[Freeipa-users] LDAP access for user authentication?
Rob Crittenden
rcritten at redhat.com
Wed May 11 22:06:12 UTC 2016
Alexander Skwar wrote:
> Hello FreeIPA List :-)
>
> For protecting a web application, we are going to use a Web Application
> Firewall (SES from USP). This WAF appliance needs to have a user
> “database”. And for that, we would like to use FreeIPA 4.2 on RHEL 7.2.
>
> The WAF can access external authentication “adapters” over various
> methods. Among them would be SOAP or LDAP. But not Kerberos... We're
> fixed on using this particular appliance.
>
> Is it possible to use FreeIPA as an authentication source over LDAP?
>
> It would be so, that users would have an account in IPA. And on the WAF,
> there'd be a login form (or HTTP basic auth), where the user would enter
> username and password (and maybe there might even be 2FA, like SMS text
> or Google Authenticator or such - but for now, that would be out of scope).
>
> The WAF would then send username and password to FreeIPA (using LDAP)
> and would need to get back, whether the combination was good or not.
>
> Is that scenario doable with FreeIPA and LDAP? Would anyone maybe even
> know of some good howtos or links? Any gotchas, that we'd need to be
> aware of?
Yes it's possible, see http://www.freeipa.org/page/HowTo/LDAP
rob
More information about the Freeipa-users
mailing list