From Fedora Project Wiki
(Change accepted en block on Jul 24 FESCo meeting (#1140))
(Add tracker bug)
Line 50: Line 50:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=998502 #998502]


== Detailed Description ==
== Detailed Description ==

Revision as of 12:37, 20 August 2013


Transitive Trusts with Active Directory support for FreeIPA

Summary

FreeIPA will support transitive trusts with Active Directory

Owner

  • Name: Alexander Bokovoy
  • Email: abokovoy@redhat.com
  • Release notes owner: <To be assigned by docs team>

Current status

Detailed Description

FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to use FreeIPA identities to access resources in Active Directory, for example, to log-on into Windows workstations.

Benefit to Fedora

Environments with FreeIPA and cross-realm trusts to Active Directory domains will be fully integrated in both directions (AD -> FreeIPA and FreeIPA -> AD).

Scope

This change requires expansion of logic in FreeIPA-provided database driver to Kerberos KDC. Additionally, it requires development of Global Catalog Service compatible with Active Directory. This is fairly isolated effort within FreeIPA.

  • Other developers: no effect
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)

Upgrade/compatibility impact

Feature should be compatible with existing FreeIPA 3.x installs. Upgrade of LDAP data store is done through existing FreeIPA upgrade functionality.

How To Test

Test instructions are maintained at http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup

User Experience

No visible UI changes planned.

Dependencies

Required changes are isolated to FreeIPA.

Contingency Plan

  • Contingency mechanism: no Global Catalog service will be available to users (current state in Fedora 19)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? No

Documentation

  • Development is being planned for FreeIPA 3.4 version

Release Notes

To be completed by the Change Freeze!