after at least one FreeIPA server has been installed.
+		</div></div></div><div class="section" id="fedora-client-setup"><div class="titlepage"><div><div><h2 class="title" id="fedora-client-setup">2.1. Setting up a Fedora System as a FreeIPA Client</h2></div></div></div><div class="section" id="fedora-pkgs"><div class="titlepage"><div><div><h3 class="title" id="fedora-pkgs">2.1.1. Installing the Client Configuration Packages and Setup Script</h3></div></div></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+					To Fedora systems as FreeIPA clients, you need either an enrollment Kerberos principal (for example, admin), or the host must be pre-created on the server with a one-time password to do the enrollment.
+				</div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Install the client packages. These packages are used only as a simple way to configure the system; they do <span class="emphasis"><em>not</em></span> install an agent or daemon on the client machine.
+					</div><div class="para">
+						For a regular user system, this requires only <code class="filename">ipa-client</code>:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install freeipa-client</span></pre><div class="para">
+						For an administrator workstation, also install the FreeIPA tools package:
+					</div><pre class="programlisting"><span class="perl_Comment"># yum install freeipa-client freeipa-admintools</span></pre></li><li class="listitem"><div class="para">
+						If the FreeIPA server is also configured as the DNS server, and is in the same domain as the client, add the server's IP address as the first entry in the client's <code class="filename">/etc/resolv.conf</code> file.
+					</div></li><li class="listitem"><div class="para">
+						After the packages are installed, run the client setup command to configure the system as a client.
+					</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install</span></pre></li></ol></div><div class="para">
+				The <code class="command">ipa-client-install</code> command runs through a series of configuration changes on the system to set it up as a client in the FreeIPA domain: 
+				<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+							If DNS discovery is configured correctly, the command sets up the client domain and realm without prompting for any further information. If DNS Discovery is not configured, or if the FreeIPA server and client are not in the same domain, the script will prompt you for the information it requires.
+						</div></li><li class="listitem"><div class="para">
+							Retrieves the CA certificate.
+						</div></li><li class="listitem"><div class="para">
+							Creates a separate Kerberos configuration in order to test the provided credentials. This enables the <code class="command">ipa-client-install</code> command to perform a Kerberos connection to the FreeIPA XML-RPC server, necessary to join the FreeIPA client to the FreeIPA domain. Irrespective of whether or not this connection is successful, this Kerberos configuration is ultimately discarded.
+						</div></li><li class="listitem"><div class="para">
+							Calls the <code class="command">ipa-join</code> command to perform the actual join
+						</div></li><li class="listitem"><div class="para">
+							Obtains a service principal for the host service and installs it into <code class="filename">/etc/krb5.keytab</code>, for example, (host/ipa.example.com at EXAMPLE.COM)
+						</div></li><li class="listitem"><div class="para">
+							Enables certmonger and retrieves an SSL server certificate, and installs it into <code class="filename">/etc/pki/nssdb</code>
+						</div></li><li class="listitem"><div class="para">
+							Disables the nscd daemon
+						</div></li><li class="listitem"><div class="para">
+							Configures SSSD or LDAP/KRB5, including NSS and PAM configuration files
+						</div></li><li class="listitem"><div class="para">
+							Configures NTP
+						</div></li></ul></div>
+
+			</div><div class="para">
+				At the end of this process, the command displays information about the realm, DNS domain, FreeIPA server, and other related information, similar to the following:
+			</div><pre class="screen">
+Discovery was successful!
+Realm: EXAMPLE.COM
+DNS Domain: example.com
+IPA Server: ipaserver.example.com
+BaseDN: dc=example,dc=com
+
+Continue to configure the system with these values? [no]: yes
+Enrollment principal: admin
+Password for admin at EXAMPLE.COM:
+Enrolled in IPA realm EXAMPLE.COM
+Created /etc/ipa/default.conf
+Configured /etc/sssd/sssd.conf
+Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
+SSSD enabled
+Kerberos 5 enabled
+NTP enabled
+Client configuration complete.
+</pre></div><div class="section" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Red_Hat_Enterprise_Linux-Configuring_Kerberos">2.1.2. Configuring Kerberos</h3></div></div></div><div class="para">
+				The <code class="command">ipa-client-install</code> command performs the Kerberos configuration automatically. This includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.
+			</div><div class="para">
+				The following is an example of a Kerberos configuration file for FreeIPA:
+			</div><pre class="programlisting">[libdefaults]
+default_realm = EXAMPLE.COM
+dns_lookup_realm = false
+dns_lookup_kdc = false
+rdns = false
+forwardable = yes
+ticket_lifetime = 24h
+
+[realms]
+EXAMPLE.COM = {
+      kdc = ipaserver.example.com:88
+      admin_server = ipaserver.example.com:749
+      }
+[domain_realm]
+.example.com = EXAMPLE.COM
+example.com = EXAMPLE.COM
+</pre><div class="para">
+				Use the following tests to ensure that the configuration is working correctly:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						On the system console, log in as a FreeIPA user. After you have logged in, open a shell and run the following commands:
+					</div><div class="para">
+						<code class="command">$ id</code> (ensure that the user IDs and group IDs are correct)
+					</div><div class="para">
+						<code class="command">$ getent passwd &lt;userid&gt;</code>
+					</div><div class="para">
+						<code class="command">$ getent group ipausers</code>
+					</div></li></ul></div></div><div class="section" id="fedora-Configuring_NFS_v4_with_Kerberos"><div class="titlepage"><div><div><h3 class="title" id="fedora-Configuring_NFS_v4_with_Kerberos">2.1.3. Configuring NFS v4 with Kerberos</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+						Obtain a Kerberos ticket for the admin user.
+					</div><div class="para">
+						<code class="command"># kinit admin</code>
+					</div></li><li class="listitem"><div class="para">
+						Add an NFS service principal on the client.
+					</div><div class="para">
+						<code class="command"># ipa service-add nfs/ipaclient.example.com</code>
+					</div></li><li class="listitem"><div class="para">
+						Obtain a keytab for the NFS service principal.
+					</div><div class="para">
+						<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaclient.example.com -k /etc/krb5.keytab</code>
+					</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
+							Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on a version older than Fedora 15, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/&lt;FQDN&gt; service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
+						</div><div class="para">
+							If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's rpc.gssd and the server's rpc.svcgssd daemons may log errors indicating that DES encryption types are not permitted.
+						</div></div></div></li><li class="listitem"><div class="para">
+						Add the following line to the <code class="filename">/etc/sysconfig/nfs</code> file:
+					</div><pre class="programlisting">SECURE_NFS=yes
+</pre></li><li class="listitem"><div class="para">
+						Start the rpcgssd daemon.
+					</div><div class="para">
+						<code class="command"># service rpcgssd start</code>
+					</div></li></ol></div><div class="para">
+				The FreeIPA client should now be fully configured to mount NFS shares using Kerberos credentials. Use the following command to test the configuration:
+			</div><div class="para">
+				<code class="command"># mount -v -t nfs4 -o sec=krb5 ipaserver.example.com:/ /mnt</code>
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Uninstalling_IPA_Servers.html"><strong>Prev</strong>1.5. Uninstalling FreeIPA Servers and Replicas</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Using_Microsoft_Windows.html"><strong>Next</strong>2.2. Configuring a Microsoft Windows System as a ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html
new file mode 100644
index 0000000..8d25f68
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Policy: Using sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html" title="10.3. HBAC Services" /><link rel="next" href="configuring-sudo.html" title="11.2. Configuring sudo" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Iden
 tity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-sudo.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sudo" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Policy: Using sudo</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="sudo.html#about-sudo">11.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">11.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">11.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alt
 ernative_Schema">11.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">11.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-sudo.html">11.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">11.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">11.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></div><div class="section" id="about-sudo"><div class="titlepage"><div><div><h2 class="title" id="about-sudo">11.1.
  About sudo and IPA</h2></div></div></div><div class="para">
+			The <code class="command">sudo</code> command allows a system administrator to delegate authority, allowing certain users (or groups of users) the ability to run one or more commands as root or as another user, and at the same time providing an audit trail of the commands and their arguments. For more information, including coverage of the options available for use with <code class="command">sudo</code>, refer to the <code class="command">sudo</code> and <code class="command">sudoers</code> man pages.
+		</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">11.1.1. Sudo with LDAP</h3></div></div></div><div class="para">
+				In the past, <code class="command">sudo</code> used a single, local, configuration file, <code class="filename">/etc/sudoers</code>. It is possible to share the same <code class="filename">sudoers</code> file among machines, but there is no built-in mechanism to distribute it. Some have attempted to work around this by synchronizing changes using CVS, RSYNC, RDIST, RCP, SCP, and even NFS. By using LDAP for <code class="filename">sudoers</code>, IPA provides a centrally-administered, globally-available configuration source for <code class="command">sudo</code>.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">11.1.2. Limitations of the Existing Sudo LDAP Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					The current schema relies on LDAP-stored POSIX groups for its groups of users. The limitation here is that you cannot use a group of users for <code class="command">sudo</code> without the users inheriting potential POSIX rights.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Hosts"><h5 class="formalpara">Groups of Hosts</h5>
+					The current schema does not have a concept of host groups. Instead, it relies on the legacy LDAP nisNetgroupTriple to manage groups of hosts.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Limitations_of_the_Existing_Sudo_LDAP_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					The current schema does not have a concept of command groups. This requires that individual commands be present in each Sudo rule. It also limits the ability to reuse a group of commands for multiple Sudo rules.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">11.1.3. Benefits of the IPA Alternative Schema</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Users"><h5 class="formalpara">Groups of Users</h5>
+					Groups of users can be either POSIX or non-POSIX groups within IPA. This provides the flexibility to group users without assigning POSIX rights or GID information to the group.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Computers"><h5 class="formalpara">Groups of Computers</h5>
+					The IPA alternative schema also addresses the issue of host groups and netgroups for the purpose of sudo. The <code class="command">sudo</code> utility itself does not support host groups—a better and cleaner host grouping mechanism—but instead expects netgroups. To resolve this issue, IPA automatically creates a "shadow netgroup" with the same name as every host group that you create. This means that you can create host groups but still use netgroups with <code class="command">sudo</code> without encountering any problems.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Benefits_of_the_IPA_Alternative_Schema-Groups_of_Commands"><h5 class="formalpara">Groups of Commands</h5>
+					Command groups are a new concept introduced by IPA. These objects allow administrators the ability to create groups of <code class="command">sudo</code> commands that can be reused for multiple rules without the need of assigning individual commands throughout.
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">11.1.4. Compatibility and Managed Entry Plug-in Configuration</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Compatibility_Translation_for_Native_Sudo"><h5 class="formalpara">Compatibility Translation for Native Sudo</h5>
+					The native <code class="command">sudo</code> binary does not yet support SSSD or the IPA Sudo Schema. As an interim solution, IPA has implemented a compatibility plug-in which transparently translates IPA Sudo rules into those supported by the current <code class="command">sudo</code> binary.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Compatibility_and_Managed_Entry_Plug_in_Configuration-Managed_Entries_for_NIS_Netgroups"><h5 class="formalpara">Managed Entries for NIS Netgroups</h5>
+					In order to seamlessly support the current implementation of sudo, IPA provides a managed entry plug-in for NIS netgroups. Whenever an IPA host group is created, a translated nisNetgroupTriple is also created.
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html"><strong>Prev</strong>10.3. HBAC Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-sudo.html"><strong>Next</strong>11.2. Configuring sudo</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/switching-users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/switching-users.html
new file mode 100644
index 0000000..64dbdf4
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/switching-users.html
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Switching Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="basic-usage.html" title="Chapter 3. Basic Usage" /><link rel="prev" href="logging-in.html" title="3.2. Logging into the IPA UI" /><link rel="next" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="logging-in.html"><strong>Prev</strong></a></li><li class="next"><a a
 ccesskey="n" href="managing-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="switching-users"><div class="titlepage"><div><div><h2 class="title" id="switching-users">3.3. Switching Users</h2></div></div></div><div class="para">
+			One of the main advantages of IPA is that it uses <code class="systemitem">Kerberos</code> for authentication. This means that if the machine is configured to use IPA as an authentication server and you have an IPA account, then once you have logged in to the machine and authenticated, you can reuse your <code class="systemitem">Kerberos</code> credentials to access other services in the IPA domain. This avoids the need to constantly re-enter your password to access different services.
+		</div><div class="para">
+			For example, to connect to the IPA web interface, you can enter the server's address in your browser and it will use your <code class="systemitem">Kerberos</code> ticket to authenticate against IPA. Similar functionality is available if you try to access a file share, a wiki or any other application that is configured to be a <code class="systemitem">Kerberos</code> service in the IPA domain.
+		</div><div class="para">
+			If you log in to a machine using an account different from your IPA account, use the <code class="command">kinit</code> command to establish your <code class="systemitem">Kerberos</code> credentials. Similarly, if you need to log in to IPA as a different user, perhaps in another user role or as the administrator, you need to replace your existing credentials with those of the new user. Currently you can only store one set of tickets per logged-in user, and they are the credentials that will be used when you log in to IPA.
+		</div><div class="para">
+			For example, if your local account name is <code class="systemitem">localUser</code> but your IPA account name is <code class="systemitem">ipaUser</code>, run the following command, and enter your password when prompted:
+		</div><pre class="screen">$ kinit ipaUser
+Password for ipaUser at EXAMPLE.COM:
+</pre><div class="para">
+			This establishes your <code class="systemitem">Kerberos</code> credentials on the local machine. You can use the <code class="command">klist</code> command to verify that you received a <em class="firstterm">ticket granting ticket (TGT)</em> from the server. This should return output similar to the following:
+		</div><pre class="screen">$ klist
+Ticket cache: FILE:/tmp/krb5cc_500
+Default principal: ipaUser at EXAMPLE.COM
+
+Valid starting     Expires            Service principal
+11/10/08 15:35:45  11/11/08 15:35:45  krbtgt/EXAMPLE.COM at EXAMPLE.COM
+
+Kerberos 4 ticket cache: /tmp/tkt500
+klist: You have no tickets cached
+</pre><div class="para">
+			You should now be able to connect to the IPA web interface. If you were already connected to the web interface as another user, refresh the browser to display the updated details for the new user.
+		</div><div class="para">
+			If you configured <code class="systemitem">SSSD</code> or <code class="systemitem">pam_krb5</code> on the machine with IPA, then the ticket is created for you when you log in to the machine requires authentication (for example, <code class="command">sudo</code>).
+		</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="logging-in.html"><strong>Prev</strong>3.2. Logging into the IPA UI</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong>Chapter 4. Managing Clients in the FreeIPA Domain</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html
new file mode 100644
index 0000000..bb1280d
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.7. Uninstalling a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="managing-clients.html" title="Chapter 4. Managing Clients in the FreeIPA Domain" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html" title="4.6. Client Problems" /><link rel="next" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
 <a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="users.html"><strong>Next</strong></a></li></ul><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">4.7. Uninstalling a FreeIPA Client</h2></div></div></div><div class="para">
+			For Fedora clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the FreeIPA domaine. To remove the client, use the <code class="option">--uninstall</code> option.
+		</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --uninstall</span></pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+				There is an uninstall option with the <code class="command">ipa-join</code> command. This is called by <code class="command">ipa-client-install --uninstall</code> as part of the uninstallation process. However, while the <code class="command">ipa-join</code> option removes the client from the domain, it does not actually uninstall the client or properly remove all of the FreeIPA-related configuration. Do not run <code class="command">ipa-join -u</code> to attempt to uninstall the FreeIPA client. The only way to uninstall a client completely is to use <code class="command">ipa-client-install --uninstall</code>.
+			</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-General_Troubleshooting_Tips-Client_Problems.html"><strong>Prev</strong>4.6. Client Problems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="users.html"><strong>Next</strong>Chapter 5. Identity: Managing Users and User Grou...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html
new file mode 100644
index 0000000..03428b8
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.6. Creating User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html" title="5.5. Deleting FreeIPA Users" /><link rel="next" href="user-pwdpolicy.html" title="5.7. Setting an Individual Password Policy" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a acce
 sskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="user-pwdpolicy.html"><strong>Next</strong></a></li></ul><div class="section" id="user-groups"><div class="titlepage"><div><div><h2 class="title" id="user-groups">5.6. Creating User Groups</h2></div></div></div><div class="para">
+			FreeIPA uses groups to facilitate the management and administration of all types of objects, such as users, hosts, tasks, roles, and others. This section introduces <code class="systemitem">User Groups</code> and how they are used within FreeIPA. Other object groups behave and are used in similar ways; these are discussed elsewhere.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-User_Groups"><h5 class="formalpara">User Groups</h5>
+				Three groups are created during the installation process: <code class="systemitem">ipausers</code>, <code class="systemitem">admins</code>, and <code class="systemitem">editors</code>. All of these groups are required for FreeIPA operation.
+			</div><div class="para">
+			The FreeIPA Administrator is a member of the <code class="systemitem">admins</code> group. All other users belong to the global group <code class="systemitem">ipausers</code>, and you can create as many additional groups as you require.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+				Some operating systems limit the number of groups that you can create. For example, <code class="systemitem">Solaris</code> and <code class="systemitem">AIX</code> allow only 16 groups per user. FreeIPA Administrators need to be aware of this limitation, especially when using nested groups.
+			</div></div></div><div class="para">
+			The <code class="systemitem">editors</code> group is a special group used by the web interface. Members of this group have at least one delegation, which means they can edit records apart from their own.
+		</div><div class="para">
+			You can create groups based on the departments within your organization, for example, Development, Finance, and HR. You can also create groups based on the permissions, or roles, required to manage your departmental or other groups.
+		</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Nested_Groups"><h5 class="formalpara">Nested Groups</h5>
+				You can also create nested groups. For example, you can create a group called "Documentation", and then create sub-groups such as "Writers", "Translators", and "Editors". You can add users to each of the sub-groups to suit the needs of your organization. Any users that you add to a sub-group automatically become members of the parent group.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+				Avoid the creation of cyclic groups; that is, groups that contain groups that in turn contain their own ancestors, and avoid creating group names that contain spaces. Either of these conditions can lead to unexpected behavior.
+			</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">5.6.1. Creating FreeIPA Groups</h3></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Creating_IPA_Groups-Using_the_Command_Line">5.6.1.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-add</code> command to add groups. You can include attributes on the command line or use the command interactively. For example:
+				</div><div class="para">
+					To create a group called "Engineering" using the command line:
+				</div><pre class="screen">$ ipa group-add
+Group name: Engineering
+Description: All members of the engineering group
+-------------------------
+Added group "engineering"
+-------------------------
+  Group name: Engineering
+  Description: All members of the engineering group
+  GID: 387115842
+</pre><div class="para">
+					Alternatively, include all of the required attributes on the command line:
+				</div><pre class="screen">$ ipa group-add --desc='All authors, editors, and translators' Documentation
+---------------------------
+Added group "documentation"
+---------------------------
+  Group name: documentation
+  Description: All authors, editors, and translators
+  GID: 387115845</pre><div class="para">
+					The group name and description are mandatory fields. If either of these are not included on the command line, you will be prompted to include them.
+				</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_the_Command_Line-Adding_members_to_a_new_group"><h5 class="formalpara">Adding members to a new group</h5>
+						You cannot add members to a newly-created group using the <code class="command">ipa group-add</code> command. First you need to create the group, and then use the <code class="command">ipa group-add-member</code> command to add members. For example:
+					</div><pre class="screen">$ ipa group-add-member --users=user01,user02,user03 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member users: user01,user02,user03
+-------------------------
+Number of members added 3
+-------------------------
+</pre><div class="para">
+					You can use the same process to create nested groups:
+				</div><pre class="screen">$ ipa group-add-member --groups=group01,group02 engineering
+  Group name: engineering
+  Description: All members of the engineering group
+  GID: 387115842
+  Member groups: group01,group02
+  -------------------------
+  Number of members added 2
+  -------------------------
+</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">5.6.2. Editing FreeIPA Groups</h3></div></div></div><div class="para">
+				You can edit many of the attributes that define a group, as well as add or remove members. Some attributes are read-only by default, however you can edit these attributes if required.
+			</div><div class="para">
+				You cannot edit the group name. The group name is the primary key, so changing it is the equivalent of deleting the group and creating a new one.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_IPA_Groups-Using_the_Command_Line">5.6.2.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-mod</code> command to modify specific attributes of FreeIPA groups. FreeIPA provides numerous commands for working with groups, such as <code class="command">ipa group-add-member</code> and <code class="command">ipa group-detach</code>; run the <code class="command">ipa help group</code> command to access the FreeIPA group help page for more information.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">5.6.3. Deleting FreeIPA Groups</h3></div></div></div><div class="para">
+				When you delete a FreeIPA group, only the immediate group is removed; members of the group are not affected.
+			</div><div class="para">
+				When you delete a FreeIPA group, any delegations that apply to that group are also removed. For example, suppose you added an "EngineeringManager" group specifically to set up delegations for the Engineering Manager. If you delete the EngineeringManager group, then those delegations are also lost. These delegations cannot be retrieved. If you need this group and delegation again, you need to recreate them.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Groups-Using_the_Command_Line">5.6.3.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa group-del</code> command to delete groups. For example:
+				</div><div class="para">
+					To delete the Engineering group:
+				</div><div class="para">
+					<code class="command">$ ipa group-del Engineering</code>
+				</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html"><strong>Prev</strong>5.5. Deleting FreeIPA Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="user-pwdpolicy.html"><strong>Next</strong>5.7. Setting an Individual Password Policy</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html
new file mode 100644
index 0000000..3f976e7
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html
@@ -0,0 +1,244 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.7. Setting an Individual Password Policy</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="users.html" title="Chapter 5. Identity: Managing Users and User Groups" /><link rel="prev" href="user-groups.html" title="5.6. Creating User Groups" /><link rel="next" href="searching.html" title="5.8. Searching for Users and Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="user-groups.html"><strong>Prev</strong></a></li><li class="next"><a a
 ccesskey="n" href="searching.html"><strong>Next</strong></a></li></ul><div class="section" id="user-pwdpolicy"><div class="titlepage"><div><div><h2 class="title" id="user-pwdpolicy">5.7. Setting an Individual Password Policy</h2></div></div></div><div class="para">
+			FreeIPA has a default policy of never exposing passwords, even hashed passwords, to clients, in the interests of system security. This policy applies even if you still rely on NIS server functionality to some degree, for example, as a result of a full or partial migration from NIS to FreeIPA. FreeIPA normally expects a switch to Kerberos for authentication, but this may not always be possible.
+		</div><div class="para">
+			The FreeIPA password policy supports the specification of various password attributes that help to ensure the security of your system, and also that of individual user accounts. You can specify the password lifetime, length, and the types of characters required, all as part of the FreeIPA password policy.
+		</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						In Fedora 15, the FreeIPA password policy is enforced by the <abbr class="abbrev">KDC</abbr>. Only a limited number of attributes are currently supported, but this will be extended in later versions.
+					</div></li><li class="listitem"><div class="para">
+						Because the password policy is enforced by the <abbr class="abbrev">KDC</abbr>, any further policy specifications that you implement as part of the Directory Server password policy will not be visible in FreeIPA, and neither will they be enforced.
+					</div></li><li class="listitem"><div class="para">
+						Different rules apply to changing passwords, depending on your login credentials.
+					</div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">5.7.1. Changing Passwords as the Directory Manager</h3></div></div></div><div class="para">
+				If you reset a password using <em class="parameter entry"><code>cn=Directory Manager</code></em> credentials (only possible if you manually perform an <code class="systemitem">LDAP</code> password change operation) then you override any checks and the password is set to whatever you specify. The FreeIPA password policy is ignored.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">5.7.2. Changing Passwords as the FreeIPA Administrator</h3></div></div></div><div class="para">
+				If you reset a password using <code class="systemitem">admin</code> credentials (that is, as part of the <code class="systemitem">admins</code> group), the FreeIPA password policy is ignored, but the expiration date is set to "now". This means that the user is forced to change the password at login time, and the password policy is then enforced. This is also true for users who have had password changing rights delegated to them.
+			</div><div class="para">
+				Consequently, the FreeIPA Administrator can easily create users with "default" passwords and reset user's passwords, but will not know the actual, final password entered by the user. Further, any password that is transmitted from the FreeIPA Administrator to the user, even over insecure channels, is a temporary password. Consequently, it is not critical if it is accidentally disclosed, provided that the user promptly resets it.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">5.7.3. Changing Passwords as a Regular User</h3></div></div></div><div class="para">
+				If you are logged in as a regular user (that is, you are not part of the <code class="systemitem">admins</code> group, or possessed of any elevated privileges), then you can only change your own password, and these changes are always subject to the FreeIPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">5.7.4. Editing the Password Policy</h3></div></div></div><div class="para">
+				You can use either the web interface or the command line to edit the FreeIPA password policy. However, you can only edit those attributes supported by FreeIPA.
+			</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Editing_the_Password_Policy-Using_the_Command_Line">5.7.4.1. Using the Command Line</h4></div></div></div><div class="para">
+					Use the <code class="command">ipa pwpolicy-*</code> commands to create and modify FreeIPA password policies. These commands are provided as part of the <code class="command">ipa pwpolicy</code> plug-in functionality. The <code class="command">ipa help pwpolicy</code> command displays the help page and some examples of using this plug-in.
+				</div><div class="para">
+					For example, use the following command to update the minimum global password length to 10 characters, and to specify that no history of passwords be kept:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-mod --minlength=10 --history=0</code>
+				</div><div class="para">
+					To display the global password policy:
+				</div><div class="para">
+					<code class="command"># ipa pwpolicy-show</code>
+				</div><div class="para">
+					Refer to <a class="xref" href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">Section 5.7.6, “Password Policy Attributes”</a> for information on password policy attributes.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">5.7.5. Setting Different Password Policies for Different User Groups</h3></div></div></div><div class="para">
