Brussels / 2 & 3 February 2019


FreeIPA and cross-distribution packaging experience

The talk is going to reflect on the effort Fedora development community has done to allow complex solutions like FreeIPA to be tested continuously and to ensure a working solution at any release time. FreeIPA is one of projects that would benefit from a tighter collaboration between distributions and we would also like to discuss how its cross-distribution support could be improved to provide a more consistent behavior to our users across multiple distributions.

FreeIPA is an identity management solution for POSIX environments. It is often characterized as an 'Active Directory for Linux systems' which, while not exactly right description, helps to visualize a level of complexity FreeIPA has to deal with. FreeIPA as a solution is built on a number of existing and proven technologies implemented as a free and open source software. As result, a FreeIPA deployment has to deal with coordination between a lot of packages. In Fedora, for example, a fully-functioning FreeIPA deployment requires to install several hundred binary packages, including but not limited to SSSD, MIT Kerberos, 389-ds LDAP server, Samba, Apache, OpenSSH, database libraries, Java components for Dogtag Certificate Authority server, and many Python libraries.

It is not a surprise that coordinating these components often leads to complications in an operating system distribution release management. Packages need to be at right versions at right time with knowledge about that not always shared across multiple groups of developers and maintainers. Regressions need to be tracked and fixed. Security updates and cross-platform protocol compatibility issues are adding their own flavor.


Photo of Alexander Bokovoy Alexander Bokovoy