[Freeipa-users] Using FreeIPA for LDAP authentication in 3rd party applications
Martin Kosek
mkosek at redhat.com
Thu Sep 12 13:06:26 UTC 2013
On 09/12/2013 02:54 PM, Thomas Raehalme wrote:
> Hi!
>
> On Thu, Sep 12, 2013 at 3:28 PM, Martin Kosek <mkosek at redhat.com> wrote:
>
>> When using FreeIPA LDAP as identity source, you could ideally use
>> Kerberos/GSSAPI authentication. But if that is not available, you can use
>> simple LDAP binds too. You cannot read the hash codes unless you are
>> "cn=Directory Manager" (or unless you set ACI allowing that, but this is very
>> unsecure).
>
> Could you please elaborate on using simple LDAP binds?
I was just referring to fact, that when a system or application uses LDAP as an
identity and authentication source, it often use simple LDAP Bind operation
(i.e. accessing LDAP with user+password or) when testing if the user accessing
the application provided the right credentials.
I am no expert on how you configure that with vSphere or similar, but if it
supports general LDAP as an identity/authentication source, it should also work
with FreeIPA.
I found some doc where may be relevant:
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B23B1360-8838-4FF2-B074-71643C4CB040.html
Maybe other users are capable of giving more detailed answer with respect to
vSphere.
Martin
More information about the Freeipa-users
mailing list