Role of FreeIPA / LDAP
FreeIPA or LDAP owns directory state used by Linux systems and may define the enforceable account, group, and policy reality.
Authority model
Directory state must be reconciled with upstream intent before writes. FreeSCIM should never silently override privileged groups or enforcement controls.
Supported operations
- User and group visibility through SCIM resource mapping.
- FreeIPA-safe identity normalization and reconciliation.
- Health and readiness checks for directory-dependent operations.
Authentication model
Prefer LDAPS or a bounded connector path with least-privilege service credentials, protected configuration files, and redacted logs.
Known limits
FreeSCIM should not auto-enroll hosts, bypass HBAC, manage password policy, or mutate privileged directory groups without an explicit approval gate.