On Mon, Jan 06, 2020 at 05:01:05PM +0000, White, David via FreeIPA-users wrote:
Is there a way to proxy client LDAP requests to the upstream Active
Directory that FreeIPA is configured to trust?
I have AD, where users live.
I have FreeIPA / RedHat IdM.
And I have servers that are registered to FreeIPA.
But I also have applications (such as Mediawiki, or Red Hat Satellite to name a few) that
support LDAP authentication.
I want to be able to use my AD credentials to login to Mediawiki or Satellite, but have
the application bind to FreeIPA, instead of binding it to AD.
Is this possible?
Hi,
you can bind as AD user with the DN of the AD user object from the
compat tree, see e.g.
https://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts for
details.
HTH
bye,
Sumit
I currently:
Have successfully bound Mediawiki to FreeIPA, and I can login to Mediawiki using an
account that is built locally instead of FreeIPA, but I cannot login to Mediawiki using my
AD credentials.
-----
David White
Engineer II, Fiber Systems Engineering
(423) 648-1500, Option 2
[/var/folders/7m/l5bzdbz14c9bkrwxvn2ffnjc0000gq/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/cidimage001.jpg(a)01D4B3F3.F5D81170]
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...