Kapetanakis Giannis via FreeIPA-users wrote: > Hi, > > We're looking into migrating our current LDAP setup (389) to a FreeIPA setup. > > Reading documentation and searching online cannot answer the following > question. > > Is FreeIPA able to authenticate normal LDAP clients without any Kerberos, > GSSAPI involved on the client side? > Most of my LDAP clients support only LDAP authentication over SSL/TLS.
What kind of authentication? Simple bind works out of the box. > Will FreeIPA's LDAP server delegate authentication to Kerberos on behalf of > the client or > does it need the userPassword attribute stored in it's LDAP server? > > Which SASL Mechanism is being used in this case? > > If the userPassword in needed how does it stay in sync with the user's > kerberos credentials? > Is the sync both ways (LDAP-Kerberos)? IPA handles keeping the userPassword and krbPrincipalKey values in sync via a 389-ds plugin. > Is there documentation about these specific tasks? Which tasks? There is probably only a bullet-point in the docs for the password synchronization because it is not configurable and happens automatically. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
