[Freeipa-users] Possible to tell SSSD to talk to virtual directory instead of directly to 389?
Marc Boorshtein
marc.boorshtein at tremolosecurity.com
Wed May 11 21:23:17 UTC 2016
I've got a potential use case where I want to authenticate users using
their AD credentials, store accounts and permissions in FreeIPA but
not have a cross forest trust. One way to do this is to have SSSD
talk LDAP to a virtual directory which would route the bind to AD but
all other operations to the 389 backing IPA. Kerberos wouldn't work,
but if you're interested in password or ssh key based auth it should
work, right? Then you'd still get the HBAC benefits?
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein at tremolosecurity.com
Twitter - @mlbiam / @tremolosecurity
More information about the Freeipa-users
mailing list