Is there a way to proxy client LDAP requests to the upstream Active Directory that FreeIPA is configured to trust?

 

I have AD, where users live.

I have FreeIPA / RedHat IdM.

And I have servers that are registered to FreeIPA.

 

But I also have applications (such as Mediawiki, or Red Hat Satellite to name a few) that support LDAP authentication.

I want to be able to use my AD credentials to login to Mediawiki or Satellite, but have the application bind to FreeIPA, instead of binding it to AD.

 

Is this possible?

 

I currently:

Have successfully bound Mediawiki to FreeIPA, and I can login to Mediawiki using an account that is built locally instead of FreeIPA, but I cannot login to Mediawiki using my AD credentials.

 

-----