This page contains the functional requirements for the Domain Controller role - that is, the things the role is expected to do when it's working properly. If Domain Controller is a Featured Role, then according to the Fedora_Release_Criteria, these requirements must be met to some extent for each Fedora Server pre-release and release: refer to the criteria pages for the exact details of which requirements must be met at each milestone.
Unless otherwise stated, it is always assumed that the role has been correctly deployed and configured by the system administrator.
- Multiple clients must be able to enrol and unenrol in the domain
- Client systems must be able to authenticate users with Kerberos
- The FreeIPA configuration web UI must be available and allow at least basic configuration of user accounts and permissions
- The Domain Controller must be capable of serving LDAP requests, including TLS-encrypted LDAP requests, on port 389
- The Domain Controller must be capable of serving LDAPS (LDAP encrypted with SSL) requests on port 636
- The Domain Controller must be capable of returning LDAP and LDAPS search results using simple auth or SASL/GSSAPI auth
- The Domain Controller must be capable of serving DNS host records on port 53
- The Domain Controller must serve DNS SRV records for ldap and kerberos on port 53