+				The FreeIPA password policy plug-in (<code class="command">ipa pwpolicy</code>) manages both global and per-group password policies. You can use this plug-in to display or modify existing password policies to suit the needs of your environment.
+			</div><div class="para">
+				The following examples demonstrate how to display and modify existing password policies.
+			</div><div class="para">
+				To display the password policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="para">
+				To add a new policy for a specific group:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=<em class="replaceable"><code>example</code></em></code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					When adding or modifying the password policy for a group, that group needs to already exist but does not need to contain any members.
+				</div></div></div><div class="para">
+				To remove an attribute from a password policy, use the <code class="command">ipa pwpolicy-mod</code> command to set an empty value for the required attribute to delete it.
+			</div><div class="para">
+				The following example illustrates adding a password policy with three specific attributes to an existing group:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-add --minlife=1 --maxlife=5 --priority=1 g1</code>
+Group: g1
+Max lifetime (days): 5
+Min lifetime (hours): 1
+Priority: 1
+</pre><div class="para">
+				The following command uses the <code class="command">ipa pwdpolicy-mod</code> command to set an empty value to the <em class="parameter"><code>minlife</code></em> attribute:
+			</div><pre class="screen"><code class="command"># ipa pwpolicy-mod --minlife= g1</code>
+Group: g1
+Max lifetime (days): 5</pre><div class="para">
+				To display the policy for a given user:
+			</div><div class="para">
+				<code class="command"># ipa pwpolicy-show --user=tuser1</code>
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					Password policies are not cumulative. That is, you cannot override a single setting in a policy and let it fall back to the global policy on all the others; it is all or nothing.
+				</div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Setting_Different_Password_Policies_for_Different_User_Groups-Setting_the_Priority_of_Password_Policies">5.7.5.1. Setting the Priority of Password Policies</h4></div></div></div><div class="para">
+					The following example demonstrates the use of password priority, where a user and two groups are created, with a separate password policy for each group. Each policy has a different priority, and the user is added to both groups.
+				</div><div class="procedure"><ol class="1"><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_a_user"><h5 class="formalpara">Adding a user</h5>
+								Use the <code class="command">ipa user-add</code> command to add a new user:
+							</div><pre class="screen">
+<code class="command"># ipa user-add --first=Tim --last=User tuser1</code>
+---------
+Added user "tuser1"
+---------
+  User login: tuser1
+  First name: Tim
+  Last name: User
+  Home directory: /home/tuser1
+  GECOS field: tuser1
+  Login shell: /bin/sh
+  Kerberos principal: tuser1 at IPANETWORK.ORG
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_groups"><h5 class="formalpara">Adding the user groups</h5>
+								Use the <code class="command">ipa group-add</code> command to add two new groups:
+							</div><pre class="screen">
+<code class="command"># ipa group-add --desc=Group1 g1</code>
+----------
+Added group "g1"
+----------
+  Group name: g1
+  Description: Group1
+
+# ipa group-add --desc=Group2 g2
+----------
+Added group "g2"
+----------
+Group name: g2
+Description: Group2
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Specifying_the_password_policies"><h5 class="formalpara">Specifying the password policies</h5>
+								Use the <code class="command">ipa pwpolicy-add</code> command to specify different policies for each group:
+							</div><pre class="screen">
+<code class="command"># ipa pwpolicy-add --minlife=10 --priority=10 --group=g1</code>
+---------------------------
+Added policy for group "g1"
+---------------------------
+  Group: g1
+  Minimum lifetime (in hours): 10
+
+# ipa pwpolicy-add --minlife=20 --priority=20 --group=g2
+---------------------------
+Added policy for group "g2"
+---------------------------
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Adding_the_user_to_the_groups"><h5 class="formalpara">Adding the user to the groups</h5>
+								Use the <code class="command">ipa group-add-member</code> command to add the user that you previously created to each group. You can then use the <code class="command">ipa pwpolicy-show</code> command to display the policy that is in effect for the user.
+							</div><div class="procedure"><ol class="1"><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g1</code> group and then check the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g1</code>
+  Group name: g1
+  Description: Group1
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+$ ipa pwpolicy-show --user=tuser1
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre></li><li class="step"><div class="para">
+									Add the user to the <code class="systemitem">g2</code> group and recheck the policy:
+								</div><pre class="screen">
+<code class="command">$ ipa group-add-member --users=tuser1 g2</code>
+  Group name: g2
+  Description: Group2
+  Member Users: tuser1
+  Users:
+  Groups:
+-------------------------
+Number of members added 1
+-------------------------
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g1
+  Minimum lifetime (in hours): 10
+</pre><div class="para">
+									Notice that the password policy that is in effect for the user <code class="systemitem">tuser1</code> is taken from the <code class="systemitem">g1</code> group, because it has a higher priority.
+								</div></li></ol></div></li><li class="step"><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Setting_the_Priority_of_Password_Policies-Removing_the_user_from_a_single_group"><h5 class="formalpara">Removing the user from a single group</h5>
+								Finally, use the <code class="command">ipa group-remove-member</code> command to remove the user from the <code class="systemitem">g1</code> group to demonstrate that they still have a custom policy.
+							</div><pre class="screen">
+<code class="command">$ ipa group-remove-member --users=tuser1 g1</code>
+---------------------------
+Number of members removed 1
+---------------------------
+    Users:
+    Groups:
+
+<code class="command">$ ipa pwpolicy-show --user=tuser1</code>
+  Group: g2
+  Minimum lifetime (in hours): 20
+</pre></li></ol></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+						You can use the <code class="command">ipa help &lt;topic&gt;</code> command to display a list of the commands available for working with various topics.
+					</div></div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">5.7.6. Password Policy Attributes</h3></div></div></div><div class="para">
+				The password policy is enforced by the <code class="systemitem module">pwd_extop</code> SLAPI plug-in. FreeIPA 2.0 supports the following password policy attributes:
+			</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Password Lifetime</strong></span> (<span class="property">krbMinPwdLife</span>): The minimum period of time, in hours, that a user's password must be in effect before the user can change it. The default value is one hour.
+					</div><div class="para">
+						You can use this attribute to prevent users from changing their password to a "temporary" value and then immediately changing it back to the original value.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Password Lifetime</strong></span> (<span class="property">krbMaxPwdLife</span>): The maximum period of time, in days, that a user's password can be in effect before it must be changed. The default value is 90 days.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Number of Character Classes</strong></span> (<span class="property">krbPwdMinDiffChars</span>): The minimum number of different classes, or types, of character that must exist in a password before it is considered valid. The default value is 0 (zero).
+					</div><div class="para">
+						For example, setting <span class="property">krbPwdMinDiffChars</span> = 3 requires that passwords contain at least one character from three of the supported classes.
+					</div><div class="para">
+						The following character classes are supported:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Upper-case characters
+							</div></li><li class="listitem"><div class="para">
+								Lower-case characters
+							</div></li><li class="listitem"><div class="para">
+								Digits
+							</div></li><li class="listitem"><div class="para">
+								Special characters (for example, punctuation)
+							</div></li><li class="listitem"><div class="para">
+								8-bit characters (characters whose decimal code starts at 128 or below, for example, Â, Ã, and Ä)
+							</div></li></ul></div><div class="para">
+						The following special classes also exist:
+					</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Number of repeated characters
+							</div><div class="para">
+								This weights in the opposite direction, so that if you have too many repeated characters you will not meet the quorum to satisfy the "level" expressed by <span class="property">krbPwdMinDiffChars</span>.
+							</div></li></ul></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Minimum Length of Password</strong></span> (<span class="property">krbPwdMinLength</span>): The minimum number of characters that must exist in a password before it is considered valid. The default value is eight characters.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Password History Size</strong></span> (<span class="property">krbPwdHistoryLength</span>): The number of previous passwords that FreeIPA stores, and which a user is prevented from using. For example, if you set this value to 10, FreeIPA prevents a user from reusing any of their previous 10 passwords. The default value is 0 (zero) (disable password history).
+					</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							If password history checking is enabled, and a user attempts to use one of the passwords in the history list, the error message returned by the system may be misleading. For example, you may see the following error:
+						</div><pre class="screen">A database error occurred: Constraint violation: Password fails to meet minimum strength criteria
+</pre><div class="para">
+							This is because <span class="package">python-ldap</span> prevents the retrieval of extended information on password policy failures over <code class="systemitem">LDAP</code>.
+						</div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+							Even with <span class="property">krbPwdHistoryLength</span> set to zero, users cannot reuse their existing password.
+						</div></div></div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Priority</strong></span> (<span class="property">priority</span>): The priority determines which policy is in effect. The lower the number the higher priority. This is important if a user is in several groups, each with a password policy set.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Maximum Consecutive Failures</strong></span> (<span class="property">maxfail</span>): Specifies the maximum number of consecutive failures to input the correct password before the user's account is locked.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Fail Interval</strong></span> (<span class="property">failinterval</span>): Specifies the period (in seconds) after which the failure count will be reset.
+					</div></li><li class="listitem"><div class="para">
+						<span class="guilabel"><strong>Lockout Time</strong></span> (<span class="property">lockouttime</span>): Specifies the period (in seconds) for which a lockout is enforced.
+					</div></li></ul></div><div class="para">
+				Refer to the <code class="command">ipa help pwpolicy-add</code> help page for more information on configuring the FreeIPA password policy.
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">5.7.7. Notifying Users of Password Expiration</h3></div></div></div><div class="para">
+				If it is installed and configured, SSSD can use the PAM module to send messages to users, warning them about imminent password expiration. Fedora has a <code class="option">pam_pwd_expiration_warning</code> option to fine tune this feature. You can also manually search for passwords that are due to expire by a specified date. For example, to retrieve all user entries whose passwords are due to expire before March 1st, 2011, run the following command:
+			</div><div class="para">
+				
+<pre class="screen"><code class="command">$ ldapsearch -Y GSSAPI -b "cn=users,cn=accounts,dc=example,dc=com"</code> <code class="command">'(krbPasswordExpiration&lt;=20110301000000Z)'</code></pre>
+
+			</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">5.7.8. Using SSH for Password Authentication</h3></div></div></div><div class="para">
+				If you use password authentication (no GSSAPI authentication, and no ticket on the client) with a new user, or with a user whose password has expired, you need to enable Challenge-Response authentication. Otherwise, the password changing dialog box will not display.
+			</div><div class="para">
+				This is not enabled by default because some older <code class="systemitem">SSL</code> clients may not support Challenge-Response authentication, and it is needed only if the password has expired.
+			</div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Using_SSH_for_Password_Authentication-To_enable_Challenge_Response_authentication"><h5 class="formalpara">To enable Challenge-Response authentication:</h5>
+					<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+								Set <em class="parameter"><code>ChallengeResponseAuthentication</code></em> to <code class="literal">yes</code> in the <code class="filename">/etc/ssh/sshd_config</code> file.
+							</div></li></ul></div>
+
+				</div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">5.7.9. Using Local Logins</h3></div></div></div><div class="para">
+				User identity and authentication is managed by SSSD in recent versions of Fedora. The default settings specified by the FreeIPA installation script include timeout settings that still allow local logins to succeed if the client cannot access the FreeIPA server. These settings are specified in the <code class="filename">/etc/sssd/sssd.conf</code> file, and can be tuned to suit your particular deployment. Further, if SSSD's password caching feature is enabled, a user can log in even if the FreeIPA server is down. A typical deployment would normally include two or more servers for redundancy, and so this would not normally be a problem.
+			</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
+					These timeout settings are only set on operating systems that support the FreeIPA installation script, meaning Fedora 15 and later. On other versions, specify these values manually or it may be impossible to log into the host if no FreeIPA servers are available.
+				</div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="user-groups.html"><strong>Prev</strong>5.6. Creating User Groups</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="searching.html"><strong>Next</strong>5.8. Searching for Users and Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html
new file mode 100644
index 0000000..c157138
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. Identity: Managing Users and User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.3" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Fedora');
+              
+	      addID('Fedora.15');
+              
+              addID('Fedora.15.books');
+	      addID('Fedora.15.FreeIPA_Guide');
+              </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="uninstalling-clients.html" title="4.7. Uninstalling a FreeIPA Client" /><link rel="next" href="adding-users.html" title="5.2. Adding Users" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong></a></li><li class="next"><a accessk
 ey="n" href="adding-users.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="users" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Identity: Managing Users and User Groups</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="users.html#home-directories">5.1. Managing User Home Directories</a></span></dt><dt><span class="section"><a href="adding-users.html">5.2. Adding Users</a></span></dt><dt><span class="section"><a href="editing-users.html">5.3. Editing Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html">5.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html#sect-Enterprise_Identity_Management_Guide-Activating_and_D
 eactivating_User_Accounts-Using_the_Command_Line">5.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html">5.5. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Users-Deleting_IPA_Users.html#sect-Enterprise_Identity_Management_Guide-Deleting_IPA_Users-Using_the_Command_Line">5.5.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html">5.6. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Creating_IPA_Groups">5.6.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Editing_IPA_Groups">5.6.2. Editing FreeIPA 
 Groups</a></span></dt><dt><span class="section"><a href="user-groups.html#sect-Enterprise_Identity_Management_Guide-Configuring_IPA_Groups-Deleting_IPA_Groups">5.6.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html">5.7. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">5.7.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">5.7.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">5.7.3. Changing Password
 s as a Regular User</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Editing_the_Password_Policy">5.7.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">5.7.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Password_Policy_Attributes">5.7.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">5.7.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterp
 rise_Identity_Management_Guide-The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">5.7.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#sect-Enterprise_Identity_Management_Guide-The_IPA_Password_Policy-Using_Local_Logins">5.7.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html">5.8. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Users">5.8.1. Searching for Users</a></span></dt><dt><span class="section"><a href="searching.html#sect-Enterprise_Identity_Management_Guide-Searching_for_Users_and_Groups-Searching_for_Groups">5.8.2. Searching for Groups</a></span></dt></dl></dd></dl></div><div class="section" id="home-directories"><div class="titlepage"><div><div><h2 class="title" id="home-directories">5.1. Managing User Ho
 me Directories</h2></div></div></div><div class="para">
+			FreeIPA, as part of managing users, can manage user home directories. However, the FreeIPA server has expectations about 
+			<div class="itemizedlist"><ul><li class="listitem"><div class="para">
+						The default prefix for users' home directories is <code class="filename">/home</code>.
+					</div></li><li class="listitem"><div class="para">
+						FreeIPA does not automatically create home directories when users log in.
+					</div><div class="para">
+						To automatically create home directories, you can use the <code class="systemitem module">pam_mkhomedir</code> module. FreeIPA does not force the use of this module because it may try to create home directories even when the shared storage is not available. It is the responsibility of the system administrator to activate this module on the clients if needed.
+					</div><div class="para">
+						Pass the <code class="option">--mkhomedir</code> option to the <code class="command">ipa-client-install</code> command to enable the <code class="systemitem">pam_mkhomedir</code> module.
+					</div></li><li class="listitem"><div class="para">
+						It is possible to use an NFS file server that provides <code class="filename">/home</code> that can be made available to all client machines.
+					</div></li><li class="listitem"><div class="para">
+						If a suitable directory and mechanism are not available for the creation of home directories, users may not be able to log in.
+					</div></li></ul></div>
+
+		</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong>4.7. Uninstalling a FreeIPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="adding-users.html"><strong>Next</strong>5.2. Adding Users</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf b/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf
new file mode 100644
index 0000000..3ea6aa7
Binary files /dev/null and b/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf differ
diff --git a/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf b/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf
new file mode 100644
index 0000000..a701875
Binary files /dev/null and b/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf differ
diff --git a/public_html/en-US/Site_Statistics.html b/public_html/en-US/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/en-US/Site_Statistics.html
+++ b/public_html/en-US/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/en-US/opds-Drafts.xml b/public_html/en-US/opds-Drafts.xml
new file mode 100644
index 0000000..c68c7e5
--- /dev/null
+++ b/public_html/en-US/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/en-US/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/en-US/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:41</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>en-US</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/en-US/opds-Fedora.xml b/public_html/en-US/opds-Fedora.xml
index 3539c6e..8542eab 100644
--- a/public_html/en-US/opds-Fedora.xml
+++ b/public_html/en-US/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/en-US/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>en-US</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
index 2f442ad..78a1c60 100644
--- a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/en-US/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:41</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/en-US/opds-Fedora_Core.xml b/public_html/en-US/opds-Fedora_Core.xml
index 3bbdd29..e8ee45d 100644
--- a/public_html/en-US/opds-Fedora_Core.xml
+++ b/public_html/en-US/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/en-US/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:42</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Draft_Documentation.xml b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
index 4125946..4ff96d0 100644
--- a/public_html/en-US/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/en-US/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:42</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/en-US/opds.xml b/public_html/en-US/opds.xml
index f4039ec..e923049 100644
--- a/public_html/en-US/opds.xml
+++ b/public_html/en-US/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/en-US/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:42</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:41</updated>
+    <dc:language>en-US</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/en-US/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>en-US</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>en-US</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/en-US/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:42</updated>
     <dc:language>en-US</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:42</updated>
     <dc:language>en-US</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/en-US/toc.html b/public_html/en-US/toc.html
index 269f86a..8cfaae0 100644
--- a/public_html/en-US/toc.html
+++ b/public_html/en-US/toc.html
@@ -73,6 +73,25 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed">
+						<a class="type" href="Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+						<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types" onclick="work=0;">
+							<a class="type" href="./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+							<a class="type" href="./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+							<a class="type" href="./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+							<a class="type" href="./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -269,7 +288,7 @@
 							<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 							<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -576,7 +595,7 @@
 							<a class="type" href="./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 							<a class="type" href="./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.11.User_Guide' class="book collapsed">
@@ -690,7 +709,7 @@
 							<a class="type" href="./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 							<a class="type" href="./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed">
@@ -775,7 +794,7 @@
 					<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed">
 						<a class="type" href="Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 						<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types" onclick="work=0;">
-							<a class="type" href="./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+							<a class="type" href="./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 							<a class="type" href="./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 							<a class="type" href="./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -796,7 +815,7 @@
 							<a class="type" href="./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 							<a class="type" href="./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 						</div>
 					</div>
 				</div>
@@ -1007,7 +1026,7 @@
 							<a class="type" href="./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 							<a class="type" href="./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 						</div>
 					</div>
 				</div>
diff --git a/public_html/es-ES/Site_Statistics.html b/public_html/es-ES/Site_Statistics.html
index 0efda81..0e884a0 100644
--- a/public_html/es-ES/Site_Statistics.html
+++ b/public_html/es-ES/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Idiomas totales: </b>42<br />
-	<b>Paquetes totales: </b>658
+	<b>Paquetes totales: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/es-ES/opds-Drafts.xml b/public_html/es-ES/opds-Drafts.xml
new file mode 100644
index 0000000..1e4ae44
--- /dev/null
+++ b/public_html/es-ES/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/es-ES/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/es-ES/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:42</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>es-ES</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/es-ES/opds-Fedora.xml b/public_html/es-ES/opds-Fedora.xml
index dc1c599..82d5371 100644
--- a/public_html/es-ES/opds-Fedora.xml
+++ b/public_html/es-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/es-ES/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -61,7 +61,7 @@
     <dc:language>es-ES</dc:language>
     <category label="14" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Utilizando Fedora con algún tipo de discapacidad visual, auditiva o motora 
+    <summary>Utilizando Fedora con algún tipo de discapacidad visual, auditiva o motora 
 </summary>
     <content type="text">Este documento describe algunos de los dispositivos de hardware, aplicaciones y herramientas existentes para que personas con discapacidades puedan utilizar una computadora con el sistema operativo Fedora.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/14/epub/Accessibility_Guide/Fedora-14-Accessibility_Guide-es-ES.epub">
@@ -99,9 +99,9 @@
     <dc:language>es-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Cómo descargar imágenes ISO y crear CDs o DVDs
+    <summary>Cómo descargar imágenes ISO y crear CDs o DVDs
 </summary>
-    <content type="text">Cómo descargar imágenes ISO y crear CDs o DVDs</content>
+    <content type="text">Cómo descargar imágenes ISO y crear CDs o DVDs</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/14/epub/Burning_ISO_images_to_disc/Fedora-14-Burning_ISO_images_to_disc-es-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -137,9 +137,9 @@
     <dc:language>es-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Cómo utilizar la imagen viva de Fedora
+    <summary>Cómo utilizar la imagen viva de Fedora
 </summary>
-    <content type="text">Cómo utilizar la imagen viva de Fedora</content>
+    <content type="text">Cómo utilizar la imagen viva de Fedora</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-es-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>es-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -194,9 +194,9 @@
     <dc:language>es-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Administrando el consumo de energía en Fedora
+    <summary>Administrando el consumo de energía en Fedora
 </summary>
-    <content type="text">Este documento explica cómo administrar adecuadamente el consumo de energía en sistemas Fedora 14. Las secciones ofrecidas a continuación describen diferentes técnicas para poder disminuir el consumo de energía (ya sea en servidores o en portátiles), y cómo cada una de estas técnicas influye en el rendimiento general de su sistema. Por favor tenga en cuenta que este documento se encuentra en desarrollo, sujeto a grandes modificaciones, y que se ofrece aquí como un anticipo. El contenido e instrucciones no deben considerarse como completos y deben utilizarse con cautela.</content>
+    <content type="text">Este documento explica cómo administrar adecuadamente el consumo de energía en sistemas Fedora 14. Las secciones ofrecidas a continuación describen diferentes técnicas para poder disminuir el consumo de energía (ya sea en servidores o en portátiles), y cómo cada una de estas técnicas influye en el rendimiento general de su sistema. Por favor tenga en cuenta que este documento se encuentra en desarrollo, sujeto a grandes modificaciones, y que se ofrece aquí como un anticipo. El contenido e instrucciones no deben considerarse como completos y deben utilizarse con cautela.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-es-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -232,9 +232,9 @@
     <dc:language>es-ES</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Una guía para la seguridad en Fedora Linux
+    <summary>Una guía para la seguridad en Fedora Linux
 </summary>
-    <content type="text">La Guía de Seguridad en Fedora está diseñada para asistir a usuarios de Fedora en el proceso de aprendizaje y prácticas de seguridad en estaciones de trabajo y servidores, para poder así evitar intrusiones locales y remotas, explotaciones, y actividades maliciosas. Enfocada en Fedora Linux pero detallando conceptos y técnicas validas para todos los sistemas Linux. La Guía de Seguridad en Fedora detalla la planificación y describe las herramientas involucradas en la creación de un entorno de computación seguro, para centros de datos, estaciones de trabajo, o el hogar. Con un conocimiento administrativo apropiado, vigilancia, y herramientas, los sistemas ejecutando Linux pueden ser funcionales y al mismo tiempo seguros, frente a los métodos de intrusión y explotación más comunes.</content>
+    <content type="text">La Guía de Seguridad en Fedora está diseñada para asistir a usuarios de Fedora en el proceso de aprendizaje y prácticas de seguridad en estaciones de trabajo y servidores, para poder así evitar intrusiones locales y remotas, explotaciones, y actividades maliciosas. Enfocada en Fedora Linux pero detallando conceptos y técnicas validas para todos los sistemas Linux. La Guía de Seguridad en Fedora detalla la planificación y describe las herramientas involucradas en la creación de un entorno de computación seguro, para centros de datos, estaciones de trabajo, o el hogar. Con un conocimiento administrativo apropiado, vigilancia, y herramientas, los sistemas ejecutando Linux pueden ser funcionales y al mismo tiempo seguros, frente a los métodos de intrusión y explotación más comunes.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/14/epub/Security_Guide/Fedora-14-Security_Guide-es-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -290,7 +290,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Utilizando Fedora 14 para realizar tareas comunes en un equipo de escritorio
 </summary>
-    <content type="text">La guía del usuario Fedora está pensada para que los usuarios finales puedan realizar tareas de computación relativamente sencillas, como por ejemplo navegar por la web, leer y enviar correos electrónicos, o utilizar el equipo para tareas propias de ámbitos laborales, pasatiempos o estudios.</content>
+    <content type="text">La guía del usuario Fedora está pensada para que los usuarios finales puedan realizar tareas de computación relativamente sencillas, como por ejemplo navegar por la web, leer y enviar correos electrónicos, o utilizar el equipo para tareas propias de ámbitos laborales, pasatiempos o estudios.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/14/epub/User_Guide/Fedora-14-User_Guide-es-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -435,7 +435,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Respuestas a preguntas frecuentes sobre Seguridad Mejorada de Linux
 </summary>
-    <content type="text">Este FAQ responde a muchas preguntas acerca de Seguridad Mejorada de Linux. La información de este FAQ es valiosa para aquellos que son nuevos en SELinux. Este FAQ, sin embargo, no está diseñado para proporcionar una cobertura completa de SELinux. Para guías e instrucciones detalladas sobre la comprensión y el uso de SELinux, consulte primero la Guía del Usuario de SELinux y la Guía de Administración de Servicios Confinados. Están disponibles en http://docs.fedoraproject.org</content>
+    <content type="text">Este FAQ responde a muchas preguntas acerca de Seguridad Mejorada de Linux. La información de este FAQ es valiosa para aquellos que son nuevos en SELinux. Este FAQ, sin embargo, no está diseñado para proporcionar una cobertura completa de SELinux. Para guías e instrucciones detalladas sobre la comprensión y el uso de SELinux, consulte primero la Guía del Usuario de SELinux y la Guía de Administración de Servicios Confinados. Están disponibles en http://docs.fedoraproject.org</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/es-ES/Fedora/13/epub/SELinux_FAQ/Fedora-13-SELinux_FAQ-es-ES.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
