FreeIPA Tech Preview

Registered by Timo Aaltonen

The FreeIPA team (https://launchpad.net/~freeipa) has been working with the goal to get the packages included in Debian and Ubuntu. Running an instance of FreeIPA provides an easy to maintain kerberos realm for users and machines, 'AD for Linux'. This is something that has been requested by administrators for years, so it's about time to provide it in Ubuntu as well, even if just as a technology preview and not something fully supported (=in universe).

an earlier report on getting the IPA client work on oneiric:
https://www.redhat.com/archives/freeipa-devel/2011-September/msg00408.html

and the new blueprint for trusty:
https://blueprints.launchpad.net/ubuntu/+spec/foundations-t-freeipa

Blueprint information

Status:
Complete
Approver:
Antonio Rosales
Priority:
Low
Drafter:
Ubuntu Server
Direction:
Needs approval
Assignee:
Timo Aaltonen
Definition:
Approved
Series goal:
Accepted for precise
Implementation:
Implemented
Milestone target:
milestone icon ubuntu-12.04
Started by
Robbie Williamson
Completed by
Timo Aaltonen

Related branches

Sprints

Whiteboard

Rather fine-grained task list below. Uploading full 389ds stack is not necessary (hence status isn't BLOCKED), though not a whole lot of work after the prereqs are already done.

Work items (precise-alpha-2):
[tjaalton] package python-nss: DONE
[tjaalton] upload python-nss: DONE
[tjaalton] package python-krbv: DONE
[tjaalton] upload python-krbv: DONE
[tjaalton] package certmonger: DONE
[tjaalton] upload certmonger: DONE
[tjaalton] add gssapi delegation support for curl (merge from Debian): DONE
[tjaalton] add gssapi delegation support for xmlrpc-c (patch from RHEL): DONE
[tjaalton] package svrcore: DONE
[tjaalton] upload svrcore: DONE
[tjaalton] package libmozilla-ldap-perl: DONE
[tjaalton] package 389-ds-base: DONE
[tjaalton] test /usr/sbin/setup-ds: DONE
[vorlon] Include ldif.h in libldap2-dev by updating openldap to >=2.4.26: DONE
[tjaalton] upload libmozilla-ldap-perl (needs new openldap): DONE
[tjaalton] package ldapjdk: DONE
[tjaalton] upload ldapjdk: DONE
[tjaalton] package jss: DONE
[tjaalton] upload jss: DONE
[tjaalton] package idm-console-framework: DONE
[tjaalton] package libapache2-mod-nss: DONE
[tjaalton] package tomcatjss: DONE
[tjaalton] package osutil: DONE
[tjaalton] upload osutil: DONE
[tjaalton] package dogtag-pki-theme: DONE
[tjaalton] package 389-adminutil: DONE
[tjaalton] package 389-admin: DONE
[tjaalton] package 389-admin-console: DONE
[tjaalton] package 389-console: DONE
[tjaalton] package 389-ds-console: DONE

Work items (ubuntu-12.04-beta-1):
[tjaalton] upload 389-ds-base: DONE
[tjaalton] upload idm-console-framework: DONE
[tjaalton] upload libapache2-mod-nss: DONE
[tjaalton] upload tomcatjss: DONE
[tjaalton] package freeipa-client: DONE
[tjaalton] package 389-dsgw: DONE
[tjaalton] upload 389-adminutil: DONE

Work items:
[tjaalton] upload 389-admin: DONE
[tjaalton] upload 389-dsgw: DONE
[tjaalton] upload 389-admin-console: DONE
[tjaalton] package libapache2-mod-rev: DONE
[tjaalton] upload 389-console: DONE
[tjaalton] upload 389-ds-console: DONE
[tjaalton] upload freeipa-client: DONE
[tjaalton] package pki: DONE
[tjaalton] test /usr/sbin/ipa-client-install: DONE

Postponed:
[tjaalton] upload pki: POSTPONED
[tjaalton] upload libapache2-mod-rev: POSTPONED
[tjaalton] package slapi-nis, or drop NIS support from freeipa (if possible): POSTPONED
[tjaalton] upload slapi-nis: POSTPONED
[tjaalton] package freeipa-server: POSTPONED
[tjaalton] upload freeipa-server: POSTPONED
[tjaalton] test /usr/sbin/ipa-server-install: POSTPONED

tjaalton -- 2012-02-16: FF today, so pushing everything that's verified to be finished. Splitting freeipa-client apart from the server, that can be worked on separately. Client got uploaded to precise.
tjaalton -- 2012-02-21: Upstream has PKI in one big git repo, it is now packaged using that as a base (builds 34 binary packages), renamed the task here to reflect that
tjaalton -- 2012-03-17: PKI is ready, almost gave up on that one.. Now there's actual hope on getting the freeipa-server install scripts working
tjaalton -- 2012-03-18: Dropped 389-ds, which got folded in the main package. slapi-nis doesn't appear to be a hard dependency, marking postponed. Added libapache2-mod-rev, which is needed by a few PKI subsystems.
tjaalton -- 2012-04-20: Postponing the upload of pki, since the IPA server didn't make it. This essentially marks this blueprint as finished for 12.04. Rest of the work items will be finished next cycle, and backported to the freeipa ppa for the LTS.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.