[Freeipa-users] IPA - Samba / Redmine / Disable Kerberos?

Martin Kosek mkosek at redhat.com
Thu Mar 27 14:20:45 UTC 2014 

On 03/27/2014 03:09 PM, צביקה הרמתי wrote:
> I have updated the HowTo with suggestions 1 & 2 (after checking them, of
> course...)

Good!

> Regarding suggestion 3 - I'm not sure I understand it.
> Isn't that the difference I wrote between "Basic" and "Full" configurations?

Ah, I see - you are right. I updated your article and fixed few minor issues I
saw and linked it to

http://www.freeipa.org/page/HowTos

Thank you,
Martin

> 2014-03-27 9:15 GMT+02:00 Martin Kosek <mkosek at redhat.com>:
> 
>> Thanks! That helps. I have few suggestions that would be great if you test:
>>
>> 1) Can we point Redmine to search users directly in the users container?
>> I.e. cn=users,cn=accounts,dc=example,dc=com instead of just
>> dc=example,dc=com.
>> It will narrow down the LDAP search.
>>
>> 2) Can you search over LDAPS? Just to make sure that the bind and user
>> password
>> do not get in plain text over the wire.
>>
>> 3) Does the On-the-fly user creation goes well? In current configuration it
>> would seem to me that some of the attributes that FreeIPA keeps for each
>> user
>> are not utilized. Would something like:
>>
>> On-the-fly user creation = yes
>> Attributes
>>   Login     = uid
>>   Firstname = givenName
>>   Lastname  = sn
>>   Email     = mail
>>
>> provide better results in on the fly user creation?
>>
>> Martin
>>
>>
>> On 03/26/2014 09:32 PM, צביקה הרמתי wrote:
>>> Wow. That was much easier that my previous attempt...
>>>
>>> Here is the HowTo I wrote:
>>> http://www.freeipa.org/page/HowTo/Authenticating_Redmine_with_IPA
>>>
>>> I'll be glad if you review it.
>>>
>>> Regarding Samba, that page looks a bit intimidating...
>>>
>>> Thanks for the help.
>>>
>>>
>>> 2014-03-26 14:29 GMT+02:00 Martin Kosek <mkosek at redhat.com>:
>>>
>>>> On 03/26/2014 12:42 PM, צביקה הרמתי wrote:
>>>>> Thanks for the prompt reply.
>>>>> I tried to just bind Redmine, and failed; so I assumed that it's not
>>>>> possible.
>>>>> Now, with that information, I'm encouraged to try again...
>>>>
>>>> According to [1], you should be able to create a system account for
>>>> redmine in
>>>> FreeIPA LDAP (example in [2]) and pass the DN to "Account" option and
>> fill
>>>> it's
>>>> password.
>>>>
>>>> Then it should be pretty straightforward to configure Redmine to bind
>> users
>>>> against FreeIPA LDAP by filling the Base DN and the right user
>> attributes.
>>>>
>>>> BTW as Petr already said, when you make your setup working it would be
>>>> indeed
>>>> very welcome and helpful for FreeIPA community if you create a howto on
>> our
>>>> wiki [3].
>>>>
>>>> Martin
>>>>
>>>> [1] http://www.redmine.org/projects/redmine/wiki/RedmineLDAP
>>>> [2] ejabberd account creation in
>>>>
>>>>
>> https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships/
>>>> [3] http://www.freeipa.org/page/HowTos
>>>>
>>>
>>
>>
>

More information about the Freeipa-users mailing list