Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Mar 2020 13:09:49 -0400
From:      Chris Gordon <>
Cc:        Matthew Seaman <>,
Subject:   Re: Centralized user/group/whatever management
Message-ID:  <>
In-Reply-To: <24173.939.499988.382240@alice.local>
References:  <> <> <> <> <24173.939.499988.382240@alice.local>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mar 14, 2020, at 12:17 PM, George Hartzell <> =
> Matthew Seaman writes:
>> [...]
>> That's where things like FreeIPA come in: it's a pre-packaged setup =
>> all the stuff you hadn't realized you needed yet already dealt with.
>> [...]
> What is the status of FreeIPA on FreeBSD?  I don't see it on
> FreshPorts.

Server side or as a client?

Here's an article about full client implementation (sssd and all):


I would recommend avoiding the full client "experience" -- it's really =
painful for what feels like very little gain.

On the server side, I would avoid FreeIPA like the plague.  The 389 =
directory server is at the heart of everything and is "less than great" =
IMHO.  Look at the bug and feature requests for the project to get an =
idea.  I've seen significant performance and scaling problems requiring =
a lot of adjustments and client customizations to bring the platform =
under control (this is at the scale of thousands of clients globally =
distributed).  Some of the problems probably stem back to ignorance/lack =
of experience when initially setup as a pilot, but you don't know what =
you don't know until you start. =20

FreeIPA is trying to be Active Directory.  I've not run AD so I don't =
know what problems and scaling issues one runs into with that platform, =
but I'm pretty sure the time we've had to invest dealing with FreeIPA =
would more than have paid for AD.

If you need the type of features offered by FreeIPA, I would consider =
Samba as a free choice or just buying AD if money is available.  In any =
case, do your testing and testing at some representative scale to really =
understand what you're getting into. =20

Hope that helps.  If you have more details on your environment and the =
problem you're trying to solve, I'm happy to provide more commentary.


Want to link to this message? Use this URL: <>