Introduction to FreeIPA
FreeIPA is an open source product that combines multiple technologies and protocols into a single complex identity management solution. It provides a much richer experience when compared to native LDAP solutions including features such as:
Support for two factor and smartcard-based authentication
Host-Based Access Control (HBAC)
Host groups
SELinux user maps
Integrated DNS server
Dynamic DNS updates
Site locations
… and much more …
Note
SSSD is the main FreeIPA client therefore it provides the full experience and always supports every new feature at the same time when it becomes available on the server.
FreeIPA can be managed either through a command line interface with the ipa
command or through rich web interface. You can try it right away using an online
demo.
Active Directory Integration
One of the main FreeIPA features is its ability to seamlessly integrate with Active Directory. The integration is achieved through creating a trust with existing Active Directory domains. Users and groups from trusted domains are then available on FreeIPA enrolled hosts (which also means that Active Directory users and log into the Linux host) and all policies and rules (such as HBAC or sudo) are applied on them as well.
FreeIPA in combination with SSSD also provides additional functionality that further enhance the integration with Active Directory such as:
No POSIX attributes are required on Active Directory objects
SIDs are automatically mapped to user and groups IDs within an ID Range
POSIX attributes can be overwritten through ID Views
… and much more …
See also
The following documents provide more information on the Active Directory integration: