[Freeipa-users] Using FreeIPA for LDAP authentication in 3rd party applications
Jakub Hrozek
jhrozek at redhat.com
Fri Sep 13 15:20:30 UTC 2013
On Thu, Sep 12, 2013 at 03:54:59PM +0300, Thomas Raehalme wrote:
> Hi!
>
> On Thu, Sep 12, 2013 at 3:28 PM, Martin Kosek <mkosek at redhat.com> wrote:
>
> > When using FreeIPA LDAP as identity source, you could ideally use
> > Kerberos/GSSAPI authentication. But if that is not available, you can use
> > simple LDAP binds too. You cannot read the hash codes unless you are
> > "cn=Directory Manager" (or unless you set ACI allowing that, but this is very
> > unsecure).
>
> Could you please elaborate on using simple LDAP binds?
>
> Thanks for the detailed example!
simple bind == with a password. The simple bind has two components - the
DN to bind as and a password.
See the example Martin posted. The ldapadd command there authenticates
using DN "cn=Directory Manager" and Martin was kind enough to also show
how a password can be provided.
More information about the Freeipa-users
mailing list