Bartek Moczulski wrote:
hi,
I've got a problem with using IPA as authentication source over LDAP.
Generally there are two approaches to LDAP authentication:
1. bind using admin account and read passwords from user objects (but in
ipa you cannot read passwords through ldap, right?)
2. "bind to authenticate" - service tries to log in to ldap with user's
credentials. If login is successful authentication is also succesful -
this approach does not work because you cannot login to IPA ldap using
bare username, you need a full LDAP DN.

Now, I've got a 3rd party application supporting both mentioned above
appoaches and the question is - how to make it work with ipa?

thanks in advance,

We won't do #1. In our opinion it is insecure to share password hashes.

For #2 AFAIK LDAP simple bind requires a DN. Typically the app does a search on the uid, gets the DN, then attempts a bind.

I'd be curious to know what LDAP servers your 3rd party app is certified against.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to