amazon-linux-2023 [Package Request] - FreeIPA / IdM client and server

What package is missing from Amazon Linux 2022? Please describe and include package name. freeipa-client & freeipa-server known in EL as: ipa-client & ipa-server

Servrer component is available in RHEL8 clones through the idm:DL1 appstream

Is this an update to existing package or new package request? New

Is this package available in Amazon Linux 2? ipa-client is, ipa-server is not

Number of users impacted < 100

Nov 25 '21 12:11 wolf-allywilson

We also need IPA-Client for FreeIPA Server. It is available on AL2,

We are a SAAS Company, more than 15 of our clients and their users will be affected if when we upgrade to AL2023

Mar 26 '23 19:03 nil12285

we need this packages also in amazon-linux-2023 for client enrollment and server setup

Sep 14 '23 04:09 bryanfang

As a work around you can install the fedora packages, do a yum update, then remove the initscripts package and install the freeipa agent.

Install fedora packages script

#!/usr/bin/env bash set -euo pipefail

# references # - all files https://src.fedoraproject.org/rpms/fedora-repos/tree/f35 # - script https://src.fedoraproject.org/rpms/fedora-repos/blob/rawhide/f/fedora-repos.spec

stable_enabled=1 releasever=36 expire_value='7d'

curl --silent --location "https://src.fedoraproject.org/rpms/fedora-repos/raw/f$releasever/f/fedora-modular.repo" --output "/etc/yum.repos.d/fedora-modular.repo" curl --silent --location "https://src.fedoraproject.org/rpms/fedora-repos/raw/f$releasever/f/fedora.repo" --output "/etc/yum.repos.d/fedora.repo" curl --silent --location "https://src.fedoraproject.org/rpms/fedora-repos/raw/f$releasever/f/fedora-updates-modular.repo" --output "/etc/yum.repos.d/fedora-updates-modular.repo" curl --silent --location "https://src.fedoraproject.org/rpms/fedora-repos/raw/f$releasever/f/fedora-updates.repo" --output "/etc/yum.repos.d/fedora-updates.repo"

for repo in /etc/yum.repos.d/fedora{,-modular,-updates,-updates-modular}.repo; do sed -i -e "s/$releasever/${releasever}/" -e "/^enabled=/ s/AUTO_VALUE/${stable_enabled}/" -e "/^metadata_expire=/ s/AUTO_VALUE/${expire_value}/" $repo || exit 1 done

curl --silent --location "https://src.fedoraproject.org/rpms/fedora-repos/raw/f$releasever/f/RPM-GPG-KEY-fedora-$releasever-primary" --output "/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary"

keyfile="/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary" for arch in x86_64 aarch64; do # replace last part with $arch (fedora-20-primary -> fedora-20-$arch) ln -s $keyfile ${keyfile%-*}-$arch done`

Remove and install the ipa agent

dnf remove initscripts-10.09-1.amzn2023.0.2.x86_64 -y dnf install freeipa-agent -y

Disclaimer

I take no responsibility for any issues that may arise if you install the fedora packages or delete the default initscript!

Oct 12 '23 09:10 michelangelo136

We're looking at AL2 EOL and definitely can't move to AL2023 without FreeIPA client support.

Jan 18 '24 20:01 RulerOf

We decided to migrate over to Rocky 9, it provides a similar experience to AL2 with more support, AL23 has a very weird update system and as far as I know you cannot perform auto updates and you need manual actions in order to update.

Jan 18 '24 22:01 michelangelo136

We decided to migrate over to Rocky 9, it provides a similar experience to AL2 with more support, AL23 has a very weird update system and as far as I know you cannot perform auto updates and you need manual actions in order to update.

You can automate updates either to a specific version of AL2023 or to latest. The default behaviour is to lock, but it is just software that can be scripted to achieve what you desire, or use things like SSM Patch Manager to automate patching.

Jan 20 '24 02:01 stewartsmith

We require ipa-client and ipa-server for approximately 2k servers for various customers globally. We would like to move our OS 's to to AL2023 and this support is required.

Mar 04 '24 13:03 ghost

The lack of FreeIPA on al2023.3 is becoming a real problem for me. I've tried multiple avenues (except for the one listed above to install fed36 packages) to build packages that can install on al2023 and have failed. I need something that not too hacky. The packages used by FreeIPA in Fed36 do not match the versions used by al2023. Seems sssd, 389-ds-base are from around Fed34 for al2023. As example, to build a newer 389-ds-base we'll need rust 1.70+.