index b4f14da..7e49d61 100644
--- a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/es-ES/opds-Fedora_Core.xml b/public_html/es-ES/opds-Fedora_Core.xml
index 12ade13..f62b1d6 100644
--- a/public_html/es-ES/opds-Fedora_Core.xml
+++ b/public_html/es-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
index 1b1300a..f75e0c9 100644
--- a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/es-ES/opds.xml b/public_html/es-ES/opds.xml
index 5ee01ea..7d70fcb 100644
--- a/public_html/es-ES/opds.xml
+++ b/public_html/es-ES/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/es-ES/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/es-ES/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:42</updated>
+    <dc:language>es-ES</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/es-ES/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>es-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/es-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>es-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/es-ES/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>es-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/es-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>es-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/es-ES/toc.html b/public_html/es-ES/toc.html
index b96b29b..031c53a 100644
--- a/public_html/es-ES/toc.html
+++ b/public_html/es-ES/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		El Menú de navegación inferior se ocultará automáticamente cuando las páginas sean cargadas. Tenga la opción "cookies" habilitada para solucionar esta función del Menú de navegación.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Aún sin traducir</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -972,7 +996,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -993,7 +1017,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1239,7 +1263,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/fa-IR/Site_Statistics.html b/public_html/fa-IR/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/fa-IR/Site_Statistics.html
+++ b/public_html/fa-IR/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/fa-IR/opds-Drafts.xml b/public_html/fa-IR/opds-Drafts.xml
new file mode 100644
index 0000000..63111c9
--- /dev/null
+++ b/public_html/fa-IR/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/fa-IR/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/fa-IR/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:44</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>fa-IR</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/fa-IR/opds-Fedora.xml b/public_html/fa-IR/opds-Fedora.xml
index aa18ad1..2848ae7 100644
--- a/public_html/fa-IR/opds-Fedora.xml
+++ b/public_html/fa-IR/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fa-IR/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>fa-IR</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
index 82aeb54..7fc0271 100644
--- a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Contributor_Documentation.xml</id>
   <title>مستندات مشارکت کننده فدورا</title>
   <subtitle>مستندات مشارکت کننده فدورا</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/fa-IR/opds-Fedora_Core.xml b/public_html/fa-IR/opds-Fedora_Core.xml
index d50d5e5..7c25059 100644
--- a/public_html/fa-IR/opds-Fedora_Core.xml
+++ b/public_html/fa-IR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
index a001301..f5e5b6d 100644
--- a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/fa-IR/opds.xml b/public_html/fa-IR/opds.xml
index dd6a088..e8f90f7 100644
--- a/public_html/fa-IR/opds.xml
+++ b/public_html/fa-IR/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/fa-IR/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:26</updated>
+  <updated>2011-06-13T21:31:44</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/fa-IR/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:44</updated>
+    <dc:language>fa-IR</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/fa-IR/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>fa-IR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>مستندات مشارکت کننده فدورا</title>
     <id>http://docs.fedoraproject.org/fa-IR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>fa-IR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/fa-IR/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>fa-IR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/fa-IR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>fa-IR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fa-IR/toc.html b/public_html/fa-IR/toc.html
index 41a7572..648c9d7 100644
--- a/public_html/fa-IR/toc.html
+++ b/public_html/fa-IR/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -290,7 +314,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -598,7 +622,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -727,7 +751,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -835,7 +859,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -847,7 +871,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1093,7 +1117,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/fi-FI/Site_Statistics.html b/public_html/fi-FI/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/fi-FI/Site_Statistics.html
+++ b/public_html/fi-FI/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/fi-FI/opds-Drafts.xml b/public_html/fi-FI/opds-Drafts.xml
new file mode 100644
index 0000000..c3463e0
--- /dev/null
+++ b/public_html/fi-FI/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/fi-FI/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/fi-FI/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:44</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>fi-FI</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/fi-FI/opds-Fedora.xml b/public_html/fi-FI/opds-Fedora.xml
index fdae61a..a2bf164 100644
--- a/public_html/fi-FI/opds-Fedora.xml
+++ b/public_html/fi-FI/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fi-FI/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:45</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -137,9 +137,9 @@
     <dc:language>fi-FI</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Kuinka Fedoran live-levykuvaa käytetään
+    <summary>Kuinka Fedoran live-levykuvaa käytetään
 </summary>
-    <content type="text">Kuinka Fedoran live-levykuvaa käytetään</content>
+    <content type="text">Kuinka Fedoran live-levykuvaa käytetään</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/fi-FI/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-fi-FI.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>fi-FI</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
index c174595..22d55ac 100644
--- a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:45</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/fi-FI/opds-Fedora_Core.xml b/public_html/fi-FI/opds-Fedora_Core.xml
index 53152bf..37ad5ed 100644
--- a/public_html/fi-FI/opds-Fedora_Core.xml
+++ b/public_html/fi-FI/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:45</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
index 88054cf..1693b4f 100644
--- a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:45</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/fi-FI/opds.xml b/public_html/fi-FI/opds.xml
index f10d34e..afaae7f 100644
--- a/public_html/fi-FI/opds.xml
+++ b/public_html/fi-FI/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/fi-FI/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:45</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/fi-FI/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:44</updated>
+    <dc:language>fi-FI</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/fi-FI/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:45</updated>
     <dc:language>fi-FI</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/fi-FI/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:45</updated>
     <dc:language>fi-FI</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/fi-FI/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:45</updated>
     <dc:language>fi-FI</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/fi-FI/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:45</updated>
     <dc:language>fi-FI</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fi-FI/toc.html b/public_html/fi-FI/toc.html
index 19b4665..3eeb438 100644
--- a/public_html/fi-FI/toc.html
+++ b/public_html/fi-FI/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -300,7 +324,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
@@ -424,7 +448,7 @@
 							<a class="type" href="./Fedora/12/epub/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.epub" >epub</a>
 							<a class="type" href="./Fedora/12/html/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/12/html/Fedora_Live_images/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/12/html-single/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/12/html-single/Fedora_Live_images/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf" onclick="window.top.location='./Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
@@ -551,7 +575,7 @@
 							<a class="type" href="./Fedora/11/epub/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.epub" >epub</a>
 							<a class="type" href="./Fedora/11/html/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/11/html/Fedora_Live_images/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/11/html-single/Fedora_Live_images/index.html" onclick="window.top.location='./Fedora/11/html-single/Fedora_Live_images/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.11' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.11.untrans_books');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -624,7 +648,7 @@
 							<a class="type" href="./Fedora/10/epub/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.epub" >epub</a>
 							<a class="type" href="./Fedora/10/html/Fedora_Live_Images/index.html" onclick="window.top.location='./Fedora/10/html/Fedora_Live_Images/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/10/html-single/Fedora_Live_Images/index.html" onclick="window.top.location='./Fedora/10/html-single/Fedora_Live_Images/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf" onclick="window.top.location='./Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf" onclick="window.top.location='./Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.10.Making_Fedora_Discs' class="book collapsed">
@@ -746,7 +770,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/fr-FR/Site_Statistics.html b/public_html/fr-FR/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/fr-FR/Site_Statistics.html
+++ b/public_html/fr-FR/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/fr-FR/opds-Drafts.xml b/public_html/fr-FR/opds-Drafts.xml
new file mode 100644
index 0000000..962d414
--- /dev/null
+++ b/public_html/fr-FR/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/fr-FR/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/fr-FR/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:45</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>fr-FR</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/fr-FR/opds-Fedora.xml b/public_html/fr-FR/opds-Fedora.xml
index 20f77a0..175410c 100644
--- a/public_html/fr-FR/opds-Fedora.xml
+++ b/public_html/fr-FR/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fr-FR/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>fr-FR</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
index b653bc2..ed3be0e 100644
--- a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/fr-FR/opds-Fedora_Core.xml b/public_html/fr-FR/opds-Fedora_Core.xml
index c682862..40bdb6d 100644
--- a/public_html/fr-FR/opds-Fedora_Core.xml
+++ b/public_html/fr-FR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
index c4e9283..eab57f3 100644
--- a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/fr-FR/opds.xml b/public_html/fr-FR/opds.xml
index 3fa0da3..f75fb77 100644
--- a/public_html/fr-FR/opds.xml
+++ b/public_html/fr-FR/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/fr-FR/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/fr-FR/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:45</updated>
+    <dc:language>fr-FR</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/fr-FR/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>fr-FR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/fr-FR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>fr-FR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/fr-FR/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>fr-FR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/fr-FR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>fr-FR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fr-FR/toc.html b/public_html/fr-FR/toc.html
index ddf6e66..bbd02c3 100644
--- a/public_html/fr-FR/toc.html
+++ b/public_html/fr-FR/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -327,7 +351,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/gu-IN/Site_Statistics.html b/public_html/gu-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/gu-IN/Site_Statistics.html
+++ b/public_html/gu-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/gu-IN/opds-Drafts.xml b/public_html/gu-IN/opds-Drafts.xml
new file mode 100644
index 0000000..ec664f7
--- /dev/null
+++ b/public_html/gu-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/gu-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/gu-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:46</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>gu-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/gu-IN/opds-Fedora.xml b/public_html/gu-IN/opds-Fedora.xml
index 3a5ec9b..2f6c0fa 100644
--- a/public_html/gu-IN/opds-Fedora.xml
+++ b/public_html/gu-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/gu-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>gu-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
index 0222e9e..ef5fd33 100644
--- a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/gu-IN/opds-Fedora_Core.xml b/public_html/gu-IN/opds-Fedora_Core.xml
index 13da3f5..b9a7e64 100644
--- a/public_html/gu-IN/opds-Fedora_Core.xml
+++ b/public_html/gu-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
index 50916aa..b3faa51 100644
--- a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/gu-IN/opds.xml b/public_html/gu-IN/opds.xml
index 36992c0..1beec7c 100644
--- a/public_html/gu-IN/opds.xml
+++ b/public_html/gu-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/gu-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/gu-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:46</updated>
+    <dc:language>gu-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/gu-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>gu-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/gu-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>gu-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/gu-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>gu-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/gu-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>gu-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/gu-IN/toc.html b/public_html/gu-IN/toc.html
index 86ee4a2..f62d04e 100644
--- a/public_html/gu-IN/toc.html
+++ b/public_html/gu-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/he-IL/Site_Statistics.html b/public_html/he-IL/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/he-IL/Site_Statistics.html
+++ b/public_html/he-IL/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/he-IL/opds-Drafts.xml b/public_html/he-IL/opds-Drafts.xml
new file mode 100644
index 0000000..b8ad3e2
--- /dev/null
+++ b/public_html/he-IL/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/he-IL/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/he-IL/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:46</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>he-IL</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/he-IL/opds-Fedora.xml b/public_html/he-IL/opds-Fedora.xml
index a422fa5..5b504d2 100644
--- a/public_html/he-IL/opds-Fedora.xml
+++ b/public_html/he-IL/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/he-IL/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>he-IL</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
index c9119db..5843c65 100644
--- a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/he-IL/opds-Fedora_Core.xml b/public_html/he-IL/opds-Fedora_Core.xml
index cdcf838..c4ba4e7 100644
--- a/public_html/he-IL/opds-Fedora_Core.xml
+++ b/public_html/he-IL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
index 737625c..47c4705 100644
--- a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:46</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/he-IL/opds.xml b/public_html/he-IL/opds.xml
index 4f901d1..82c86b7 100644
--- a/public_html/he-IL/opds.xml
+++ b/public_html/he-IL/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/he-IL/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/he-IL/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:46</updated>
+    <dc:language>he-IL</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/he-IL/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>he-IL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/he-IL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>he-IL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/he-IL/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>he-IL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/he-IL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>he-IL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/he-IL/toc.html b/public_html/he-IL/toc.html
index 8200a8c..e165d9e 100644
--- a/public_html/he-IL/toc.html
+++ b/public_html/he-IL/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -291,7 +315,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/hi-IN/Site_Statistics.html b/public_html/hi-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/hi-IN/Site_Statistics.html
+++ b/public_html/hi-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/hi-IN/opds-Drafts.xml b/public_html/hi-IN/opds-Drafts.xml
new file mode 100644
index 0000000..9752d51
--- /dev/null
+++ b/public_html/hi-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/hi-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/hi-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:47</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>hi-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/hi-IN/opds-Fedora.xml b/public_html/hi-IN/opds-Fedora.xml
index 07841d2..65faf5c 100644
--- a/public_html/hi-IN/opds-Fedora.xml
+++ b/public_html/hi-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hi-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>hi-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
index 3451bcf..b70e19a 100644
--- a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/hi-IN/opds-Fedora_Core.xml b/public_html/hi-IN/opds-Fedora_Core.xml
index 2b8597a..2437474 100644
--- a/public_html/hi-IN/opds-Fedora_Core.xml
+++ b/public_html/hi-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
index 58f092e..3fd2efa 100644
--- a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/hi-IN/opds.xml b/public_html/hi-IN/opds.xml
index a831527..f6651e1 100644
--- a/public_html/hi-IN/opds.xml
+++ b/public_html/hi-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/hi-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/hi-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:47</updated>
+    <dc:language>hi-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/hi-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hi-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/hi-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hi-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/hi-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hi-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/hi-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hi-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/hi-IN/toc.html b/public_html/hi-IN/toc.html
index af541d1..1ba73d1 100644
--- a/public_html/hi-IN/toc.html
+++ b/public_html/hi-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/hu-HU/Site_Statistics.html b/public_html/hu-HU/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/hu-HU/Site_Statistics.html
+++ b/public_html/hu-HU/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/hu-HU/opds-Drafts.xml b/public_html/hu-HU/opds-Drafts.xml
new file mode 100644
index 0000000..5cd2180
--- /dev/null
+++ b/public_html/hu-HU/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/hu-HU/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/hu-HU/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:47</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>hu-HU</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/hu-HU/opds-Fedora.xml b/public_html/hu-HU/opds-Fedora.xml
index da21ce1..2bd4c90 100644
--- a/public_html/hu-HU/opds-Fedora.xml
+++ b/public_html/hu-HU/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hu-HU/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>hu-HU</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
index dda4951..f0f08af 100644
--- a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/hu-HU/opds-Fedora_Core.xml b/public_html/hu-HU/opds-Fedora_Core.xml
index abbb07e..55ecf13 100644
--- a/public_html/hu-HU/opds-Fedora_Core.xml
+++ b/public_html/hu-HU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
index 3a20b8d..58c24f2 100644
--- a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:27</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/hu-HU/opds.xml b/public_html/hu-HU/opds.xml
index 5138edb..e5a470f 100644
--- a/public_html/hu-HU/opds.xml
+++ b/public_html/hu-HU/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/hu-HU/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:47</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/hu-HU/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:47</updated>
+    <dc:language>hu-HU</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/hu-HU/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hu-HU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/hu-HU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hu-HU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/hu-HU/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hu-HU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/hu-HU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hu-HU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/hu-HU/toc.html b/public_html/hu-HU/toc.html
index 5eb2f48..7f7946bb 100644
--- a/public_html/hu-HU/toc.html
+++ b/public_html/hu-HU/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/id-ID/Site_Statistics.html b/public_html/id-ID/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/id-ID/Site_Statistics.html
+++ b/public_html/id-ID/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/id-ID/opds-Drafts.xml b/public_html/id-ID/opds-Drafts.xml
new file mode 100644
index 0000000..c3df2ff
--- /dev/null
+++ b/public_html/id-ID/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/id-ID/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/id-ID/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:47</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>id-ID</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/id-ID/opds-Fedora.xml b/public_html/id-ID/opds-Fedora.xml
index d9e166f..6a24c15 100644
--- a/public_html/id-ID/opds-Fedora.xml
+++ b/public_html/id-ID/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/id-ID/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:48</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>id-ID</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
index bc39fe4..efdda46 100644
--- a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:48</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/id-ID/opds-Fedora_Core.xml b/public_html/id-ID/opds-Fedora_Core.xml
index 1313d3f..0a35fc8 100644
--- a/public_html/id-ID/opds-Fedora_Core.xml
+++ b/public_html/id-ID/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:48</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
index b75b3c8..9a7ab88 100644
--- a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:48</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/id-ID/opds.xml b/public_html/id-ID/opds.xml
index b3cad97..c47f990 100644
--- a/public_html/id-ID/opds.xml
+++ b/public_html/id-ID/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/id-ID/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:48</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/id-ID/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:47</updated>
+    <dc:language>id-ID</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/id-ID/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:48</updated>
     <dc:language>id-ID</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/id-ID/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:48</updated>
     <dc:language>id-ID</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/id-ID/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:48</updated>
     <dc:language>id-ID</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/id-ID/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:48</updated>
     <dc:language>id-ID</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/id-ID/toc.html b/public_html/id-ID/toc.html
index 1b8c014..53a8010 100644
--- a/public_html/id-ID/toc.html
+++ b/public_html/id-ID/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -291,7 +315,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Fedora_Live_Images' class="book collapsed" onclick="toggle(event, 'Fedora.13.Fedora_Live_Images.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/it-IT/Site_Statistics.html b/public_html/it-IT/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/it-IT/Site_Statistics.html
+++ b/public_html/it-IT/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/it-IT/opds-Drafts.xml b/public_html/it-IT/opds-Drafts.xml
new file mode 100644
index 0000000..ce60666
--- /dev/null
+++ b/public_html/it-IT/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/it-IT/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/it-IT/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:48</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>it-IT</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/it-IT/opds-Fedora.xml b/public_html/it-IT/opds-Fedora.xml
index ea1299d..4f1d324 100644
--- a/public_html/it-IT/opds-Fedora.xml
+++ b/public_html/it-IT/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/it-IT/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:49</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -61,9 +61,9 @@
     <dc:language>it-IT</dc:language>
     <category label="14" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Usare Fedora con una disabilità visiva, uditiva o motoria
+    <summary>Usare Fedora con una disabilità visiva, uditiva o motoria
 </summary>
-    <content type="text">Questo documento descrive i dispositivi hardware, le applicazioni e gli strumenti disponibili per consentire alle persone con disabilità di usufruire di un computer con sistema operativo Fedora.</content>
+    <content type="text">Questo documento descrive i dispositivi hardware, le applicazioni e gli strumenti disponibili per consentire alle persone con disabilità di usufruire di un computer con sistema operativo Fedora.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/it-IT/Fedora/14/epub/Accessibility_Guide/Fedora-14-Accessibility_Guide-it-IT.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>it-IT</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Gestire il Consumo Energetico in Fedora
 </summary>
-    <content type="text">Questo documento spiega come gestire efficacemente, i consumi di energia in sistemi Fedora 14. Le seguenti sezioni spiegano diverse tecniche per diminuire il consumo energetico (sia nei server che nei portatili), e come ogni tecnica influenzi le prestazioni globali del sistema. Nota: Questo documento è ancora in fase di sviluppo, soggetto a grosse modifiche e quì fornito in anteprima. Il contenuto e le istruzioni indicate non dovrebbero ritenersi complete e dovrebbero usarsi con cautela.</content>
+    <content type="text">Questo documento spiega come gestire efficacemente, i consumi di energia in sistemi Fedora 14. Le seguenti sezioni spiegano diverse tecniche per diminuire il consumo energetico (sia nei server che nei portatili), e come ogni tecnica influenzi le prestazioni globali del sistema. Nota: Questo documento è ancora in fase di sviluppo, soggetto a grosse modifiche e quì fornito in anteprima. Il contenuto e le istruzioni indicate non dovrebbero ritenersi complete e dovrebbero usarsi con cautela.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/it-IT/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-it-IT.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -234,7 +234,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Guida alla protezione di Fedora Linux
 </summary>
-    <content type="text">La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione.</content>
+    <content type="text">La Guida alla Sicurezza intende assistere gli utenti Fedora ad apprendere i processi e le pratiche di messa in sicurezza di workstation e server da attività sospette, attacchi ed intrusioni, sia locali che remoti. La Guida, dedicata a sistemi Fedora, affronta concetti e tecniche valide su tutti i sistemi Linux, mostrando piani e gli strumenti necessari per creare un ambiente sicuro in postazioni domestiche, negli uffici e in centri di elaborazione dati. Con una gestione e un controllo adeguato, i sistemi Linux possono essere sia pienamente funzionali sia sicuri dai più comuni metodi di attacco e di intrusione.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/it-IT/Fedora/14/epub/Security_Guide/Fedora-14-Security_Guide-it-IT.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
index 686f3f7..a9ada56 100644
--- a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Documentazione Collaboratori Fedora</title>
   <subtitle>Documentazione Collaboratori Fedora</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:49</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
@@ -44,7 +44,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Guida rapida per inviare traduzioni al Fedora Project.
 </summary>
-    <content type="text">Questa guida è un insieme di istruzioni passo a passo, semplici e veloci, per tradurre il software ed i documenti del Fedora Project.</content>
+    <content type="text">Questa guida è un insieme di istruzioni passo a passo, semplici e veloci, per tradurre il software ed i documenti del Fedora Project.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/it-IT/Fedora_Contributor_Documentation/1/epub/Translation_Quick_Start_Guide/Fedora_Contributor_Documentation-1-Translation_Quick_Start_Guide-it-IT.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/it-IT/opds-Fedora_Core.xml b/public_html/it-IT/opds-Fedora_Core.xml
index 8d5b653..f58cb4a 100644
--- a/public_html/it-IT/opds-Fedora_Core.xml
+++ b/public_html/it-IT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:49</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
index 175c14f..5d4bb4c 100644
--- a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:49</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/it-IT/opds.xml b/public_html/it-IT/opds.xml
index bfbdc5a..509bf4f 100644
--- a/public_html/it-IT/opds.xml
+++ b/public_html/it-IT/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/it-IT/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:49</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/it-IT/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:48</updated>
+    <dc:language>it-IT</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/it-IT/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:49</updated>
     <dc:language>it-IT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Documentazione Collaboratori Fedora</title>
     <id>http://docs.fedoraproject.org/it-IT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:49</updated>
     <dc:language>it-IT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/it-IT/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:49</updated>
     <dc:language>it-IT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/it-IT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:49</updated>
     <dc:language>it-IT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/it-IT/toc.html b/public_html/it-IT/toc.html
index 8d3a540..a0b87db 100644
--- a/public_html/it-IT/toc.html
+++ b/public_html/it-IT/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -279,7 +303,7 @@
 							<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-it-IT.epub" >epub</a>
 							<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-it-IT.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-it-IT.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-it-IT.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-it-IT.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.13.Fedora_Live_Images' class="book collapsed">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -699,7 +723,7 @@
 									<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -799,7 +823,7 @@
 									<a class="type" href="../en-US/./Fedora/9/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/9/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/9/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.9.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.User_Guide.types');">
@@ -908,7 +932,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.8.User_Guide.types');">
@@ -999,7 +1023,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -1011,7 +1035,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1257,7 +1281,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/ja-JP/Site_Statistics.html b/public_html/ja-JP/Site_Statistics.html
index b041b8c..7285090 100644
--- a/public_html/ja-JP/Site_Statistics.html
+++ b/public_html/ja-JP/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>言語数の合計: </b>42<br />
-	<b>パッケージ数の合計: </b>658
+	<b>パッケージ数の合計: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/ja-JP/opds-Drafts.xml b/public_html/ja-JP/opds-Drafts.xml
new file mode 100644
index 0000000..76e4668
--- /dev/null
