Hi everyone,

We're currently in the process of deploying FreeIPA within our organization and I'd like to ask a few questions before we actually do deploy it to make sure I'm not getting anything wrong.

We don't have an ActiveDirectory system, and our preference for OpenSource means we most likely never will.

1. Is there any requirement for FreeIPA to have a public (internet facing) connection if we already have an existing P2P link with our data-centers? 2. We are placing all IPA servers under a separate sub-domain of our primary domain. Are there any pitfalls to this or anything we should look out for before doing this? 3. We thought of changing the ca-subject and subject bases to

CN=Certificate Authority,OU=IPA,OU=Identity Management,OU=<IT OU>,O=<OUR ORGANIZATION>,C=LK

and

OU=IPA,OU=Identity Management,OU=<IT OU>,O=<OUR ORGANIZATION>,C=LK

respectively. Will there be any problems in doing this?

Thanks in advance for any replies, Chathranga Wijekoon.