FreeIPA Identity Management
FreeIPA identity management on Rocky/AlmaLinux: install, replication, containers, oVirt LDAP, Windows realm join.
-
1
Part 1 of 12
Install FreeIPA Server on Rocky Linux 10 / AlmaLinux 10 / RHEL 10
FreeIPA is a free and open source identity management platform sponsored by Red Hat. It is the upstream project for Red Hat Identity Manager (IdM). FreeIPA…
14 min read·Mar 2026
-
2
Part 2 of 12
How To Configure FreeIPA Replication on Rocky Linux / AlmaLinux 10 and 9
A single FreeIPA server handles authentication and identity for Linux shops just fine, right up until it reboots for a kernel update during business hours. That’s…
13 min read·Jun 2018
-
3
Part 3 of 12
Run FreeIPA Server in Docker or Podman Containers
Most FreeIPA guides walk you through a bare-metal install that takes over DNS, Kerberos, and LDAP on the host. Running FreeIPA in a container keeps all…
15 min read·Mar 2026
-
4
Part 4 of 12
Configure oVirt FreeIPA LDAP Authentication on Rocky Linux 10
oVirt is an open-source virtualization management platform that uses KVM hypervisors to run enterprise workloads. By default, oVirt authenticates users against a local internal domain, but…
17 min read·Mar 2026
-
5
Part 5 of 12
Join Windows System to FreeIPA Realm without Active Directory
Most people are familiar with Windows systems joined to a domain controller and using Active Directory for authentication. However, in this guide, this is not the…
7 min read·Oct 2022
-
6
Part 6 of 12
Set Up FreeIPA Server and Enroll Linux Clients on Rocky Linux 10
A small FreeIPA lab on Rocky Linux 10 buys you the same identity stack Red Hat ships under “RHEL Identity Management” without paying for a subscription.…
16 min read·Apr 2026
-
7
Part 7 of 12
FreeIPA HBAC: From allow_all to Least Privilege with hbactest
Build a least-privilege FreeIPA HBAC policy on Rocky Linux 10: replace allow_all, validate every rule with hbactest, and gate sshd, sudo, and Cockpit access by group…
18 min read·May 2026
-
8
Part 8 of 12
FreeIPA Sudo Rules Cookbook: 10 Real-World Patterns You Can Copy
10 production-tested FreeIPA sudo rules: Defaults, NOPASSWD, RunAs, deny patterns, break-glass, auth-indicator gated, time-bound, AD-trusted, GSSAPI passwordless. Built on Rocky Linux 10.1 with FreeIPA 4.12.
16 min read·May 2026
-
9
Part 9 of 12
FreeIPA Random Serial Numbers (RSNv3) on Fresh Installs
Verify, decode, and ship the 128-bit random serial that became default in FreeIPA 4.12. Five proof methods, the LMDB-forces-RSNv3 finding, migration story, and operational impact.
17 min read·May 2026
-
10
Part 10 of 12
FreeIPA as an Internal ACME CA with certbot and acme.sh
Enable FreeIPA 4.12 ACMEv2, issue 90-day RSA certs with certbot and acme.sh, auto-renew via systemd timer and cron. Real lab walkthrough with screenshots.
17 min read·May 2026
-
11
Part 11 of 12
FreeIPA ACME + cert-manager for Kubernetes Workloads
Point cert-manager at FreeIPA 4.12 ACMEv2 to auto-issue TLS for every Kubernetes Ingress. 3-node k3s lab, end-to-end tested, with the Rocky 10 k3s gotcha documented.
16 min read·May 2026
-
12
Part 12 of 12
Monitoring FreeIPA with ipa-healthcheck, Prometheus, and Grafana
Wire ipa-healthcheck into Prometheus via node_exporter textfile collector, build a Grafana dashboard with per-check granularity, alert on five real failure modes.
24 min read·May 2026