+++ b/public_html/ja-JP/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/ja-JP/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/ja-JP/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:49</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>ja-JP</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/ja-JP/opds-Fedora.xml b/public_html/ja-JP/opds-Fedora.xml
index eefdf3f..76e7502 100644
--- a/public_html/ja-JP/opds-Fedora.xml
+++ b/public_html/ja-JP/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ja-JP/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -99,9 +99,9 @@
     <dc:language>ja-JP</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>ISO イメージをダウンロードし、CD や DVD メディアへ書き込む方法
+    <summary>ISO イメージをダウンロードし、CD や DVD メディアへ書き込む方法
 </summary>
-    <content type="text">ISO イメージをダウンロードし、CD や DVD メディアへ書き込む方法</content>
+    <content type="text">ISO イメージをダウンロードし、CD や DVD メディアへ書き込む方法</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ja-JP/Fedora/14/epub/Burning_ISO_images_to_disc/Fedora-14-Burning_ISO_images_to_disc-ja-JP.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -137,9 +137,9 @@
     <dc:language>ja-JP</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Fedora Live イメージの使い方
+    <summary>Fedora Live イメージの使い方
 </summary>
-    <content type="text">Fedora Live イメージの使い方</content>
+    <content type="text">Fedora Live イメージの使い方</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ja-JP/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-ja-JP.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>ja-JP</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -194,9 +194,9 @@
     <dc:language>ja-JP</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Fedora における電力消費の管理について
+    <summary>Fedora における電力消費の管理について
 </summary>
-    <content type="text">このドキュメントでは、Fedora 14 システムで効果的に電力消費を管理する方法を説明しています。以下のセクションでは電力消費を低減する異なる技術(サーバーとラップトップの両方)と、各技術がシステムの全体的なパフォーマンスにいかに影響するかを説明します。以下の点に注意して下さい: このドキュメントはまだ開発中であり、大幅な変更の可能性があります。そのため現時点ではプレビューとして提供されています。本文中にある内容と指導事項はまだ完全でなく、注意して取り扱う必要があります。</content>
+    <content type="text">このドキュメントでは、Fedora 14 システムで効果的に電力消費を管理する方法を説明しています。以下のセクションでは電力消費を低減する異なる技術(サーバーとラップトップの両方)と、各技術がシステムの全体的なパフォーマンスにいかに影響するかを説明します。以下の点に注意して下さい: このドキュメントはまだ開発中であり、大幅な変更の可能性がÃ
 £ÂÂ‚ります。そのため現時点ではプレビューとして提供されています。本文中にある内容と指導事項はまだ完全でなく、注意して取り扱う必要があります。</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ja-JP/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-ja-JP.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
index 70e96d6..70e3180 100644
--- a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora コントリビュータ用ドキュメント</title>
   <subtitle>Fedora コントリビュータ用ドキュメント</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/ja-JP/opds-Fedora_Core.xml b/public_html/ja-JP/opds-Fedora_Core.xml
index 8e6466a..595bf54 100644
--- a/public_html/ja-JP/opds-Fedora_Core.xml
+++ b/public_html/ja-JP/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
index 5a2e1fe..b6e63e6 100644
--- a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ja-JP/opds.xml b/public_html/ja-JP/opds.xml
index bb10429..d333b78 100644
--- a/public_html/ja-JP/opds.xml
+++ b/public_html/ja-JP/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/ja-JP/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/ja-JP/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:49</updated>
+    <dc:language>ja-JP</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/ja-JP/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>ja-JP</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora コントリビュータ用ドキュメント</title>
     <id>http://docs.fedoraproject.org/ja-JP/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>ja-JP</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/ja-JP/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>ja-JP</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/ja-JP/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>ja-JP</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ja-JP/toc.html b/public_html/ja-JP/toc.html
index 5245c3e..1ba7b6a 100644
--- a/public_html/ja-JP/toc.html
+++ b/public_html/ja-JP/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		以下のナビゲーションメニューはページが読み込まれると自動的に折り畳まれます。 ナビゲーションメニューの機能性を修正する場合はクッキーを有効にします。
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">未翻訳</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -291,7 +315,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -746,7 +770,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
@@ -837,7 +861,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/kn-IN/Site_Statistics.html b/public_html/kn-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/kn-IN/Site_Statistics.html
+++ b/public_html/kn-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/kn-IN/opds-Drafts.xml b/public_html/kn-IN/opds-Drafts.xml
new file mode 100644
index 0000000..5763a8a
--- /dev/null
+++ b/public_html/kn-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/kn-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/kn-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:50</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>kn-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/kn-IN/opds-Fedora.xml b/public_html/kn-IN/opds-Fedora.xml
index 49e4c1b..cd24ccc 100644
--- a/public_html/kn-IN/opds-Fedora.xml
+++ b/public_html/kn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/kn-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>kn-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
index eb30b08..03175a0 100644
--- a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/kn-IN/opds-Fedora_Core.xml b/public_html/kn-IN/opds-Fedora_Core.xml
index 84b49a7..eee1a21 100644
--- a/public_html/kn-IN/opds-Fedora_Core.xml
+++ b/public_html/kn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
index 79dd768..47dd0fe 100644
--- a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/kn-IN/opds.xml b/public_html/kn-IN/opds.xml
index 29fc65e..5c3de85 100644
--- a/public_html/kn-IN/opds.xml
+++ b/public_html/kn-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/kn-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:50</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/kn-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:50</updated>
+    <dc:language>kn-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/kn-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>kn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/kn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>kn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/kn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>kn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/kn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>kn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/kn-IN/toc.html b/public_html/kn-IN/toc.html
index 796d333..4e14db8 100644
--- a/public_html/kn-IN/toc.html
+++ b/public_html/kn-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/ko-KR/Site_Statistics.html b/public_html/ko-KR/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/ko-KR/Site_Statistics.html
+++ b/public_html/ko-KR/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/ko-KR/opds-Drafts.xml b/public_html/ko-KR/opds-Drafts.xml
new file mode 100644
index 0000000..2b90b21
--- /dev/null
+++ b/public_html/ko-KR/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/ko-KR/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/ko-KR/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:50</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>ko-KR</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/ko-KR/opds-Fedora.xml b/public_html/ko-KR/opds-Fedora.xml
index fa243c3..e0d5aae 100644
--- a/public_html/ko-KR/opds-Fedora.xml
+++ b/public_html/ko-KR/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ko-KR/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>ko-KR</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
index 045f2be..c235aca 100644
--- a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/ko-KR/opds-Fedora_Core.xml b/public_html/ko-KR/opds-Fedora_Core.xml
index 66e590f..d371a06 100644
--- a/public_html/ko-KR/opds-Fedora_Core.xml
+++ b/public_html/ko-KR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
index 7cb92d9..b270814 100644
--- a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ko-KR/opds.xml b/public_html/ko-KR/opds.xml
index 600ca09..ee629a3 100644
--- a/public_html/ko-KR/opds.xml
+++ b/public_html/ko-KR/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/ko-KR/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:28</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/ko-KR/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:50</updated>
+    <dc:language>ko-KR</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/ko-KR/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ko-KR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/ko-KR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ko-KR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/ko-KR/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ko-KR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/ko-KR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ko-KR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ko-KR/toc.html b/public_html/ko-KR/toc.html
index 9153bb5..7dd8545 100644
--- a/public_html/ko-KR/toc.html
+++ b/public_html/ko-KR/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/ml-IN/Site_Statistics.html b/public_html/ml-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/ml-IN/Site_Statistics.html
+++ b/public_html/ml-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/ml-IN/opds-Drafts.xml b/public_html/ml-IN/opds-Drafts.xml
new file mode 100644
index 0000000..9de551d
--- /dev/null
+++ b/public_html/ml-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/ml-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/ml-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:51</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>ml-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/ml-IN/opds-Fedora.xml b/public_html/ml-IN/opds-Fedora.xml
index d9a422c..e6c943c 100644
--- a/public_html/ml-IN/opds-Fedora.xml
+++ b/public_html/ml-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ml-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>ml-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
index 356c452..e92445f 100644
--- a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/ml-IN/opds-Fedora_Core.xml b/public_html/ml-IN/opds-Fedora_Core.xml
index 9e8d6a1..7bf3b59 100644
--- a/public_html/ml-IN/opds-Fedora_Core.xml
+++ b/public_html/ml-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
index e8b8669..755fdee 100644
--- a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ml-IN/opds.xml b/public_html/ml-IN/opds.xml
index b89d9db..fef4e0d 100644
--- a/public_html/ml-IN/opds.xml
+++ b/public_html/ml-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/ml-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/ml-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:51</updated>
+    <dc:language>ml-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/ml-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ml-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/ml-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ml-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/ml-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ml-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/ml-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ml-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ml-IN/toc.html b/public_html/ml-IN/toc.html
index 12e645e..34eab23 100644
--- a/public_html/ml-IN/toc.html
+++ b/public_html/ml-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/mr-IN/Site_Statistics.html b/public_html/mr-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/mr-IN/Site_Statistics.html
+++ b/public_html/mr-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/mr-IN/opds-Drafts.xml b/public_html/mr-IN/opds-Drafts.xml
new file mode 100644
index 0000000..2fafdf4
--- /dev/null
+++ b/public_html/mr-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/mr-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/mr-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:51</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>mr-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/mr-IN/opds-Fedora.xml b/public_html/mr-IN/opds-Fedora.xml
index 85839af..e0cbadd 100644
--- a/public_html/mr-IN/opds-Fedora.xml
+++ b/public_html/mr-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/mr-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>mr-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
index cae214d..7e30910 100644
--- a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/mr-IN/opds-Fedora_Core.xml b/public_html/mr-IN/opds-Fedora_Core.xml
index 602a30d..cba63d3 100644
--- a/public_html/mr-IN/opds-Fedora_Core.xml
+++ b/public_html/mr-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
index d5561b6..b1fb501 100644
--- a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/mr-IN/opds.xml b/public_html/mr-IN/opds.xml
index 4482d1f..0f92f1b 100644
--- a/public_html/mr-IN/opds.xml
+++ b/public_html/mr-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/mr-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:51</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/mr-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:51</updated>
+    <dc:language>mr-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/mr-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>mr-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/mr-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>mr-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/mr-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>mr-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/mr-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>mr-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/mr-IN/toc.html b/public_html/mr-IN/toc.html
index 9e2a699..4fcc82f 100644
--- a/public_html/mr-IN/toc.html
+++ b/public_html/mr-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/nb-NO/Site_Statistics.html b/public_html/nb-NO/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/nb-NO/Site_Statistics.html
+++ b/public_html/nb-NO/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/nb-NO/opds-Drafts.xml b/public_html/nb-NO/opds-Drafts.xml
new file mode 100644
index 0000000..fdb5d5f
--- /dev/null
+++ b/public_html/nb-NO/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/nb-NO/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/nb-NO/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:51</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>nb-NO</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/nb-NO/opds-Fedora.xml b/public_html/nb-NO/opds-Fedora.xml
index b1419c8..27214b9 100644
--- a/public_html/nb-NO/opds-Fedora.xml
+++ b/public_html/nb-NO/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nb-NO/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:52</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>nb-NO</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
index 2a8ef40..b63b006 100644
--- a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:52</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/nb-NO/opds-Fedora_Core.xml b/public_html/nb-NO/opds-Fedora_Core.xml
index f50a896..9e422bd 100644
--- a/public_html/nb-NO/opds-Fedora_Core.xml
+++ b/public_html/nb-NO/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:52</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
index 368f045..f06040f 100644
--- a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:52</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/nb-NO/opds.xml b/public_html/nb-NO/opds.xml
index 2b0195b..8c903b0 100644
--- a/public_html/nb-NO/opds.xml
+++ b/public_html/nb-NO/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/nb-NO/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:52</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/nb-NO/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:51</updated>
+    <dc:language>nb-NO</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/nb-NO/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:52</updated>
     <dc:language>nb-NO</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/nb-NO/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:52</updated>
     <dc:language>nb-NO</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/nb-NO/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:52</updated>
     <dc:language>nb-NO</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/nb-NO/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:52</updated>
     <dc:language>nb-NO</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/nb-NO/toc.html b/public_html/nb-NO/toc.html
index 988b1e5..5aa9d82 100644
--- a/public_html/nb-NO/toc.html
+++ b/public_html/nb-NO/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -737,7 +761,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Release_Notes' class="book collapsed" onclick="toggle(event, 'Fedora.8.Release_Notes.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/nl-NL/Site_Statistics.html b/public_html/nl-NL/Site_Statistics.html
index 0f2570c..dae8663 100644
--- a/public_html/nl-NL/Site_Statistics.html
+++ b/public_html/nl-NL/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Totaal talen: </b>42<br />
-	<b>Totaal pakketten: </b>658
+	<b>Totaal pakketten: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/nl-NL/opds-Drafts.xml b/public_html/nl-NL/opds-Drafts.xml
new file mode 100644
index 0000000..0f60b54
--- /dev/null
+++ b/public_html/nl-NL/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/nl-NL/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/nl-NL/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:52</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>nl-NL</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/nl-NL/opds-Fedora.xml b/public_html/nl-NL/opds-Fedora.xml
index 569f46c..e76efe6 100644
--- a/public_html/nl-NL/opds-Fedora.xml
+++ b/public_html/nl-NL/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nl-NL/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>nl-NL</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Het installeren van Fedora 14 op x86, AMD64, and Intel 64 architecturen
+    <summary>Het installeren van Fedora 14 op x86, AMD64, and Intel 64 architecturen
 </summary>
     <content type="text">Verstrekt documentatie voor het installeer proces.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/nl-NL/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-nl-NL.epub">
diff --git a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
index d4c3faa..271ccd5 100644
--- a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/nl-NL/opds-Fedora_Core.xml b/public_html/nl-NL/opds-Fedora_Core.xml
index 36b709a..f2c81bd 100644
--- a/public_html/nl-NL/opds-Fedora_Core.xml
+++ b/public_html/nl-NL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
index e805d0f..ab59bed 100644
--- a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/nl-NL/opds.xml b/public_html/nl-NL/opds.xml
index 045a0ba..5a37c34 100644
--- a/public_html/nl-NL/opds.xml
+++ b/public_html/nl-NL/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/nl-NL/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/nl-NL/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:52</updated>
+    <dc:language>nl-NL</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/nl-NL/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>nl-NL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/nl-NL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>nl-NL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/nl-NL/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>nl-NL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/nl-NL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>nl-NL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/nl-NL/toc.html b/public_html/nl-NL/toc.html
index 62e585b..8b87b89 100644
--- a/public_html/nl-NL/toc.html
+++ b/public_html/nl-NL/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		Het navigatie menu hieronder zal automatisch samenvouwen als pagina's worden geladen. Zet cookies aan om de functionaliteit van het navigatie menu te herstellen.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Onvertaald</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -279,7 +303,7 @@
 							<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.epub" >epub</a>
 							<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -641,7 +665,7 @@
 							<a class="type" href="./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-nl-NL.epub" >epub</a>
 							<a class="type" href="./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-nl-NL.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-nl-NL.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-nl-NL.pdf" onclick="window.top.location='./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-nl-NL.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.11.User_Guide' class="book collapsed">
@@ -1008,7 +1032,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -1029,7 +1053,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1275,7 +1299,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/opds.xml b/public_html/opds.xml
index 40b2e13..7c4995c 100644
--- a/public_html/opds.xml
+++ b/public_html/opds.xml
@@ -7,7 +7,7 @@
   <link rel="start" href="http://docs.fedoraproject.org/opds.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <title>Fedora Documentation</title>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:59</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -16,7 +16,7 @@
   <entry>
     <title>অসমীয়া</title>
     <id>as-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>as-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="as-IN/opds.xml"/>
@@ -24,7 +24,7 @@
   <entry>
     <title>български</title>
     <id>bg-BG/opds.xml</id>
-    <updated>2011-06-12T18:58:24</updated>
+    <updated>2011-06-13T21:31:37</updated>
     <dc:language>bg-BG</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="bg-BG/opds.xml"/>
@@ -32,7 +32,7 @@
   <entry>
     <title>বাংলা</title>
     <id>bn-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="bn-IN/opds.xml"/>
@@ -40,7 +40,7 @@
   <entry>
     <title>Bosanski</title>
     <id>bs-BA/opds.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:38</updated>
     <dc:language>bs-BA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="bs-BA/opds.xml"/>
@@ -48,7 +48,7 @@
   <entry>
     <title>Català</title>
     <id>ca-ES/opds.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>ca-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="ca-ES/opds.xml"/>
@@ -56,7 +56,7 @@
   <entry>
     <title>Čeština</title>
     <id>cs-CZ/opds.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:39</updated>
     <dc:language>cs-CZ</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="cs-CZ/opds.xml"/>
@@ -64,7 +64,7 @@
   <entry>
     <title>Dansk</title>
     <id>da-DK/opds.xml</id>
-    <updated>2011-06-12T18:58:25</updated>
+    <updated>2011-06-13T21:31:40</updated>
     <dc:language>da-DK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="da-DK/opds.xml"/>
@@ -72,7 +72,7 @@
   <entry>
     <title>Deutsch</title>
     <id>de-DE/opds.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>de-DE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="de-DE/opds.xml"/>
@@ -80,7 +80,7 @@
   <entry>
     <title>Ελληνικά</title>
     <id>el-GR/opds.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:41</updated>
     <dc:language>el-GR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="el-GR/opds.xml"/>
@@ -88,7 +88,7 @@
   <entry>
     <title>English</title>
     <id>en-US/opds.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:42</updated>
     <dc:language>en-US</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="en-US/opds.xml"/>
@@ -96,7 +96,7 @@
   <entry>
     <title>Español</title>
     <id>es-ES/opds.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>es-ES</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="es-ES/opds.xml"/>
@@ -104,7 +104,7 @@
   <entry>
     <title>فارسی</title>
     <id>fa-IR/opds.xml</id>
-    <updated>2011-06-12T18:58:26</updated>
+    <updated>2011-06-13T21:31:44</updated>
     <dc:language>fa-IR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="fa-IR/opds.xml"/>
@@ -112,7 +112,7 @@
   <entry>
     <title>Suomi</title>
     <id>fi-FI/opds.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:45</updated>
     <dc:language>fi-FI</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="fi-FI/opds.xml"/>
@@ -120,7 +120,7 @@
   <entry>
     <title>Français</title>
     <id>fr-FR/opds.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>fr-FR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="fr-FR/opds.xml"/>
@@ -128,7 +128,7 @@
   <entry>
     <title>ગુજરાતી</title>
     <id>gu-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:46</updated>
     <dc:language>gu-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="gu-IN/opds.xml"/>
@@ -136,7 +136,7 @@
   <entry>
     <title>עברית</title>
     <id>he-IL/opds.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>he-IL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="he-IL/opds.xml"/>
@@ -144,7 +144,7 @@
   <entry>
     <title>हिन्दी</title>
     <id>hi-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:27</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hi-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="hi-IN/opds.xml"/>
@@ -152,7 +152,7 @@
   <entry>
     <title>Magyar</title>
     <id>hu-HU/opds.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:47</updated>
     <dc:language>hu-HU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="hu-HU/opds.xml"/>
@@ -160,7 +160,7 @@
   <entry>
     <title>Indonesia</title>
     <id>id-ID/opds.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:48</updated>
     <dc:language>id-ID</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="id-ID/opds.xml"/>
@@ -168,7 +168,7 @@
   <entry>
     <title>Italiano</title>
     <id>it-IT/opds.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:49</updated>
     <dc:language>it-IT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="it-IT/opds.xml"/>
@@ -176,7 +176,7 @@
   <entry>
     <title>日本語</title>
     <id>ja-JP/opds.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>ja-JP</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="ja-JP/opds.xml"/>
@@ -184,7 +184,7 @@
   <entry>
     <title>ಕನ್ನಡ</title>
     <id>kn-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:28</updated>
+    <updated>2011-06-13T21:31:50</updated>
     <dc:language>kn-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="kn-IN/opds.xml"/>
@@ -192,7 +192,7 @@
   <entry>
     <title>한국어</title>
     <id>ko-KR/opds.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ko-KR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="ko-KR/opds.xml"/>
@@ -200,7 +200,7 @@
   <entry>
     <title>മലയാളം</title>
     <id>ml-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>ml-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="ml-IN/opds.xml"/>
@@ -208,7 +208,7 @@
   <entry>
     <title>मराठी</title>
     <id>mr-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:51</updated>
     <dc:language>mr-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="mr-IN/opds.xml"/>
@@ -216,7 +216,7 @@
   <entry>
     <title>Norsk (bokmål)</title>
     <id>nb-NO/opds.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:52</updated>
     <dc:language>nb-NO</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="nb-NO/opds.xml"/>
@@ -224,7 +224,7 @@
   <entry>
     <title>Nederlands</title>
     <id>nl-NL/opds.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>nl-NL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="nl-NL/opds.xml"/>
@@ -232,7 +232,7 @@
   <entry>
     <title>ଓଡ଼ିଆ</title>
     <id>or-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>or-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="or-IN/opds.xml"/>
@@ -240,7 +240,7 @@
   <entry>
     <title>ਪੰਜਾਬੀ</title>
     <id>pa-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pa-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="pa-IN/opds.xml"/>
@@ -248,7 +248,7 @@
   <entry>
     <title>Polski</title>
     <id>pl-PL/opds.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pl-PL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="pl-PL/opds.xml"/>
@@ -256,7 +256,7 @@
   <entry>
     <title>Português Brasileiro</title>
     <id>pt-BR/opds.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-BR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="pt-BR/opds.xml"/>
@@ -264,7 +264,7 @@
   <entry>
     <title>Português</title>
     <id>pt-PT/opds.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-PT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="pt-PT/opds.xml"/>
@@ -272,7 +272,7 @@
   <entry>
     <title>Русский</title>
     <id>ru-RU/opds.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>ru-RU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="ru-RU/opds.xml"/>
@@ -280,7 +280,7 @@
   <entry>
     <title>Slovenščina</title>
     <id>sk-SK/opds.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sk-SK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="sk-SK/opds.xml"/>
@@ -288,7 +288,7 @@
   <entry>
     <title>Srpski (latinica)</title>
     <id>sr-Latn-RS/opds.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sr-Latn-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="sr-Latn-RS/opds.xml"/>
@@ -296,7 +296,7 @@
   <entry>
     <title>Српски</title>
     <id>sr-RS/opds.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sr-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="sr-RS/opds.xml"/>
@@ -304,7 +304,7 @@
   <entry>
     <title>Svenska</title>
     <id>sv-SE/opds.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sv-SE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="sv-SE/opds.xml"/>
@@ -312,7 +312,7 @@
   <entry>
     <title>தமிழ்</title>
     <id>ta-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>ta-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="ta-IN/opds.xml"/>
@@ -320,7 +320,7 @@
   <entry>
     <title>తెలుగు</title>
     <id>te-IN/opds.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>te-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="te-IN/opds.xml"/>
@@ -328,7 +328,7 @@
   <entry>
     <title>Українська</title>
     <id>uk-UA/opds.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>uk-UA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="uk-UA/opds.xml"/>
@@ -336,7 +336,7 @@
   <entry>
     <title>简体中文</title>
     <id>zh-CN/opds.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-CN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="zh-CN/opds.xml"/>
@@ -344,7 +344,7 @@
   <entry>
     <title>繁體中文</title>
     <id>zh-TW/opds.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-TW</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="zh-TW/opds.xml"/>
diff --git a/public_html/or-IN/Site_Statistics.html b/public_html/or-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/or-IN/Site_Statistics.html
+++ b/public_html/or-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/or-IN/opds-Drafts.xml b/public_html/or-IN/opds-Drafts.xml
new file mode 100644
index 0000000..3968c01
--- /dev/null
+++ b/public_html/or-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/or-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/or-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:53</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>or-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/or-IN/opds-Fedora.xml b/public_html/or-IN/opds-Fedora.xml
index 46e7471..075a16f 100644
--- a/public_html/or-IN/opds-Fedora.xml
+++ b/public_html/or-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/or-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>or-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
index a1ce9e5..692f33b 100644
--- a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/or-IN/opds-Fedora_Core.xml b/public_html/or-IN/opds-Fedora_Core.xml
index 70978b8..ebe3f9d 100644
--- a/public_html/or-IN/opds-Fedora_Core.xml
+++ b/public_html/or-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
index 3bffc5d..54d5b38 100644
--- a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/or-IN/opds.xml b/public_html/or-IN/opds.xml
index 14da40f..b2d1c0f 100644
--- a/public_html/or-IN/opds.xml
+++ b/public_html/or-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/or-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:29</updated>
+  <updated>2011-06-13T21:31:53</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/or-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:53</updated>
+    <dc:language>or-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/or-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>or-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/or-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>or-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/or-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>or-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/or-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:29</updated>
+    <updated>2011-06-13T21:31:53</updated>
     <dc:language>or-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/or-IN/toc.html b/public_html/or-IN/toc.html
index 10000e7..b54a2c7 100644
--- a/public_html/or-IN/toc.html
+++ b/public_html/or-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/pa-IN/Site_Statistics.html b/public_html/pa-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/pa-IN/Site_Statistics.html
+++ b/public_html/pa-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/pa-IN/opds-Drafts.xml b/public_html/pa-IN/opds-Drafts.xml
new file mode 100644
index 0000000..6ae711a
--- /dev/null
+++ b/public_html/pa-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/pa-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/pa-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:54</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>pa-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/pa-IN/opds-Fedora.xml b/public_html/pa-IN/opds-Fedora.xml
index 7b259d1..dfdab37 100644
--- a/public_html/pa-IN/opds-Fedora.xml
+++ b/public_html/pa-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pa-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>pa-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
index 9736c36..a326f4a 100644
--- a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/pa-IN/opds-Fedora_Core.xml b/public_html/pa-IN/opds-Fedora_Core.xml
index a1d02ad..43300f9 100644
--- a/public_html/pa-IN/opds-Fedora_Core.xml
+++ b/public_html/pa-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
index abc16e2..e8cdace 100644
--- a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pa-IN/opds.xml b/public_html/pa-IN/opds.xml
index c272edf..27044bd 100644
--- a/public_html/pa-IN/opds.xml
+++ b/public_html/pa-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/pa-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/pa-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:54</updated>
+    <dc:language>pa-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/pa-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pa-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/pa-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pa-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/pa-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pa-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/pa-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pa-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pa-IN/toc.html b/public_html/pa-IN/toc.html
index 472f4b9..9004f12 100644
--- a/public_html/pa-IN/toc.html
+++ b/public_html/pa-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/pl-PL/Site_Statistics.html b/public_html/pl-PL/Site_Statistics.html
index 471f2bf..1a97e71 100644
--- a/public_html/pl-PL/Site_Statistics.html
+++ b/public_html/pl-PL/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Razem języków: </b>42<br />
-	<b>Razem pakietów: </b>658
+	<b>Razem pakietów: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/pl-PL/opds-Drafts.xml b/public_html/pl-PL/opds-Drafts.xml
new file mode 100644
index 0000000..4f835c6
--- /dev/null
+++ b/public_html/pl-PL/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/pl-PL/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/pl-PL/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:54</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>pl-PL</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/pl-PL/opds-Fedora.xml b/public_html/pl-PL/opds-Fedora.xml
index fed526a..8788155 100644
--- a/public_html/pl-PL/opds-Fedora.xml
+++ b/public_html/pl-PL/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pl-PL/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -61,9 +61,9 @@
     <dc:language>pl-PL</dc:language>
     <category label="14" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Używanie Fedory z niepełnosprawnościami wzrokowymi, słuchowymi lub motorycznymi
+    <summary>Używanie Fedory z niepełnosprawnościami wzrokowymi, słuchowymi lub motorycznymi
 </summary>
-    <content type="text">Ten dokument opisuje niektóre urządzenia sprzętowe, aplikacje i narzędzia dostępne do pomocy osobom z niepełnosprawnościami w używaniu komputera z systemem operacyjnym Fedora.</content>
+    <content type="text">Ten dokument opisuje niektóre urządzenia sprzętowe, aplikacje i narzędzia dostępne do pomocy osobom z niepełnosprawnościami w używaniu komputera z systemem operacyjnym Fedora.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/pl-PL/Fedora/14/epub/Accessibility_Guide/Fedora-14-Accessibility_Guide-pl-PL.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -99,9 +99,9 @@
     <dc:language>pl-PL</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Jak pobrać obrazy ISO i utworzyć nośniki CD i DVD
+    <summary>Jak pobrać obrazy ISO i utworzyć nośniki CD i DVD
 </summary>
-    <content type="text">Jak pobrać obrazy ISO i utworzyć nośniki CD i DVD</content>
+    <content type="text">Jak pobrać obrazy ISO i utworzyć nośniki CD i DVD</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/pl-PL/Fedora/14/epub/Burning_ISO_images_to_disc/Fedora-14-Burning_ISO_images_to_disc-pl-PL.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -137,9 +137,9 @@
     <dc:language>pl-PL</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Jak używać obrazu Live Fedory
+    <summary>Jak używać obrazu Live Fedory
 </summary>
-    <content type="text">Jak używać obrazu Live Fedory</content>
+    <content type="text">Jak używać obrazu Live Fedory</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/pl-PL/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-pl-PL.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>pl-PL</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
index 0b17e4d..f01d103 100644
--- a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Dokumentacja dla współtwórców Fedory</title>
   <subtitle>Dokumentacja dla współtwórców Fedory</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
@@ -42,9 +42,9 @@
     <dc:language>pl-PL</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Krótki podręcznik dostarczania tłumaczeń dla Projektu Fedora
+    <summary>Krótki podręcznik dostarczania tłumaczeń dla Projektu Fedora
 </summary>
-    <content type="text">Ten przewodnik jest krótkim, prostym zestawem instrukcji krok po kroku dla tłumaczenia oprogramowania i dokumentów Projektu Fedora.</content>
+    <content type="text">Ten przewodnik jest krótkim, prostym zestawem instrukcji krok po kroku dla tłumaczenia oprogramowania i dokumentów Projektu Fedora.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/pl-PL/Fedora_Contributor_Documentation/1/epub/Translation_Quick_Start_Guide/Fedora_Contributor_Documentation-1-Translation_Quick_Start_Guide-pl-PL.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/pl-PL/opds-Fedora_Core.xml b/public_html/pl-PL/opds-Fedora_Core.xml
index fd6c3d6..56c15db 100644
--- a/public_html/pl-PL/opds-Fedora_Core.xml
+++ b/public_html/pl-PL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
index a5e00fa..8cb83d7 100644
--- a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pl-PL/opds.xml b/public_html/pl-PL/opds.xml
index e6197aa..e130662 100644
--- a/public_html/pl-PL/opds.xml
+++ b/public_html/pl-PL/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/pl-PL/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/pl-PL/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:54</updated>
+    <dc:language>pl-PL</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/pl-PL/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pl-PL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Dokumentacja dla współtwórców Fedory</title>
     <id>http://docs.fedoraproject.org/pl-PL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pl-PL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/pl-PL/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pl-PL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/pl-PL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pl-PL</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pl-PL/toc.html b/public_html/pl-PL/toc.html
index 791c6c4..f6a6870 100644
--- a/public_html/pl-PL/toc.html
+++ b/public_html/pl-PL/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		Poniższe menu nawigacji zostanie automatycznie zwinięte po wczytaniu strony. Należy włączyć obsługę ciasteczek, aby naprawić działanie meni nawigacji.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Nieprzetłumaczone</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -681,7 +705,7 @@
 									<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -763,7 +787,7 @@
 									<a class="type" href="../en-US/./Fedora/9/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/9/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/9/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/9/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/9/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.9.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.9.User_Guide.types');">
@@ -909,7 +933,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -921,7 +945,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1167,7 +1191,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/pt-BR/Site_Statistics.html b/public_html/pt-BR/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/pt-BR/Site_Statistics.html
+++ b/public_html/pt-BR/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/pt-BR/opds-Drafts.xml b/public_html/pt-BR/opds-Drafts.xml
new file mode 100644
index 0000000..236db10
--- /dev/null
+++ b/public_html/pt-BR/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/pt-BR/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/pt-BR/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:54</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>pt-BR</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/pt-BR/opds-Fedora.xml b/public_html/pt-BR/opds-Fedora.xml
index 52f6630..47d5df6 100644
--- a/public_html/pt-BR/opds-Fedora.xml
+++ b/public_html/pt-BR/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-BR/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:54</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>pt-BR</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
index 4a7ba6f..043d0e6 100644
--- a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/pt-BR/opds-Fedora_Core.xml b/public_html/pt-BR/opds-Fedora_Core.xml
index 740b5de..3328d53 100644
--- a/public_html/pt-BR/opds-Fedora_Core.xml
+++ b/public_html/pt-BR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
index 229d3a7..c6d6e51 100644
--- a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pt-BR/opds.xml b/public_html/pt-BR/opds.xml
index 6f4d277..1d529c4 100644
--- a/public_html/pt-BR/opds.xml
+++ b/public_html/pt-BR/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/pt-BR/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/pt-BR/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:54</updated>
+    <dc:language>pt-BR</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/pt-BR/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:54</updated>
     <dc:language>pt-BR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/pt-BR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-BR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/pt-BR/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-BR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/pt-BR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-BR</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pt-BR/toc.html b/public_html/pt-BR/toc.html
index 2615429..bdfdb22 100644
--- a/public_html/pt-BR/toc.html
+++ b/public_html/pt-BR/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -837,7 +861,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -858,7 +882,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1104,7 +1128,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/pt-PT/Site_Statistics.html b/public_html/pt-PT/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/pt-PT/Site_Statistics.html
+++ b/public_html/pt-PT/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/pt-PT/opds-Drafts.xml b/public_html/pt-PT/opds-Drafts.xml
new file mode 100644
index 0000000..c7e457e
--- /dev/null
+++ b/public_html/pt-PT/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/pt-PT/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/pt-PT/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:55</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>pt-PT</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/pt-PT/opds-Fedora.xml b/public_html/pt-PT/opds-Fedora.xml
index b4451c6..96965a8 100644
--- a/public_html/pt-PT/opds-Fedora.xml
+++ b/public_html/pt-PT/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-PT/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>pt-PT</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
index 2b423bd..d295410 100644
--- a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/pt-PT/opds-Fedora_Core.xml b/public_html/pt-PT/opds-Fedora_Core.xml
index da9ecd9..c5d8654 100644
--- a/public_html/pt-PT/opds-Fedora_Core.xml
+++ b/public_html/pt-PT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
index 6635e7b..f7db91b 100644
--- a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/pt-PT/opds.xml b/public_html/pt-PT/opds.xml
index 17fa104..125432b 100644
--- a/public_html/pt-PT/opds.xml
+++ b/public_html/pt-PT/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/pt-PT/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/pt-PT/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:55</updated>
+    <dc:language>pt-PT</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/pt-PT/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-PT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/pt-PT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-PT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/pt-PT/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-PT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/pt-PT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>pt-PT</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pt-PT/toc.html b/public_html/pt-PT/toc.html
index cd597dc..801063b 100644
--- a/public_html/pt-PT/toc.html
+++ b/public_html/pt-PT/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -837,7 +861,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -858,7 +882,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1094,7 +1118,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/ru-RU/Site_Statistics.html b/public_html/ru-RU/Site_Statistics.html
index 47d6fca..2b304bf 100644
--- a/public_html/ru-RU/Site_Statistics.html
+++ b/public_html/ru-RU/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Всего языков: </b>42<br />
-	<b>Всего пакетов: </b>658
+	<b>Всего пакетов: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/ru-RU/opds-Drafts.xml b/public_html/ru-RU/opds-Drafts.xml
new file mode 100644
index 0000000..7083a0e
--- /dev/null
+++ b/public_html/ru-RU/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/ru-RU/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/ru-RU/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:55</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>ru-RU</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/ru-RU/opds-Fedora.xml b/public_html/ru-RU/opds-Fedora.xml
index d529462..54f3ce4 100644
--- a/public_html/ru-RU/opds-Fedora.xml
+++ b/public_html/ru-RU/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ru-RU/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -137,9 +137,9 @@
     <dc:language>ru-RU</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Как использовать Live-образ Fedora
+    <summary>Как использовать Live-образ Fedora
 </summary>
-    <content type="text">Как использовать Live-образ Fedora</content>
+    <content type="text">Как использовать Live-образ Fedora</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ru-RU/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-ru-RU.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>ru-RU</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -213,9 +213,9 @@
     <dc:language>ru-RU</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Примечания к выпуску Fedora 14
+    <summary>Примечания к выпуску Fedora 14
 </summary>
-    <content type="text">Этот документ содержит примечания к выпуску Fedora 14.</content>
+    <content type="text">Этот документ содержит примечания к выпуску Fedora 14.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ru-RU/Fedora/14/epub/Release_Notes/Fedora-14-Release_Notes-ru-RU.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
index ceb247c..e310a1f 100644
--- a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Документация участника Fedora</title>
   <subtitle>Документация участника Fedora</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
@@ -42,9 +42,9 @@
     <dc:language>ru-RU</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Краткое руководство для переводчиков Fedora
+    <summary>Краткое руководство для переводчиков Fedora
 </summary>
-    <content type="text">Это руководство является краткой, простой, пошаговой инструкцией для перевода программного обеспечения и документации в проекте Fedora.</content>
+    <content type="text">Это руководство является краткой, простой, пошаговой инструкцией для перевода программного обеспечения и документации в проекте Fedora.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/ru-RU/Fedora_Contributor_Documentation/1/epub/Translation_Quick_Start_Guide/Fedora_Contributor_Documentation-1-Translation_Quick_Start_Guide-ru-RU.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ru-RU/opds-Fedora_Core.xml b/public_html/ru-RU/opds-Fedora_Core.xml
index 6217f59..9d739bc 100644
--- a/public_html/ru-RU/opds-Fedora_Core.xml
+++ b/public_html/ru-RU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
index f055cb5..5661b07 100644
--- a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ru-RU/opds.xml b/public_html/ru-RU/opds.xml
index 967301b..9815364 100644
--- a/public_html/ru-RU/opds.xml
+++ b/public_html/ru-RU/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/ru-RU/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:30</updated>
+  <updated>2011-06-13T21:31:55</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/ru-RU/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:55</updated>
+    <dc:language>ru-RU</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/ru-RU/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>ru-RU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Документация участника Fedora</title>
     <id>http://docs.fedoraproject.org/ru-RU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>ru-RU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/ru-RU/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>ru-RU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/ru-RU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:30</updated>
+    <updated>2011-06-13T21:31:55</updated>
     <dc:language>ru-RU</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ru-RU/toc.html b/public_html/ru-RU/toc.html
index d05c52b..475ca90 100644
--- a/public_html/ru-RU/toc.html
+++ b/public_html/ru-RU/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Не переведено</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -837,7 +861,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/sk-SK/Site_Statistics.html b/public_html/sk-SK/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/sk-SK/Site_Statistics.html
+++ b/public_html/sk-SK/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/sk-SK/opds-Drafts.xml b/public_html/sk-SK/opds-Drafts.xml
new file mode 100644
index 0000000..abef3d5
--- /dev/null
+++ b/public_html/sk-SK/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/sk-SK/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/sk-SK/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:56</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>sk-SK</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/sk-SK/opds-Fedora.xml b/public_html/sk-SK/opds-Fedora.xml
index 3d4765b..1253b61 100644
--- a/public_html/sk-SK/opds-Fedora.xml
+++ b/public_html/sk-SK/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sk-SK/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>sk-SK</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
index 2d6f818..80354d7 100644
--- a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/sk-SK/opds-Fedora_Core.xml b/public_html/sk-SK/opds-Fedora_Core.xml
index 01a863e..9c6e60d 100644
--- a/public_html/sk-SK/opds-Fedora_Core.xml
+++ b/public_html/sk-SK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
index e11f6a0..492225a 100644
--- a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sk-SK/opds.xml b/public_html/sk-SK/opds.xml
index c3abe0c..43c0523 100644
--- a/public_html/sk-SK/opds.xml
+++ b/public_html/sk-SK/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/sk-SK/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/sk-SK/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:56</updated>
+    <dc:language>sk-SK</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/sk-SK/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sk-SK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/sk-SK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sk-SK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/sk-SK/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sk-SK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/sk-SK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sk-SK</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sk-SK/toc.html b/public_html/sk-SK/toc.html
index b46359b..850621e 100644
--- a/public_html/sk-SK/toc.html
+++ b/public_html/sk-SK/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -737,7 +761,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/sr-Latn-RS/Site_Statistics.html b/public_html/sr-Latn-RS/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/sr-Latn-RS/Site_Statistics.html
+++ b/public_html/sr-Latn-RS/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/sr-Latn-RS/opds-Drafts.xml b/public_html/sr-Latn-RS/opds-Drafts.xml
new file mode 100644
index 0000000..ac31030
--- /dev/null
+++ b/public_html/sr-Latn-RS/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/sr-Latn-RS/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:56</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>sr-Latn-RS</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/sr-Latn-RS/opds-Fedora.xml b/public_html/sr-Latn-RS/opds-Fedora.xml
index a1bccd5..9c04e27 100644
--- a/public_html/sr-Latn-RS/opds-Fedora.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>sr-Latn-RS</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
index 9fe00bc..765c6c6 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Core.xml b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
index 507f92f..0fabde3 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
index d71f24d..9cc917c 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sr-Latn-RS/opds.xml b/public_html/sr-Latn-RS/opds.xml
index 5d98291..0a6a6f4 100644
--- a/public_html/sr-Latn-RS/opds.xml
+++ b/public_html/sr-Latn-RS/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/sr-Latn-RS/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:56</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/sr-Latn-RS/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:56</updated>
+    <dc:language>sr-Latn-RS</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sr-Latn-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sr-Latn-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sr-Latn-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:56</updated>
     <dc:language>sr-Latn-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sr-Latn-RS/toc.html b/public_html/sr-Latn-RS/toc.html
index 72b02f7..f36be65 100644
--- a/public_html/sr-Latn-RS/toc.html
+++ b/public_html/sr-Latn-RS/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -309,7 +333,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/sr-RS/Site_Statistics.html b/public_html/sr-RS/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/sr-RS/Site_Statistics.html
+++ b/public_html/sr-RS/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/sr-RS/opds-Drafts.xml b/public_html/sr-RS/opds-Drafts.xml
new file mode 100644
index 0000000..4753a9e
--- /dev/null
+++ b/public_html/sr-RS/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/sr-RS/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/sr-RS/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:56</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>sr-RS</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/sr-RS/opds-Fedora.xml b/public_html/sr-RS/opds-Fedora.xml
index 9977dde..2172801 100644
--- a/public_html/sr-RS/opds-Fedora.xml
+++ b/public_html/sr-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-RS/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>sr-RS</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
index 8f06cfb..62ebbeb 100644
--- a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/sr-RS/opds-Fedora_Core.xml b/public_html/sr-RS/opds-Fedora_Core.xml
index 37a576c..cd4c198 100644
--- a/public_html/sr-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
index 7339613..8b17cbd 100644
--- a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sr-RS/opds.xml b/public_html/sr-RS/opds.xml
index 19d0a58..6edbaae 100644
--- a/public_html/sr-RS/opds.xml
+++ b/public_html/sr-RS/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/sr-RS/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/sr-RS/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:56</updated>
+    <dc:language>sr-RS</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/sr-RS/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sr-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/sr-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sr-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/sr-RS/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sr-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/sr-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sr-RS</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sr-RS/toc.html b/public_html/sr-RS/toc.html
index 53d7d3d..572f349 100644
--- a/public_html/sr-RS/toc.html
+++ b/public_html/sr-RS/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -309,7 +333,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -837,7 +861,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -858,7 +882,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1104,7 +1128,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/sv-SE/Site_Statistics.html b/public_html/sv-SE/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/sv-SE/Site_Statistics.html
+++ b/public_html/sv-SE/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/sv-SE/opds-Drafts.xml b/public_html/sv-SE/opds-Drafts.xml
new file mode 100644
index 0000000..17bb1ab
--- /dev/null
+++ b/public_html/sv-SE/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/sv-SE/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/sv-SE/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:57</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>sv-SE</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/sv-SE/opds-Fedora.xml b/public_html/sv-SE/opds-Fedora.xml
index 1c874fe..b2cfc61 100644
--- a/public_html/sv-SE/opds-Fedora.xml
+++ b/public_html/sv-SE/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sv-SE/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -99,9 +99,9 @@
     <dc:language>sv-SE</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Hur man hämtar ISO-avbilder och skapar CD- och DVD-media
+    <summary>Hur man hämtar ISO-avbilder och skapar CD- och DVD-media
 </summary>
-    <content type="text">Hur man hämtar ISO-avbilder och skapar CD- och DVD-media</content>
+    <content type="text">Hur man hämtar ISO-avbilder och skapar CD- och DVD-media</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/sv-SE/Fedora/14/epub/Burning_ISO_images_to_disc/Fedora-14-Burning_ISO_images_to_disc-sv-SE.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -137,9 +137,9 @@
     <dc:language>sv-SE</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Hur man använder Fedora live-avbilden
+    <summary>Hur man använder Fedora live-avbilden
 </summary>
-    <content type="text">Hur man använder Fedora live-avbilden</content>
+    <content type="text">Hur man använder Fedora live-avbilden</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/sv-SE/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-sv-SE.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>sv-SE</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
index be48140..33d1de0 100644
--- a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/sv-SE/opds-Fedora_Core.xml b/public_html/sv-SE/opds-Fedora_Core.xml
index c69ea4e..35f1e2f 100644
--- a/public_html/sv-SE/opds-Fedora_Core.xml
+++ b/public_html/sv-SE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
index 5f7b58c..c249dd2 100644
--- a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/sv-SE/opds.xml b/public_html/sv-SE/opds.xml
index 946b39e..f1f893b 100644
--- a/public_html/sv-SE/opds.xml
+++ b/public_html/sv-SE/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/sv-SE/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/sv-SE/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:57</updated>
+    <dc:language>sv-SE</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/sv-SE/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sv-SE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/sv-SE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sv-SE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/sv-SE/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sv-SE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/sv-SE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>sv-SE</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sv-SE/toc.html b/public_html/sv-SE/toc.html
index 9d22088..097aaf5 100644
--- a/public_html/sv-SE/toc.html
+++ b/public_html/sv-SE/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -318,7 +342,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Installation_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.13.Installation_Guide.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -810,7 +834,7 @@
 									<a class="type" href="../en-US/./Fedora/7/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/7/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/7/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/7/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/7/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/7/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/7/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/7/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/7/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.7.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.7.Making_Fedora_Discs.types');">
@@ -873,7 +897,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -894,7 +918,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1140,7 +1164,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/ta-IN/Site_Statistics.html b/public_html/ta-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/ta-IN/Site_Statistics.html
+++ b/public_html/ta-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/ta-IN/opds-Drafts.xml b/public_html/ta-IN/opds-Drafts.xml
new file mode 100644
index 0000000..a515f69
--- /dev/null
+++ b/public_html/ta-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/ta-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/ta-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:57</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>ta-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/ta-IN/opds-Fedora.xml b/public_html/ta-IN/opds-Fedora.xml
index 7c87a40..b4f5cb9 100644
--- a/public_html/ta-IN/opds-Fedora.xml
+++ b/public_html/ta-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ta-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>ta-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
index 1b1846c..d01645c 100644
--- a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/ta-IN/opds-Fedora_Core.xml b/public_html/ta-IN/opds-Fedora_Core.xml
index 1c7998b..ef94a90 100644
--- a/public_html/ta-IN/opds-Fedora_Core.xml
+++ b/public_html/ta-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
index 91531cd..fb5d9e8 100644
--- a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/ta-IN/opds.xml b/public_html/ta-IN/opds.xml
index b1137b1..3166cf5 100644
--- a/public_html/ta-IN/opds.xml
+++ b/public_html/ta-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/ta-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/ta-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:57</updated>
+    <dc:language>ta-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/ta-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>ta-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/ta-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>ta-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/ta-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>ta-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/ta-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>ta-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ta-IN/toc.html b/public_html/ta-IN/toc.html
index e498fa3..a88e1b5 100644
--- a/public_html/ta-IN/toc.html
+++ b/public_html/ta-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/te-IN/Site_Statistics.html b/public_html/te-IN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/te-IN/Site_Statistics.html
+++ b/public_html/te-IN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/te-IN/opds-Drafts.xml b/public_html/te-IN/opds-Drafts.xml
new file mode 100644
index 0000000..9fe2aea
--- /dev/null
+++ b/public_html/te-IN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/te-IN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/te-IN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:57</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>te-IN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/te-IN/opds-Fedora.xml b/public_html/te-IN/opds-Fedora.xml
index 70ba9bc..1f9fb90 100644
--- a/public_html/te-IN/opds-Fedora.xml
+++ b/public_html/te-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/te-IN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>te-IN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
index 4747c28..a4a05eb 100644
--- a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/te-IN/opds-Fedora_Core.xml b/public_html/te-IN/opds-Fedora_Core.xml
index 2d913e2..6f8adb3 100644
--- a/public_html/te-IN/opds-Fedora_Core.xml
+++ b/public_html/te-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
index 9e16ea0..8e7566e 100644
--- a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:57</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/te-IN/opds.xml b/public_html/te-IN/opds.xml
index f5431de..c704613 100644
--- a/public_html/te-IN/opds.xml
+++ b/public_html/te-IN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/te-IN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:31</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/te-IN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:57</updated>
+    <dc:language>te-IN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/te-IN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>te-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/te-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>te-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/te-IN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>te-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/te-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:31</updated>
+    <updated>2011-06-13T21:31:57</updated>
     <dc:language>te-IN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/te-IN/toc.html b/public_html/te-IN/toc.html
index 7adacb5..65e4c52 100644
--- a/public_html/te-IN/toc.html
+++ b/public_html/te-IN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/toc.html b/public_html/toc.html
index b5a2474..7e3c05b 100644
--- a/public_html/toc.html
+++ b/public_html/toc.html
@@ -1227,6 +1227,31 @@
 		<h2>English (en-US)</h2>
 		
