[Freeipa-users] Question for AD trust and Webservices
Henry Hofmann
henry.hofmann at osthus.com
Tue Jun 16 09:43:00 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I understand this is for application which is using Kerberos.
I have some web applications like "redmine" and "owncloud" which have a own user management. They needs to be configure to LDAP to grant authorizations without Kerberos. And not all of them used apache or tomcat as application server.
Henry
- -----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek
Sent: Dienstag, 16. Juni 2015 10:35
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Question for AD trust and Webservices
On 16.6.2015 09:34, Henry Hofmann wrote:
> Hi,
>
> I have a question about using IPA (v.4) with an AD (2012) Trust.
> Is it possible to login with a user from the Active Directory Domain to an Web-Service (like redmine) which is configured to the IPA LDAP?
>
> I have understand this by read this article (http://www.freeipa.org/page/IPAv3_Architecture#IPA_managed_server_and_Password_based_Login).
Best solution is to use something like this:
http://www.freeipa.org/page/Web_App_Authentication
Alternatively you should be able to treat web application as 'legacy' LDAP client (which is not trust-aware) and use so-called compat tree.
Please see presentation: "AD Trust for Legacy Clients" by Tomas Babej:
http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf
- --
Petr^2 Spacek
- --
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.1.0 (Build 860)
Charset: us-ascii
wsBVAwUBVX/vp3Eu+nQzo7NUAQiz7wgAk3a9f8IowhvYgqWZHB7WsKCYpoNOgnI8
OKeRdO7K2uJToZ+AnJfD8CzXgQUPM3avr3KINk7pSGN+Tjv3p9nOrrzNAZu4nLOT
JNrkLxEXqMqv6BhE3LBdCc1mvgbPR4KKKLhwM5UrSEPNNwDBLZk5jc+FflG7PDf7
WxlmYcjpI+XTg3k6b1XXLcprpKRmhk3e9pPv/yRxs3vhxtgaxmZIIqnlcNHsTkI8
H1onvia75Py4PhFZsshX9HdK6dtyof0XJqNZ4flCVjboQR4nEe9ofUnwYjrelbpr
iHzSzKCHZmZnp55Ey8Ox9D5N7TbvmWHVPOXUbjxbPMrKvajA7UfCxw==
=+cZZ
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list