[CentOS] FreeIPA

Craig White craigwhite at azapple.com
Wed Apr 8 05:23:17 UTC 2009

On Wed, 2009-04-08 at 00:06 -0400, Filipe Brandenburger wrote:
> Hi,
> On Tue, Apr 7, 2009 at 23:42, Craig White <craigwhite at azapple.com> wrote:
> > Fedora 10 has 1.2.0 src
> > rpm but it has a requirement of popt-devel which I couldn't find for
> > CentOS-5.
> CentOS5's "popt" package contains the development libraries and
> headers. rpm -ql popt shows that libpopt.a, libpopt.so and popt.h are
> there, so you should be able to safely remove that dependency from the
> specfile and build it from there.
you could be right. I checked on my Fedora system and the file list from
popt-devel seemed to have a lot more than just the popt on CentOS but I
didn't look at it all that closely. As I said, I just commented it out
(the dependency).
> > When I commented out the requirement for popt-devel in
> > the spec file, of course it wouldn't build anyway (ldapi-plugin-winsync
> > didn't seem to me to be related to popt-devel but who knows).  ;-(
> Definitely not related.
> Have you looked into the CentOS Directory Server instead?
> http://wiki.centos.org/HowTos/DirectoryServerSetup
> I don't know if that one contains all the components of FreeIPA, but
> at least the main ones should be there.
no, I haven't and I probably will. I wanted to play with freeipa because
I had a little time for experimenting. I typically use OpenLDAP but have
Fedora-DS running at a clients place. I think I like OpenLDAP more but I
would like Fedora-DS (or CentOS-DS) more if it were integrated with
kerberos, policy and audit.
> > It would seem that if Red Hat were serious about freeipa, they would
> > make it so that it actually could build a non-ancient version on RHEL
> > (CentOS).
> As usual, if you want cutting-edge it will be in Fedora. If you want
> stable it will be in RHEL/CentOS.
> It seems to me that FreeIPA is a quite contained and integrated
> package, and it makes sense to have dedicated machines to run it. Why
> don't you just use FreeIPA itself instead of trying to shoehorn its
> packages into CentOS, ending up with something that will probably lack
> the advantages of both parts?
Sure but that's not typically the realm I play in. My typical client is
< 50 users and having a server just for authentication is harder to

I myself have an older server which doesn't support hardware
virtualization. Perhaps you're right, I set up something in
virtualization and use Fedora but the churn rate of Fedora is just too
much, especially for an authentication server.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the CentOS mailing list