 		<div class="product">
+			<span id="Drafts" class="product">Drafts</span>
+			<div class="versions">
+							<div class="version">
+					<span class="version">1</span>					<div class="books">
+					
+						<div class="book">
+							<span id="Enterprise_Identity_Management_Guide" class="book">Enterprise Identity Management Guide</span> 
+							<div class="types">
+							
+								<a class="type" href="./en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">epub</a>
+			        			
+								<a class="type" href="./en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html">html</a>
+			        			
+								<a class="type" href="./en-US/Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html">html-single</a>
+			        			
+								<a class="type" href="./en-US/Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf">pdf</a>
+			        			
+							</div>
+						</div>
+	        			
+					</div>				</div>								
+			</div>					
+		</div>					
+       		
+		<div class="product">
 			<span id="Fedora" class="product">Fedora</span>
 			<div class="versions">
 							<div class="version">
@@ -1536,7 +1561,7 @@
 			        			
 								<a class="type" href="./en-US/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./en-US/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf">pdf</a>
+								<a class="type" href="./en-US/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -2037,7 +2062,7 @@
 			        			
 								<a class="type" href="./en-US/Fedora/11/html-single/Security_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./en-US/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf">pdf</a>
+								<a class="type" href="./en-US/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -2211,7 +2236,7 @@
 			        			
