On ke, 25 maalis 2020, Natxo Asenjo via FreeIPA-users wrote:
>hi,
>
>the foreman can not authenticate using external authentication using the
>api endpoints, apparently, which is a bit of a bummer.
>
>It can do ldap, though, so the question is:
>
>can I authenticate AD users using the compat tree in Idm? (rhel 7.7 by the
>way).

Yes, if two conditions hold:
  - the entry in compat tree is first looked up
  - that entry DN is used for a bind DN