(Change accepted en block on Jul 24 FESCo meeting (#1140)) |
(Add tracker bug) |
||
Line 50: | Line 50: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* Tracker bug: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=998502 #998502] | ||
== Detailed Description == | == Detailed Description == |
Revision as of 12:37, 20 August 2013
Transitive Trusts with Active Directory support for FreeIPA
Summary
FreeIPA will support transitive trusts with Active Directory
Owner
- Name: Alexander Bokovoy
- Email: abokovoy@redhat.com
- Release notes owner: <To be assigned by docs team>
Current status
Detailed Description
FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to use FreeIPA identities to access resources in Active Directory, for example, to log-on into Windows workstations.
Benefit to Fedora
Environments with FreeIPA and cross-realm trusts to Active Directory domains will be fully integrated in both directions (AD -> FreeIPA and FreeIPA -> AD).
Scope
This change requires expansion of logic in FreeIPA-provided database driver to Kerberos KDC. Additionally, it requires development of Global Catalog Service compatible with Active Directory. This is fairly isolated effort within FreeIPA.
- Other developers: no effect
- Release engineering: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
Upgrade/compatibility impact
Feature should be compatible with existing FreeIPA 3.x installs. Upgrade of LDAP data store is done through existing FreeIPA upgrade functionality.
How To Test
Test instructions are maintained at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup
User Experience
No visible UI changes planned.
Dependencies
Required changes are isolated to FreeIPA.
Contingency Plan
- Contingency mechanism: no Global Catalog service will be available to users (current state in Fedora 19)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? No
Documentation
- Development is being planned for FreeIPA 3.4 version
Release Notes
To be completed by the Change Freeze!