 								<a class="type" href="./en-US/Fedora/8/html-single/Installation_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./en-US/Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf">pdf</a>
+								<a class="type" href="./en-US/Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -2339,7 +2364,7 @@
 							<span id="Fedora_Elections_Guide" class="book">Fedora Elections Guide</span> 
 							<div class="types">
 							
-								<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">epub</a>
+								<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">epub</a>
 			        			
 								<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html">html</a>
 			        			
@@ -2375,7 +2400,7 @@
 			        			
 								<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf">pdf</a>
+								<a class="type" href="./en-US/Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -2682,7 +2707,7 @@
 			        			
 								<a class="type" href="./en-US/Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf">pdf</a>
+								<a class="type" href="./en-US/Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -3805,7 +3830,7 @@
 			        			
 								<a class="type" href="./fi-FI/Fedora/12/html-single/Fedora_Live_images/index.html">html-single</a>
 			        			
-								<a class="type" href="./fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf">pdf</a>
+								<a class="type" href="./fi-FI/Fedora/12/pdf/Fedora_Live_images/Fedora-13-Fedora_Live_Images-fi-FI.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -3838,7 +3863,7 @@
 			        			
 								<a class="type" href="./fi-FI/Fedora/11/html-single/Fedora_Live_images/index.html">html-single</a>
 			        			
-								<a class="type" href="./fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-12-Fedora_Live_images-fi-FI.pdf">pdf</a>
+								<a class="type" href="./fi-FI/Fedora/11/pdf/Fedora_Live_images/Fedora-11-Fedora_Live_images-fi-FI.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -3856,7 +3881,7 @@
 			        			
 								<a class="type" href="./fi-FI/Fedora/10/html-single/Fedora_Live_Images/index.html">html-single</a>
 			        			
-								<a class="type" href="./fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-12-Fedora_Live_images-fi-FI.pdf">pdf</a>
+								<a class="type" href="./fi-FI/Fedora/10/pdf/Fedora_Live_Images/Fedora-10-Fedora_Live_Images-fi-FI.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -4776,7 +4801,7 @@
 			        			
 								<a class="type" href="./it-IT/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./it-IT/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-it-IT.pdf">pdf</a>
+								<a class="type" href="./it-IT/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-it-IT.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -6216,7 +6241,7 @@
 			        			
 								<a class="type" href="./nl-NL/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./nl-NL/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-nl-NL.pdf">pdf</a>
+								<a class="type" href="./nl-NL/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-nl-NL.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -6642,7 +6667,7 @@
 			        			
 								<a class="type" href="./nl-NL/Fedora/11/html-single/Security_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./nl-NL/Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-nl-NL.pdf">pdf</a>
+								<a class="type" href="./nl-NL/Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-nl-NL.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -10240,7 +10265,7 @@
 			        			
 								<a class="type" href="./uk-UA/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./uk-UA/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf">pdf</a>
+								<a class="type" href="./uk-UA/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -10639,7 +10664,7 @@
 			        			
 								<a class="type" href="./zh-CN/Fedora/13/html-single/Accessibility_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./zh-CN/Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf">pdf</a>
+								<a class="type" href="./zh-CN/Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf">pdf</a>
 			        			
 							</div>
 						</div>
@@ -11114,7 +11139,7 @@
 			        			
 								<a class="type" href="./zh-TW/Fedora/12/html-single/Installation_Quick_Start_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./zh-TW/Fedora/12/pdf/Installation_Quick_Start_Guide/Fedora-12-Installation_Quick_Start_Guide-zh-TW.pdf">pdf</a>
+								<a class="type" href="./zh-TW/Fedora/12/pdf/Installation_Quick_Start_Guide/">pdf</a>
 			        			
 							</div>
 						</div>
@@ -11129,7 +11154,7 @@
 			        			
 								<a class="type" href="./zh-TW/Fedora/12/html-single/Virtualization_Guide/index.html">html-single</a>
 			        			
-								<a class="type" href="./zh-TW/Fedora/12/pdf/Virtualization_Guide/Fedora-12-Virtualization_Guide-zh-TW.pdf">pdf</a>
+								<a class="type" href="./zh-TW/Fedora/12/pdf/Virtualization_Guide/">pdf</a>
 			        			
