[Freeipa-users] Question for AD trust and Webservices
Alexander Bokovoy
abokovoy at redhat.com
Wed Jun 17 05:37:49 UTC 2015
On Tue, 16 Jun 2015, Henry Hofmann wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>I understand this is for application which is using Kerberos.
No, it is not only for that.
>I have some web applications like "redmine" and "owncloud" which have a
>own user management. They needs to be configure to LDAP to grant
>authorizations without Kerberos. And not all of them used apache or
>tomcat as application server.
For OwnCloud use
https://apps.owncloud.com/content/show.php/Unix+user+backend?content=148406
and read a backstory in https://github.com/owncloud/core/issues/10130
For redmine use http://www.redmine.org/plugins/redmine_pam_auth. You
don't need to include the user which runs redmine into shadow group with
FreeIPA because user accounts are never in /etc/shadow for FreeIPA so
you don't need that access.
Both these methods rely on PAM authentication which is powered by SSSD.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list