Hi,
We have an application (Spring LDAP backend) that uses ketyabs in the IPA domain for SSO auth. No problems at all for internal FreeIPA users after they have a valid ticket (using MIT Kerberos for Windows) and a correctly configured browser.
An AD user is never present in IPA itself as an inetOrgPerson objectclass (correct?). So because AD users are only present in the compat tree after adding them the "Default Trust View" , configuration of the application is a problem. Because of the schema, I can only use posixAccount and membership is using memberUid / RFC2307 (correct again?) The absence of inetOrgPerson information (and memberOf) in the compat view, gives me difficulties connecting this component to FreeIPA....
Anyone experience with connecting Spring to IPA - AND - being able to use AD users?
Sincerely Pieter
freeipa-users@lists.fedorahosted.org