 							</div>
 						</div>
diff --git a/public_html/uk-UA/Site_Statistics.html b/public_html/uk-UA/Site_Statistics.html
index 7717a68..8b6a96e 100644
--- a/public_html/uk-UA/Site_Statistics.html
+++ b/public_html/uk-UA/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Загалом мов: </b>42<br />
-	<b>Загалом пакунків: </b>658
+	<b>Загалом пакунків: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/uk-UA/opds-Drafts.xml b/public_html/uk-UA/opds-Drafts.xml
new file mode 100644
index 0000000..11a0458
--- /dev/null
+++ b/public_html/uk-UA/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/uk-UA/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/uk-UA/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:58</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>uk-UA</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/uk-UA/opds-Fedora.xml b/public_html/uk-UA/opds-Fedora.xml
index d7af299..630bff4 100644
--- a/public_html/uk-UA/opds-Fedora.xml
+++ b/public_html/uk-UA/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/uk-UA/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -61,9 +61,9 @@
     <dc:language>uk-UA</dc:language>
     <category label="14" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Як користуватися Fedora, якщо ви маєте зорові, слухові вади або вади опорно-рухових можливостей
+    <summary>Як користуватися Fedora, якщо ви маєте зорові, слухові вади або вади опорно-рухових можливостей
 </summary>
-    <content type="text">Цей документ присвячено опису деяких з апаратних пристроїв, програм та модулів, які допоможуть користувачам з особливими потребами користуватися комп’ютером під керуванням операційної системи Fedora.</content>
+    <content type="text">Цей документ присвячено опису деяких з апаратних пристроїв, програм та модулів, які допоможуть користувачам з особливими потребами користуватися комп’ютером під керуванням операційної системи Fedora.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/uk-UA/Fedora/14/epub/Accessibility_Guide/Fedora-14-Accessibility_Guide-uk-UA.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -99,9 +99,9 @@
     <dc:language>uk-UA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Як завантажити образи ISO та створити CD та DVD носії
+    <summary>Як завантажити образи ISO та створити CD та DVD носії
 </summary>
-    <content type="text">Як завантажити образи ISO та створити CD та DVD носії</content>
+    <content type="text">Як завантажити образи ISO та створити CD та DVD носії</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/uk-UA/Fedora/14/epub/Burning_ISO_images_to_disc/Fedora-14-Burning_ISO_images_to_disc-uk-UA.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -137,9 +137,9 @@
     <dc:language>uk-UA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Як користуватися образами портативної системи Fedora
+    <summary>Як користуватися образами портативної системи Fedora
 </summary>
-    <content type="text">Як користуватися образами портативної системи Fedora</content>
+    <content type="text">Як користуватися образами портативної системи Fedora</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/uk-UA/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-uk-UA.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>uk-UA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -289,9 +289,9 @@
     <dc:language>uk-UA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Використання Fedora 14 з метою виконання звичних завдань на комп’ютері
+    <summary>Використання Fedora 14 з метою виконання звичних завдань на комп’ютері
 </summary>
-    <content type="text">Інструкцію користувача Fedora зосереджено на описі виконання типових завдань комп’ютера, зокрема перегляду сторінок інтернету, читання і надсилання електронної пошти та виконання офісних робіт.</content>
+    <content type="text">Інструкцію користувача Fedora зосереджено на описі виконання типових завдань комп’ютера, зокрема перегляду сторінок інтернету, читання і надсилання електронної пошти та виконання офісних робіт.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/uk-UA/Fedora/14/epub/User_Guide/Fedora-14-User_Guide-uk-UA.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -434,9 +434,9 @@
     <dc:language>uk-UA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Питання, які найчастіше задають користувачі щодо Security Enhanced Linux, та відповіді на них
+    <summary>Питання, які найчастіше задають користувачі щодо Security Enhanced Linux, та відповіді на них
 </summary>
-    <content type="text">У цьому довіднику наведено відповіді на питання щодо Security-Enhanced Linux. Відомості з нього будуть корисними всім, хто ще не досить знайомий з SELinux. Звичайно ж, у цьому довіднику ви не знайдете повного опису SELinux. Докладні інструкції та настанови щодо вивчення та використання SELinux, наведено у «Інструкції користувача SELinux» та «Підручнику з керування службами обмеження доступу». Знайти ці підручники можна за адресою http://docs.fedoraproject.org</content>
+    <content type="text">У цьому довіднику наведено відповіді на питання щодо Security-Enhanced Linux. Відомості з нього будуть корисними всім, хто ще не досить знайомий з SELinux. Звичайно ж, у цьому довіднику ви не знайдете повного опису SELinux. Докладні інструкції та настанови щодо вивчення та використання SELinux, наведено у «ІнсÑ
 ‚рукції користувача SELinux» та «Підручнику з керування службами обмеження доступу». Знайти ці підручники можна за адресою http://docs.fedoraproject.org</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/uk-UA/Fedora/13/epub/SELinux_FAQ/Fedora-13-SELinux_FAQ-uk-UA.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
index 5d08510..875dd1d 100644
--- a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Документація для учасника розробки Fedora</title>
   <subtitle>Документація для учасника розробки Fedora</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
@@ -42,9 +42,9 @@
     <dc:language>uk-UA</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Початкові настанови щодо перекладу Fedora Project
+    <summary>Початкові настанови щодо перекладу Fedora Project
 </summary>
-    <content type="text">У цьому підручнику ви знайдете простий покроковий набір інструкцій щодо перекладу програмного забезпечення та документації до Fedora Project.</content>
+    <content type="text">У цьому підручнику ви знайдете простий покроковий набір інструкцій щодо перекладу програмного забезпечення та документації до Fedora Project.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/uk-UA/Fedora_Contributor_Documentation/1/epub/Translation_Quick_Start_Guide/Fedora_Contributor_Documentation-1-Translation_Quick_Start_Guide-uk-UA.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/uk-UA/opds-Fedora_Core.xml b/public_html/uk-UA/opds-Fedora_Core.xml
index 717065e..6342eaa 100644
--- a/public_html/uk-UA/opds-Fedora_Core.xml
+++ b/public_html/uk-UA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
index acb9672..aa66394 100644
--- a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/uk-UA/opds.xml b/public_html/uk-UA/opds.xml
index a1f5edf..51efb32 100644
--- a/public_html/uk-UA/opds.xml
+++ b/public_html/uk-UA/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/uk-UA/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/uk-UA/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:58</updated>
+    <dc:language>uk-UA</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/uk-UA/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>uk-UA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Документація для учасника розробки Fedora</title>
     <id>http://docs.fedoraproject.org/uk-UA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>uk-UA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/uk-UA/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>uk-UA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/uk-UA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>uk-UA</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/uk-UA/toc.html b/public_html/uk-UA/toc.html
index 5fa2f4d..f720a9f 100644
--- a/public_html/uk-UA/toc.html
+++ b/public_html/uk-UA/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		Після завантаження сторінок навігаційне меню буде автоматично згортатися. Увімкніть використання кук у переглядачі, щоб виправити роботу навігаційного меню.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Не перекладено</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -279,7 +303,7 @@
 							<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.epub" >epub</a>
 							<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-uk-UA.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-uk-UA.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -746,7 +770,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
@@ -837,7 +861,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/zh-CN/Site_Statistics.html b/public_html/zh-CN/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/zh-CN/Site_Statistics.html
+++ b/public_html/zh-CN/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/zh-CN/opds-Drafts.xml b/public_html/zh-CN/opds-Drafts.xml
new file mode 100644
index 0000000..d27e497
--- /dev/null
+++ b/public_html/zh-CN/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/zh-CN/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/zh-CN/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:58</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>zh-CN</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/zh-CN/opds-Fedora.xml b/public_html/zh-CN/opds-Fedora.xml
index 8ec4200..bd327d7 100644
--- a/public_html/zh-CN/opds-Fedora.xml
+++ b/public_html/zh-CN/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-CN/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -137,9 +137,9 @@
     <dc:language>zh-CN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>如​何​使​用​ Fedora Live 镜​像​
+    <summary>如​何​使​用​ Fedora Live 镜​像​
 </summary>
-    <content type="text">如​何​使​用​ Fedora Live 镜​像​</content>
+    <content type="text">如​何​使​用​ Fedora Live 镜​像​</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/zh-CN/Fedora/14/epub/Fedora_Live_Images/Fedora-14-Fedora_Live_Images-zh-CN.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
@@ -156,7 +156,7 @@
     <dc:language>zh-CN</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
index 7d466cd..61c6185 100644
--- a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/zh-CN/opds-Fedora_Core.xml b/public_html/zh-CN/opds-Fedora_Core.xml
index 880ec43..bc6f9ef 100644
--- a/public_html/zh-CN/opds-Fedora_Core.xml
+++ b/public_html/zh-CN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
index 77e86f1..7ec7458 100644
--- a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/zh-CN/opds.xml b/public_html/zh-CN/opds.xml
index 027f8ec..9574ee1 100644
--- a/public_html/zh-CN/opds.xml
+++ b/public_html/zh-CN/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/zh-CN/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/zh-CN/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:58</updated>
+    <dc:language>zh-CN</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/zh-CN/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-CN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/zh-CN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-CN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/zh-CN/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-CN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/zh-CN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-CN</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/zh-CN/toc.html b/public_html/zh-CN/toc.html
index 67b4033..3969ea2 100644
--- a/public_html/zh-CN/toc.html
+++ b/public_html/zh-CN/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -279,7 +303,7 @@
 							<a class="type" href="./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.epub" >epub</a>
 							<a class="type" href="./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-zh-CN.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf" onclick="window.top.location='./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-zh-CN.pdf';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -717,7 +741,7 @@
 									<a class="type" href="../en-US/./Fedora/10/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/10/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/10/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/10/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/10/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.10.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.10.User_Guide.types');">
@@ -818,7 +842,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.SELinux_FAQ' class="book collapsed" onclick="toggle(event, 'Fedora.8.SELinux_FAQ.types');">
@@ -909,7 +933,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -921,7 +945,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1167,7 +1191,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
diff --git a/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/bootscreen/bootscreen-livecd.png b/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/bootscreen/bootscreen-livecd.png
index b6658ee..071cd40 100644
Binary files a/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/bootscreen/bootscreen-livecd.png and b/public_html/zh-TW/Fedora/12/html/Installation_Quick_Start_Guide/images/bootscreen/bootscreen-livecd.png differ
diff --git a/public_html/zh-TW/Site_Statistics.html b/public_html/zh-TW/Site_Statistics.html
index 8c1d7f4..cc787de 100644
--- a/public_html/zh-TW/Site_Statistics.html
+++ b/public_html/zh-TW/Site_Statistics.html
@@ -25,10 +25,10 @@
 	<tr>
 		<td>English</td>
 		<td>en-US</td>
-		<td>4</td>
-		<td>31</td>
+		<td>5</td>
+		<td>32</td>
 		<td>17</td>
-		<td>99</td>
+		<td>100</td>
 	</tr>
 	
 	<tr>
@@ -403,7 +403,7 @@
 </table>
 <div class="totals">
 	<b>Total Languages: </b>42<br />
-	<b>Total Packages: </b>658
+	<b>Total Packages: </b>659
 </div>
 </body>
 </html>
diff --git a/public_html/zh-TW/opds-Drafts.xml b/public_html/zh-TW/opds-Drafts.xml
new file mode 100644
index 0000000..8cdb9ae
--- /dev/null
+++ b/public_html/zh-TW/opds-Drafts.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:dc="http://purl.org/dc/terms/"
+      xmlns:opds="http://opds-spec.org/2010/catalog">
+  <link rel="self"  href="http://docs.fedoraproject.org/zh-TW/opds-Drafts.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
+  <id>http://docs.fedoraproject.org/zh-TW/opds-Drafts.xml</id>
+  <title>Drafts</title>
+  <subtitle>Drafts</subtitle>
+  <updated>2011-06-13T21:31:58</updated>
+  <!--author>
+    <name></name>
+    <uri></uri>
+  </author-->
+
+  <entry>
+    <title>Enterprise Identity Management Guide</title>
+    <id>http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub</id>
+    <!--author>
+      <name></name>
+      <uri></uri>
+    </author-->
+    <updated>2011-06-13</updated>
+    <dc:language>zh-TW</dc:language>
+    <category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
+    <!--dc:issued></dc:issued-->
+    <summary>Managing Identity and Authorization Policies for Linux-Based Enterprise Networks
+</summary>
+    <content type="text">Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.</content>
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub">
+      <dc:format>application/epub+zip</dc:format>
+    </link>      
+    <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
+ </entry>
+</feed>
diff --git a/public_html/zh-TW/opds-Fedora.xml b/public_html/zh-TW/opds-Fedora.xml
index 1a4718e..0f984b4 100644
--- a/public_html/zh-TW/opds-Fedora.xml
+++ b/public_html/zh-TW/opds-Fedora.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-TW/opds-Fedora.xml</id>
   <title>Fedora</title>
   <subtitle>Fedora</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -156,7 +156,7 @@
     <dc:language>zh-TW</dc:language>
     <category label="" scheme="http://lexcycle.com/stanza/header" term="free"/>
     <!--dc:issued></dc:issued-->
-    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
+    <summary>Installing Fedora 14 on x86, AMD64, and Intel 64 architectures
 </summary>
     <content type="text">Provides documentation for the installation process.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Installation_Guide/Fedora-14-Installation_Guide-en-US.epub">
@@ -196,7 +196,7 @@
     <!--dc:issued></dc:issued-->
     <summary>Managing power consumption on Fedora
 </summary>
-    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
+    <content type="text">This document explains how to manage power consumption on Fedora 14 systems effectively. The following sections discuss different techniques that lower power consumption (for both server and laptop), and how each technique affects the overall performance of your system. Please note: This document is still under development, is subject to heavy change, and is provided here as a preview. The content and instructions contained within should not be considered complete, and should be used with caution.</content>
     <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora/14/epub/Power_Management_Guide/Fedora-14-Power_Management_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
diff --git a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
index 1fdc93e..d03a80f 100644
--- a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Contributor_Documentation.xml</id>
   <title>Fedora Contributor Documentation</title>
   <subtitle>Fedora Contributor Documentation</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
@@ -14,7 +14,7 @@
 
   <entry>
     <title>Fedora Elections Guide</title>
-    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub</id>
+    <id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub</id>
     <!--author>
       <name></name>
       <uri></uri>
@@ -26,7 +26,7 @@
     <summary>Fedora Elections Guide
 </summary>
     <content type="text">This book covers procedural information for the use the Fedora Elections software</content>
-    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub">
+    <link type="application/epub+zip" rel="http://opds-spec.org/acquisition" href="http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub">
       <dc:format>application/epub+zip</dc:format>
     </link>      
     <!--link type="application/atom+xml;type=entry" href="" rel="alternate" title="Full entry"/-->
diff --git a/public_html/zh-TW/opds-Fedora_Core.xml b/public_html/zh-TW/opds-Fedora_Core.xml
index 71ffe93..8ad64c6 100644
--- a/public_html/zh-TW/opds-Fedora_Core.xml
+++ b/public_html/zh-TW/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Core.xml</id>
   <title>Fedora Core</title>
   <subtitle>Fedora Core</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
index 391e716..3df6787 100644
--- a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
   <id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Draft_Documentation.xml</id>
   <title>Fedora Draft Documentation</title>
   <subtitle>Fedora Draft Documentation</subtitle>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
diff --git a/public_html/zh-TW/opds.xml b/public_html/zh-TW/opds.xml
index 900b90f..a409843 100644
--- a/public_html/zh-TW/opds.xml
+++ b/public_html/zh-TW/opds.xml
@@ -6,16 +6,24 @@
   <link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
   <id>http://docs.fedoraproject.org/zh-TW/opds.xml</id>
   <title>Product List</title>
-  <updated>2011-06-12T18:58:32</updated>
+  <updated>2011-06-13T21:31:58</updated>
   <!--author>
     <name></name>
     <uri></uri>
   </author-->
 
   <entry>
+    <title>Drafts</title>
+    <id>http://docs.fedoraproject.org/zh-TW/Drafts/opds-Drafts.xml</id>
+    <updated>2011-06-13T21:31:58</updated>
+    <dc:language>zh-TW</dc:language>
+    <content type="text"></content>
+    <link type="application/atom+xml" href="opds-Drafts.xml"/>
+ </entry>
+  <entry>
     <title>Fedora</title>
     <id>http://docs.fedoraproject.org/zh-TW/Fedora/opds-Fedora.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-TW</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +31,7 @@
   <entry>
     <title>Fedora Contributor Documentation</title>
     <id>http://docs.fedoraproject.org/zh-TW/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-TW</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +39,7 @@
   <entry>
     <title>Fedora Core</title>
     <id>http://docs.fedoraproject.org/zh-TW/Fedora_Core/opds-Fedora_Core.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-TW</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +47,7 @@
   <entry>
     <title>Fedora Draft Documentation</title>
     <id>http://docs.fedoraproject.org/zh-TW/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
-    <updated>2011-06-12T18:58:32</updated>
+    <updated>2011-06-13T21:31:58</updated>
     <dc:language>zh-TW</dc:language>
     <content type="text"></content>
     <link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/zh-TW/toc.html b/public_html/zh-TW/toc.html
index ee1c9b3..4d25945 100644
--- a/public_html/zh-TW/toc.html
+++ b/public_html/zh-TW/toc.html
@@ -73,6 +73,30 @@
 	<div class="hidden" id="nocookie">
 		The Navigation Menu below will automatically collapse when pages are loaded. Enable cookies to fix the Navigation Menu functionality.
 	</div>
+	<div class="product collapsed" onclick="toggle(event, 'Drafts');work=1;">
+		<span class="product">Drafts</span>
+		<div id='Drafts' class="versions hidden">
+			<div id='Drafts.1' class="version collapsed" onclick="toggle(event, 'Drafts.1.books');">
+				<span class="version">1</span>
+				<div id='Drafts.1.books' class="books hidden">
+					<div id='Drafts.1' class="version collapsed untranslated" onclick="toggle(event, 'Drafts.1.untrans_books');">
+						<span class="version">Untranslated</span>
+						<div id='Drafts.1.untrans_books' class="books hidden">
+							<div id='Drafts.1.Enterprise_Identity_Management_Guide' class="book collapsed" onclick="toggle(event, 'Drafts.1.Enterprise_Identity_Management_Guide.types');">
+								<a class="type" href="../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/Drafts/1/html/Enterprise_Identity_Management_Guide/index.html'"><span class="book">Enterprise Identity Management Guide</span></a> 
+								<div id='Drafts.1.Enterprise_Identity_Management_Guide.types' class="types hidden" onclick="work=0;">
+									<a class="type" href="../en-US/./Drafts/1/epub/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html/Enterprise_Identity_Management_Guide/index.html';return false;">html</a>
+									<a class="type" href="../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html" onclick="window.top.location='../en-US/./Drafts/1/html-single/Enterprise_Identity_Management_Guide/index.html';return false;">html-single</a>
+									<a class="type" href="../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Drafts/1/pdf/Enterprise_Identity_Management_Guide/Drafts-1-Enterprise_Identity_Management_Guide-en-US.pdf';return false;">pdf</a>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+			</div>					
+		</div>					
+	</div>					
 	<div class="product collapsed" onclick="toggle(event, 'Fedora');work=1;">
 		<span class="product">Fedora</span>
 		<div id='Fedora' class="versions hidden">
@@ -282,7 +306,7 @@
 									<a class="type" href="../en-US/./Fedora/13/epub/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/13/html/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html/Accessibility_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/13/html-single/Accessibility_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/Fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/13/pdf/Accessibility_Guide/fedora-13-Accessibility_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.13.Burning_ISO_images_to_disc' class="book collapsed" onclick="toggle(event, 'Fedora.13.Burning_ISO_images_to_disc.types');">
@@ -415,7 +439,7 @@
 							<a class="type" href="./Fedora/12/epub/Installation_Quick_Start_Guide/Fedora-12-Installation_Quick_Start_Guide-zh-TW.epub" >epub</a>
 							<a class="type" href="./Fedora/12/html/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='./Fedora/12/html/Installation_Quick_Start_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/12/html-single/Installation_Quick_Start_Guide/index.html" onclick="window.top.location='./Fedora/12/html-single/Installation_Quick_Start_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/12/pdf/Installation_Quick_Start_Guide/Fedora-12-Installation_Quick_Start_Guide-zh-TW.pdf" onclick="window.top.location='./Fedora/12/pdf/Installation_Quick_Start_Guide/Fedora-12-Installation_Quick_Start_Guide-zh-TW.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/12/pdf/Installation_Quick_Start_Guide/" onclick="window.top.location='./Fedora/12/pdf/Installation_Quick_Start_Guide/';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.12.Virtualization_Guide' class="book collapsed">
@@ -424,7 +448,7 @@
 							<a class="type" href="./Fedora/12/epub/Virtualization_Guide/Fedora-12-Virtualization_Guide-zh-TW.epub" >epub</a>
 							<a class="type" href="./Fedora/12/html/Virtualization_Guide/index.html" onclick="window.top.location='./Fedora/12/html/Virtualization_Guide/index.html';return false;">html</a>
 							<a class="type" href="./Fedora/12/html-single/Virtualization_Guide/index.html" onclick="window.top.location='./Fedora/12/html-single/Virtualization_Guide/index.html';return false;">html-single</a>
-							<a class="type" href="./Fedora/12/pdf/Virtualization_Guide/Fedora-12-Virtualization_Guide-zh-TW.pdf" onclick="window.top.location='./Fedora/12/pdf/Virtualization_Guide/Fedora-12-Virtualization_Guide-zh-TW.pdf';return false;">pdf</a>
+							<a class="type" href="./Fedora/12/pdf/Virtualization_Guide/" onclick="window.top.location='./Fedora/12/pdf/Virtualization_Guide/';return false;">pdf</a>
 						</div>
 					</div>
 					<div id='Fedora.12' class="version collapsed untranslated" onclick="toggle(event, 'Fedora.12.untrans_books');">
@@ -599,7 +623,7 @@
 									<a class="type" href="../en-US/./Fedora/11/epub/Security_Guide/Fedora-11-Security_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/11/html/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html/Security_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/11/html-single/Security_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/11/html-single/Security_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/Fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/11/pdf/Security_Guide/fedora-11-Security_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.11.User_Guide' class="book collapsed" onclick="toggle(event, 'Fedora.11.User_Guide.types');">
@@ -728,7 +752,7 @@
 									<a class="type" href="../en-US/./Fedora/8/epub/Installation_Guide/Fedora-8-Installation_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora/8/html/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html/Installation_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora/8/html-single/Installation_Guide/index.html" onclick="window.top.location='../en-US/./Fedora/8/html-single/Installation_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-9-Installation_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora/8/pdf/Installation_Guide/Fedora-8-Installation_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 							<div id='Fedora.8.Making_Fedora_Discs' class="book collapsed" onclick="toggle(event, 'Fedora.8.Making_Fedora_Discs.types');">
@@ -828,7 +852,7 @@
 							<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide' class="book collapsed" onclick="toggle(event, 'Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types');">
 								<a class="type" href="../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html'"><span class="book">Fedora Elections Guide</span></a> 
 								<div id='Fedora_Contributor_Documentation.1.Fedora_Elections_Guide.types' class="types hidden" onclick="work=0;">
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation--Fedora_Elections_Guide-en-US.epub" >epub</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Fedora_Elections_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Fedora_Elections_Guide/index.html';return false;">html-single</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Fedora_Elections_Guide/Fedora_Contributor_Documentation-1-Fedora_Elections_Guide-en-US.pdf';return false;">pdf</a>
@@ -849,7 +873,7 @@
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/epub/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html/Users_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/html-single/Users_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1-Users_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Contributor_Documentation/1/pdf/Users_Guide/Fedora_Contributor_Documentation-1.6-Users_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>
@@ -1095,7 +1119,7 @@
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/epub/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.epub" >epub</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html/OpenSSH_Guide/index.html';return false;">html</a>
 									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/html-single/OpenSSH_Guide/index.html';return false;">html-single</a>
-									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.2-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
+									<a class="type" href="../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf" onclick="window.top.location='../en-US/./Fedora_Draft_Documentation/0.2/pdf/OpenSSH_Guide/Fedora_Draft_Documentation-0.1-OpenSSH_Guide-en-US.pdf';return false;">pdf</a>
 								</div>
 							</div>
 						</div>


More information about the docs-commits mailing list