[Freeipa-users] Identification with openLDAP and authorization with FreeIPA
Michaël Van de Borne
michael.van.de.borne at gmail.com
Tue Jan 31 15:01:16 UTC 2017
Hello list,
Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured
with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.
For now, our solution is to copy the whole openLDAP user base to
FreeIPA, and then use FreeIPA for the identification and authorization
(all the keytab stuff).
But keeping openLDAP and FreeIPA in sync is a nightmare, and I was
wondering something:
Would it be possible to configure SSSD to simultaneously target the
openLDAP server to identify a user, and the FreeIPA server to get the
tickets?
That way, we can avoid having to keep openLDAP and FreeIPA in sync...
_*OR*_
Is there an efficient way to keep openLDAP and FreeIPA in sync?
All ideas are welcome!!
Thank you guys,
Cheers,
m.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/1e6d5f4c/attachment.htm>
More information about the Freeipa-users
mailing list