Implementing FreeIPA as a central Identity Management Solution

Many of my customers from many companies that have a reliance on Microsoft Active Directory to manage their server and workstation estate. This is great if you have a Windows only organisation.

However, although you can add Linux systems directly to Active Directory, you don’t maintain the same level of control over the systems in the same way that you would have with a Windows server connected to the same domain.

As you make the choice of what brand of products you chose to use in your company, so to do you have the choice to decide how your infrastructure interlaces with the rest of your organisation.

In hybrid infrastructures, which could be any mix of Windows, Linux, Unix, Mac, and today even mobile tablet devices, you have a rather important decision to make on how these platforms communicate with each other.

Examples of these could be:

1) Everything connects back to Microsoft Active Directory

2) Everything connects back to an LDAP based solution

3) Windows connects to Microsoft Active Directory and all *Nix based platforms connect to something else


The list of options you as a consumer in the enterprise can become quite long and complex. My recommendation I always give to customers is “Use the solution that offers you the best interoperability, but also gives you complete vendor support from who currently provides your platform.”.
This usually comes down to example no: 3. If you use Windows, connect it to Active Directory. If you need to phone Microsoft, they have no grounds not to support you. The same also applies for *Nix based platforms. If you are using Linux, you need to address what form of support you do or do not have. If you want enterprise grade support, then I’d recommend using Red Hat. They are the leaders in the Linux space for a reason.

This is where this article comes in. I will be walking you through setting up Red Hat Enterprise Linux 6.3 as a centralised Identity Management solution.
Further articles will be coming along that will show you how to grow your environment to connect to Microsoft Active Directory as well as set up multi-master replication of your installation. This will give you complete redundancy over your Identity Management solution should your server become unavailable.


I will be covering the following in three phases:

1) Creating a centralised FreeIPA identity management server

2) Connecting Red Hat / Fedora based client systems to FreeIPA for central authentication.

3) Creating Users and Groups

2 comments on “Implementing FreeIPA as a central Identity Management Solution

  1. Kevin McNally May 6, 2015 19:31

    Cool. Great work.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>