Product SiteDocumentation Site

Chapter 1. Introduction to IPA

1.1. IPA and Directory Server
1.1.1. How IPA and Directory Server Work Together
1.2. IPA and Kerberos
1.2.1. How IPA and Kerberos Work Together
1.2.2. IPA, Kerberos, and Service Principals
1.2.3. IPA, Kerberos, and DNS
1.3. IPA and NTP
1.3.1. How IPA and NTP Work Together
1.4. IPA and DNS
1.4.1. How IPA and DNS Work Together
1.4.2. Using IPA with Multi-Homed Machines
1.5. Password Management in IPA
IPA is an integrated solution which combines the following technologies:
  • Fedora (server-side)
  • Fedora Directory Server
  • MIT Kerberos
  • NTP
  • DNS
  • Web and command-line provisioning and administration tools
The architecture of an IPA server can be represented as follows:
Architecture of an IPA server.
Figure 1.1. Architecture of an IPA server.

1.1. IPA and Directory Server

Fedora Directory Server is an open source, LDAP-based directory service, which provides an LDAP server, a web management interface, and command-line and graphical management tools. It is highly scalable, and supports a number of features including:
  • Multi-master replication
  • TLS/SSL and SASL security
  • Support for custom plug-in extensions
  • Online schema and configuration updates over LDAP
  • Internationalized entries
  • Optional on-disk encryption of selected attributes
  • Virtual DIT views
Directory Server consists of several different components. The core directory server, ns-slapd, consists of a front end which handles network communications, extensible plug-ins which handle basic server functions, and a database back-end which implements an indexed, transactional store on top of a Berkeley DB.

1.1.1. How IPA and Directory Server Work Together

Directory Server is an integral part of IPA. In IPA, the Directory Server functions as the data store, maintaining all of an organization's information. The Directory Server's internal controls restrict the level of access that IPA users have to Directory Server information. These internal controls cannot be overridden by any IPA permissions, delegations, or other controls.