{"results":[{"id":"ansible-freeipa-idm-automation-package","text":"`ansible-freeipa` is the official Red Hat package for Ansible-based IdM automation on RHEL 9, providing roles (ipaserver, ipareplica, ipaclient) for installation and modules (ipauser, ipagroup, ipahost) for object management.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-api-requires-kerberos-credentials","text":"IdM API access requires valid Kerberos credentials to establish a session.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-api-uses-python-ipalib","text":"The IdM API is consumed via Python scripts using the `ipalib` library, not a traditional REST client (it wraps JSON-RPC internally).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-auth-requires-kerberos-ticket","text":"Authenticating to Red Hat Identity Management (IdM) requires obtaining a Kerberos ticket with `kinit` before performing any administration tasks.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-auto-creates-srv-records","text":"IdM automatically creates DNS SRV records for Kerberos, LDAP, and other services when integrated DNS is enabled.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-automount-maps-centrally-managed","text":"Automount maps can be managed centrally through IdM rather than using local configuration files on each host.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-backend-389ds-ldap","text":"IdM stores identity data in a 389 Directory Server (LDAP) backend","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-backend-components","text":"IdM integrates a Kerberos KDC, 389 Directory Server (LDAP), Dogtag CA, and SSSD for client-side credential caching.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-centralizes-users-groups-hosts-access","text":"IdM centralizes management of users, groups, hosts, and access policies (HBAC and sudo rules).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-complete-identity-stack","text":"IdM provides a unified identity management stack bundling 389 Directory Server (LDAP), MIT Kerberos KDC, Dogtag CA, and SSSD into a single integrated platform with centralized user/group/host/policy management.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-cross-platform-identity-provider","text":"IdM can serve as the enterprise identity provider for any Linux distribution in the data center, providing unified LDAP/Kerberos/CA/SSSD services with AD cross-forest trust integration.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-dns-autodiscovery-framework","text":"IdM provides automated service discovery when integrated DNS is deployed: the BIND-with-LDAP DNS subsystem automatically creates SRV records for Kerberos and LDAP services, enabling ipa-client-install to locate and join the IdM domain without explicit server specification via DNS SRV autodiscovery.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-dns-forward-policy-options","text":"IdM DNS forward policy options are `only` (forward only to forwarder) and `first` (try forwarder first, then resolve locally).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-dns-is-optional","text":"DNS is optional in IdM — an external DNS server can be used instead, but SRV and other records must then be managed manually.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-dns-port-53-firewalld","text":"DNS service (port 53 TCP/UDP) must be open in firewalld on IdM servers running integrated DNS.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-dns-uses-bind-ldap-backend","text":"IdM integrated DNS uses BIND with an LDAP backend, storing zone data in the IdM directory rather than in `/var/named/` zone files.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-health-monitored-identity","text":"IdM provides health-monitored identity services: the complete identity stack (389 DS/Kerberos/CA/SSSD) is monitored by automated health checks via `ipa-healthcheck` with systemd timer scheduling, enabling proactive detection of certificate expiration, replication failures, and service degradation before they impact authentication.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-integrated-ca-dogtag","text":"IdM includes an integrated Certificate Authority (Dogtag) for TLS and user certificates","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-integrated-dns-subsystem","text":"IdM provides an integrated DNS subsystem: BIND with LDAP backend stores zone data in the IdM directory (not zone files), supports configurable forward policies (`only` and `first`), reverse DNS zones via `in-addr.arpa` naming, and requires port 53 TCP/UDP open in firewalld — all managed through the IdM interface rather than traditional BIND administration.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-integrates-samba-ansible-automount","text":"Red Hat Identity Management (IdM) on RHEL 9 can integrate with Samba, Ansible, and automount as external services for centralized authentication.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":69,"limit":20,"offset":0}