document: modulemd
version: 2
data:
  summary: The Red Hat Enterprise Linux Identity Management system module
  description: >-
    RHEL IdM is an integrated solution to provide centrally managed Identity (users, hosts,
    services), Authentication (SSO, 2FA), and Authorization (host access control,
    SELinux user roles, services). The solution provides features for further integration
    with Linux based clients (SUDO, automount) and integration with Active Directory
    based infrastructures (Trusts).
  license:
    module: [MIT]
  dependencies:
  - buildrequires:
      platform: [el8]
      pki-core: [10.6]
      httpd: [2.4]
      389-ds: [1.4]
    requires:
      platform: [el8]
      pki-core: [10.6]
      httpd: [2.4]
      389-ds: [1.4]
  references:
    community: https://www.freeipa.org/
    documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/index
    tracker: https://pagure.io/freeipa/issues
  profiles:
    common:
      description: A default profile for RHEL IdM client
      rpms:
      - ipa-client
    client:
      description: RHEL IdM Client
      rpms:
      - ipa-client
    server:
      description: Base RHEL IdM Server with integrated CA and no integrated DNS
      rpms:
      - ipa-server
    dns:
      description: RHEL IdM with integrated DNS server and integrated CA
      rpms:
      - ipa-server
      - ipa-server-dns
    adtrust:
      description: RHEL IdM Server Integration with Active Directory
      rpms:
      - ipa-server-trust-ad
      - ipa-idoverride-memberof-plugin
  components:
    rpms:
      ipa:
        rationale: Module API
        ref: stream-idm-DL1
      bind-dyndb-ldap:
        rationale: Driver for BIND to store DNS information in LDAP
        ref: stream-idm-DL1
      slapi-nis:
        rationale: Compatibility plugin to serve legacy clients
        ref: stream-idm-DL1
        # 389-ds-base is not available on i686
        arches: [ aarch64 x86_64 s390x ppc64le ]
      ipa-idoverride-memberof:
        rationale: Manage IdM with Active Directory users
        ref: stream-idm-DL1
        buildorder: 3
      custodia:
        rationale: Remote access to secrets and credentials in IdM topology
        ref: stream-idm-DL1
        buildorder: 2
      python-jwcrypto:
        rationale: JSON Web Cryptographic Tokens used by Custodia
        ref: stream-idm-DL1
        buildorder: 1
      python-qrcode:
        rationale: QR code generator for IdM two-factor authentication
        ref: stream-idm-DL1
      python-yubico:
        rationale: Support for Yubikey-based tokens for IdM two-factor authentication
        ref: stream-idm-DL1
        buildorder: 2
      pyusb:
        rationale: Python USB support to access USB tokens for IdM two-factor authentication
        ref: stream-idm-DL1
        buildorder: 1
      softhsm:
        rationale: Software version of a PKCS#11 Hardware Security Module
        ref: stream-idm-DL1
      opendnssec:
        rationale: An implementation of DNSSEC support for IdM integrated DNS server
        ref: stream-idm-DL1
      python-kdcproxy:
        rationale: MS-KKDCP (kerberos proxy) WSGI module
        ref: stream-idm-DL1