I no longer recommend FreeIPA It's probably taken me a few years to write this, but I can no longer recommend FreeIPA for IDM installations. Why not? The FreeIPA project focused on Kerberos and SSSD, with enough other parts glued on to look like a complete IDM project. Now that's fine, but it means that concerns in other parts of the project are largely ignored. It creates design decisions that are not scalable or robust. Due to these decisions IPA has stability issues and scaling issues that...
