[Freeipa-users] IPA - Samba / Redmine / Disable Kerberos?

Thu Mar 27 14:09:08 UTC 2014

I have updated the HowTo with suggestions 1 & 2 (after checking them, of
course...)

Regarding suggestion 3 - I'm not sure I understand it.
Isn't that the difference I wrote between "Basic" and "Full" configurations?

2014-03-27 9:15 GMT+02:00 Martin Kosek <mkosek at redhat.com>:

> Thanks! That helps. I have few suggestions that would be great if you test:
>
> 1) Can we point Redmine to search users directly in the users container?
> I.e. cn=users,cn=accounts,dc=example,dc=com instead of just
> dc=example,dc=com.
> It will narrow down the LDAP search.
>
> 2) Can you search over LDAPS? Just to make sure that the bind and user
> password
> do not get in plain text over the wire.
>
> 3) Does the On-the-fly user creation goes well? In current configuration it
> would seem to me that some of the attributes that FreeIPA keeps for each
> user
> are not utilized. Would something like:
>
> On-the-fly user creation = yes
> Attributes
>   Login     = uid
>   Firstname = givenName
>   Lastname  = sn
>   Email     = mail
>
> provide better results in on the fly user creation?
>
> Martin
>
>
> On 03/26/2014 09:32 PM, צביקה הרמתי wrote:
> > Wow. That was much easier that my previous attempt...
> >
> > Here is the HowTo I wrote:
> > http://www.freeipa.org/page/HowTo/Authenticating_Redmine_with_IPA
> >
> > I'll be glad if you review it.
> >
> > Regarding Samba, that page looks a bit intimidating...
> >
> > Thanks for the help.
> >
> >
> > 2014-03-26 14:29 GMT+02:00 Martin Kosek <mkosek at redhat.com>:
> >
> >> On 03/26/2014 12:42 PM, צביקה הרמתי wrote:
> >>> Thanks for the prompt reply.
> >>> I tried to just bind Redmine, and failed; so I assumed that it's not
> >>> possible.
> >>> Now, with that information, I'm encouraged to try again...
> >>
> >> According to [1], you should be able to create a system account for
> >> redmine in
> >> FreeIPA LDAP (example in [2]) and pass the DN to "Account" option and
> fill
> >> it's
> >> password.
> >>
> >> Then it should be pretty straightforward to configure Redmine to bind
> users
> >> against FreeIPA LDAP by filling the Base DN and the right user
> attributes.
> >>
> >> BTW as Petr already said, when you make your setup working it would be
> >> indeed
> >> very welcome and helpful for FreeIPA community if you create a howto on
> our
> >> wiki [3].
> >>
> >> Martin
> >>
> >> [1] http://www.redmine.org/projects/redmine/wiki/RedmineLDAP
> >> [2] ejabberd account creation in
> >>
> >>
> https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships/
> >> [3] http://www.freeipa.org/page/HowTos
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140327/08096412/attachment.htm>