[Freeipa-users] Using FreeIPA for LDAP authentication in 3rd party applications
Dan
dan at descript.co.uk
Tue Mar 17 17:45:44 UTC 2015
Thomas Raehalme <thomas.raehalme at ...> writes:
>
> Hi,
>
> Previously we have used Atlassian Crowd as a source for user data in
> various applications, both in-house built and proprietary such as JIRA
> or Confluence. As we have deployed FreeIPA, I would like to start
> using it as the identity source. Unfortunately using Kerberos is not
> always possible so I am thinking about LDAP which often is an option
> in 3rd party applicaitons.
>
> Anonymous access to the FreeIPA LDAP is enabled by default. Is it
> possible to configure username/password to access the information?
> Currently vSphere has a problem with anonymous access to LDAP not
> working as intended. Ofcourse it would be nice to be able to restrict
> access anyways.
>
> If using FreeIPA LDAP as the identity source, how should
> authentication be handled? Is it possible to read the hash code for
> passwords? Is it possible to authenticate against the LDAP service?
>
> Any advice appreciated!
>
> Best regards,
> Thomas
Hi,
I have just successfully configured confluence and jira to use FreeIPA for
its LDAP user directory.
First, create an IPA user group for confluence-users and jira-users using
the IPA dashboard. Then add a user to both of these groups.
If you navigate to the confluence and jira dashboards and then in the "User
Directories" settings menu add a "Generic Directory Server" and then use the
following settings...
Base DN: You can find this in your IPA config.
Additional User DN: cn=users,cn=accounts
Additional Group DN: cn=groups,cn=accounts
LDAP Permissions: Read Only
Advanced Settings - Defaults are fine for this section
User Schema Settings
User Object Class: inetorgperson
User Object Filter: (objectclass=inetorgperson)
User Name Attribute: uid
User Name RDN Attribute: uid
User First Name Attribute: givenName
User Last Name Attribute: sn
User Display Name Attribute: displayName
User Email Attribute: mail
User Password Attribute: userPassword
User Password Encryption: SHA
User Unique ID Attribute: ipaUniqueID
Group Schema Settings
Group Object Class ipausergroup
Group Object Filter (objectclass=ipausergroup)
Group Name Attribute cn
Group Description description
Membership Schema Settings
Group Members Attribute: member
User Membership Attribute: member (This is not used due to the next option)
User the User Membership Attribute: (Ensure this is unchecked, it is not
supported)
Now save and test using the user who is in the groups created above.
Hope this helps someone.
Dan
More information about the Freeipa-users
mailing list