[Freeipa-users] LDAP access for user authentication?

[Alexander Skwar]

Hello FreeIPA List :-)

For protecting a web application, we are going to use a Web Application
Firewall (SES from USP). This WAF appliance needs to have a user
“database”. And for that, we would like to use FreeIPA 4.2 on RHEL 7.2.

The WAF can access external authentication “adapters” over various methods.
Among them would be SOAP or LDAP. But not Kerberos... We're fixed on using
this particular appliance.

Is it possible to use FreeIPA as an authentication source over LDAP?

It would be so, that users would have an account in IPA. And on the WAF,
there'd be a login form (or HTTP basic auth), where the user would enter
username and password (and maybe there might even be 2FA, like SMS text or
Google Authenticator or such - but for now, that would be out of scope).

The WAF would then send username and password to FreeIPA (using LDAP) and
would need to get back, whether the combination was good or not.

Is that scenario doable with FreeIPA and LDAP? Would anyone maybe even know
of some good howtos or links? Any gotchas, that we'd need to be aware of?

Thanks a lot and „Viele Grüße” 😃

Alexander Skwar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160511/c22d8bf5/attachment.htm>