[Freeipa-users] Allow external AD users on webui

[Jake]

Sorry for the late reply, I've seen this on the mailing list a few times and wondered it myself....this was my solution:

IPA has an option to use RADIUS password, which you can also override the username.  So for those users that are allowed to manage IPA, we have google-auth and freeradius gateways setup with a user-override.

for example.
jevans at ipa.example.com has radius user of jevans at ad.example.com

I log into the webui with jevans at ipa.example.com with my password for jevans at ad.example.com (and in my case, I add my google auth OTP)

Does this help?
-Jake


----- Original Message -----
From: "Alexander Bokovoy" <abokovoy at redhat.com>
To: "Troels Hansen" <th at casalogic.dk>
Cc: "freeipa-users" <freeipa-users at redhat.com>
Sent: Monday, October 31, 2016 3:59:36 AM
Subject: Re: [Freeipa-users] Allow external AD users on webui

On ma, 31 loka 2016, Troels Hansen wrote:
>----- On Oct 31, 2016, at 8:33 AM, Alexander Bokovoy abokovoy at redhat.com wrote:
>
>
>> You make it sound as if it is a done deal. It is not, there is a number
>> of changes that yet not figured out how to do in an efficient way.
>>
>> It is in our pipeline for 4.5. It is understandable that people ask for
>> this feature. It is also should be clear to you had it been a simple
>> thing, it would have been implemented already.
>>
>> If you want to see a progress, subscribe to the ticket.
>
>Hi Alexander
>
>It was in no way a critics of the FreeIPA team. I'm well aware of the
>work being out into this product from the core team, and appreciate
>every new release, but also not really able to help much with the
>development, only testing and feedback.
That's why I asked you to subscribe to the ticket. Once the changes will
be ready, you could help with testing them.

-- 
/ Alexander Bokovoy

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project