FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag certificate system, SSSD and others. It provides centralized identity, policy, and audit (IPA) capabilities for Linux/UNIX domain environments.
- Latest Version: 4.13.1 (includes Modern WebUI beta, DNS over TLS/HTTPS support, LDAP system accounts)
- Stable Version: 4.12.5 (released September 30, 2025)
- Key Feature Series: 4.13.x introduces Modern WebUI, DNS encryption, and enhanced system accounts
- Identity Management: Manage Linux users and client hosts in your realm from one central location
- Authentication & Authorization: Centralized SSO, 2FA/MFA, Kerberos and LDAP integration
- DNS Services: Integrated DNS with dynamic updates and DNSSEC support
- Certificate Authority: Integrated Dogtag CA for certificate management
- Modern WebUI: Beta version available with responsive React-based interface
- Management Interfaces: CLI, Web UI, XMLRPC, JSONRPC API, and Python SDK
- Trust Relationships: Integration with Microsoft Active Directory via Cross Forest Trusts
- Policy Management: Define Kerberos authentication and authorization policies
- Centralized Authentication: Single Sign-On for all systems, services and applications
- Enterprise Directory: Directory services and access policies for Linux/Unix environments
- Hybrid Environments: Integration between Linux and Windows Active Directory domains
- Certificate Management: Internal PKI infrastructure for securing communications
- Compliance & Auditing: Identity, policy, and audit trail for regulatory compliance
- Backend: Python, C, MIT Kerberos, 389 Directory Server
- Frontend: JavaScript, React (Modern WebUI), HTML/CSS
- Database: LDAP (389 Directory Server)
- Protocols: LDAP, Kerberos, DNS, NTP, SAML, OAuth2, SCIM
FreeIPA integrates multiple identity management components:
- Directory Server: 389 Directory Server for LDAP storage
- Authentication: MIT Kerberos KDC for authentication
- Certificate Authority: Dogtag PKI for certificate management
- DNS: BIND with custom plugin for integrated DNS
- Client Services: SSSD for client-side identity caching
GPL-3.0
- Actively maintained with regular feature releases
- Modern WebUI in beta (since 4.13.0)
- Strong focus on ease of management and automation
- Full multi-master replication for redundancy and scalability
¶ Support and Resources
- Modern WebUI (Beta): Responsive user interface with improved workflows
- DNS over TLS/HTTPS (DoT/DoH): Encrypted DNS queries for zero-trust environments
- LDAP System Accounts: Dedicated sysaccount plugin for system-level accounts
- ID Range Fix Tool: Automated detection and repair of IPA ID range issues
- Random Serial Numbers: Enhanced CA security with RSNv3 by default
¶ History and References
Any questions?
Feel free to contact us. Find all contact information on our contact page.