[Freeipa-users] Allow external AD users on webui
Jake
freeipa at jacobdevans.com
Tue Nov 1 22:48:31 UTC 2016
Sorry for the late reply, I've seen this on the mailing list a few times and wondered it myself....this was my solution:
IPA has an option to use RADIUS password, which you can also override the username. So for those users that are allowed to manage IPA, we have google-auth and freeradius gateways setup with a user-override.
for example.
jevans at ipa.example.com has radius user of jevans at ad.example.com
I log into the webui with jevans at ipa.example.com with my password for jevans at ad.example.com (and in my case, I add my google auth OTP)
Does this help?
-Jake
----- Original Message -----
From: "Alexander Bokovoy" <abokovoy at redhat.com>
To: "Troels Hansen" <th at casalogic.dk>
Cc: "freeipa-users" <freeipa-users at redhat.com>
Sent: Monday, October 31, 2016 3:59:36 AM
Subject: Re: [Freeipa-users] Allow external AD users on webui
On ma, 31 loka 2016, Troels Hansen wrote:
>----- On Oct 31, 2016, at 8:33 AM, Alexander Bokovoy abokovoy at redhat.com wrote:
>
>
>> You make it sound as if it is a done deal. It is not, there is a number
>> of changes that yet not figured out how to do in an efficient way.
>>
>> It is in our pipeline for 4.5. It is understandable that people ask for
>> this feature. It is also should be clear to you had it been a simple
>> thing, it would have been implemented already.
>>
>> If you want to see a progress, subscribe to the ticket.
>
>Hi Alexander
>
>It was in no way a critics of the FreeIPA team. I'm well aware of the
>work being out into this product from the core team, and appreciate
>every new release, but also not really able to help much with the
>development, only testing and feedback.
That's why I asked you to subscribe to the ticket. Once the changes will
be ready, you could help with testing them.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list