On Mon, Jan 06, 2020 at 05:01:05PM +0000, White, David via FreeIPA-users wrote: > Is there a way to proxy client LDAP requests to the upstream Active Directory > that FreeIPA is configured to trust? > > I have AD, where users live. > I have FreeIPA / RedHat IdM. > And I have servers that are registered to FreeIPA. > > But I also have applications (such as Mediawiki, or Red Hat Satellite to name > a few) that support LDAP authentication. > I want to be able to use my AD credentials to login to Mediawiki or > Satellite, but have the application bind to FreeIPA, instead of binding it to > AD. > > Is this possible?
Hi, you can bind as AD user with the DN of the AD user object from the compat tree, see e.g. https://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts for details. HTH bye, Sumit > > I currently: > Have successfully bound Mediawiki to FreeIPA, and I can login to Mediawiki > using an account that is built locally instead of FreeIPA, but I cannot login > to Mediawiki using my AD credentials. > > ----- > David White > Engineer II, Fiber Systems Engineering > (423) 648-1500, Option 2 > > [/var/folders/7m/l5bzdbz14c9bkrwxvn2ffnjc0000gq/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/[email protected]] > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
