FreeIPA design documentation#
- One-way trust with shared secret
- Support domain controller for Samba file server as domain member on IPA client
- Support Samba file server as a domain member on IPA client
- Manage FreeIPA as a user from a trusted Active Directory domain
- Include users and groups from a trusted Active Directory domain into SUDO rules
- ID Range: new option for private groups
- Integrate SID configuration into base IPA installers
- Hardware Security Module (HSM) Support
- Policies by authentication indicators
- Extdom plugin protocol
- Expired Certificate Pruning
- Expiring Password Notifications
- LDAP Grace Period
- PasswordExpired control
- LDAP PAM Passthrough support
- Password quality using libpwquality
- Member Manager for group membership
- IPA Migration
- Hidden replicas
- Disable Stale Users
- LDAPI autobind authentication for services
- Central management of subordinate user and group ids
- FreeIPA and an external identity provider integration
- IPA and an external identity provider integration - idp objects
- Random Serial Numbers v3 (RSNv3)
- IPA client enrollment with PKINIT
- FreeIPA Pull Request CI (PR-CI) checker tool
- Constrained delegation for Kerberos services
- Identity Mapping
- Audit IPA API operations