Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 13. Preparing the system for IdM client installation

This chapter describes the conditions your system must meet to install an Identity Management (IdM) client.

13.1. Supported versions of RHEL for installing IdM clients
Copiar o link

An Identity Management deployment in which IdM servers are running on the latest minor version of Red Hat Enterprise Linux 8 supports clients that are running on the latest minor versions of:

  • RHEL 7
  • RHEL 8
  • RHEL 9
Note

While other client systems, for example Ubuntu, can work with IdM 8 servers, Red Hat does not provide support for these clients.

Important

If you are planning to make your IdM deployment FIPS-compliant, Red Hat strongly recommends migrating your environment to RHEL 9. RHEL 9 is the first major RHEL version that is planned to be compliant with FIPS 140-3.

13.2. DNS requirements for IdM clients
Copiar o link

Client installer by default tries to search for _ldap._tcp.DOMAIN DNS SRV records for all domains that are parent to its hostname. For example, if a client machine has a hostname client1.idm.example.com, the installer will try to retrieve an IdM server hostname from _ldap._tcp.idm.example.com, _ldap._tcp.example.com and _ldap._tcp.com DNS SRV records, respectively. The discovered domain is then used to configure client components (for example, SSSD and Kerberos 5 configuration) on the machine.

However, the hostnames of IdM clients are not required to be part of the primary DNS domain. If the client machine hostname is not in a subdomain of an IdM server, pass the IdM domain as the --domain option of the ipa-client-install command. In that case, after the installation of the client, both SSSD and Kerberos components will have the domain set in their configuration files and will use it to autodiscover IdM servers.

13.3. Port requirements for IdM clients
Copiar o link

Identity Management (IdM) clients connect to a number of ports on IdM servers to communicate with their services.

On IdM client, these ports must be open in the outgoing direction. If you are using a firewall that does not filter outgoing packets, such as firewalld, the ports are already available in the outgoing direction.

13.4. IPv6 requirements for IdM clients
Copiar o link

Identity Management (IdM) does not require the IPv6 protocol to be enabled in the kernel of the host that you want to enroll into IdM. For example, if your internal network only uses the IPv4 protocol, you can configure the System Security Services Daemon (SSSD) to only use IPv4 to communicate with the IdM server. You can do this by inserting the following line into the [domain/NAME] section of the /etc/sssd/sssd.conf file: 

lookup_family_order = ipv4_only
Copy to Clipboard Toggle word wrap

13.5. Installing IdM client packages from the idm:client stream
Copiar o link

In Red Hat Enterprise Linux 8, the packages necessary for installing an Identity Management (IdM) client are shipped as a module.

The idm:client stream is the default stream of the idm module. Use this stream to download the IdM client packages if you do not need to install server components on your machine. Using the idm:client stream is especially recommended if you need to consistently use IdM client software that is supported long-term, provided you do not need server components, too.

Important

Do not use the idm:client stream if you are planning to install an IdM replica on the host. In that case, use the idm:DL1 stream instead.

Prerequisites

  • When switching to the idm:client stream after you previously enabled the idm:DL1 stream and downloaded packages from it, you need to first explicitly remove all the relevant installed content and disable the idm:DL1 stream before enabling the idm:client stream.

    For details on how to proceed, see Switching to a later stream.

    Important

    Trying to enable a new stream without disabling the current one results in an error.

Procedure

  • To download the packages necessary for installing an IdM client: 

    # yum module install idm
    Copy to Clipboard Toggle word wrap

13.6. Installing IdM client packages from the idm:DL1 stream
Copiar o link

In Red Hat Enterprise Linux 8, the packages necessary for installing an Identity Management (IdM) client are shipped as a module.

The idm:DL1 stream needs to be enabled before you can download packages from it. Use this stream to download the IdM client packages if you need to install IdM server components on your machine.

Prerequisites

  • When switching to the idm:DL1 stream after you previously enabled the idm:client stream and downloaded packages from it, you need to first explicitly remove all the relevant installed content and disable the idm:client stream before enabling the idm:DL1 stream.

    For details on how to proceed, see Switching to a later stream.

    Important

    Trying to enable a new stream without disabling the current one results in an error.

Procedure

  1. To switch to the RPMs delivered through the idm:DL1 stream: 

    # yum module enable idm:DL1
# yum distro-sync
    Copy to Clipboard Toggle word wrap

  2. To download the packages necessary for installing an IdM client: 

    # yum module install idm:DL1/client
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2026 Red HatVoltar ao topo