On 09/12/2013 01:46 PM, Thomas Raehalme wrote:
> Hi,
> Previously we have used Atlassian Crowd as a source for user data in
> various applications, both in-house built and proprietary such as JIRA
> or Confluence. As we have deployed FreeIPA, I would like to start
> using it as the identity source. Unfortunately using Kerberos is not
> always possible so I am thinking about LDAP which often is an option
> in 3rd party applicaitons.
> Anonymous access to the FreeIPA LDAP is enabled by default. Is it
> possible to configure username/password to access the information?
> Currently vSphere has a problem with anonymous access to LDAP not
> working as intended. Ofcourse it would be nice to be able to restrict
> access anyways.
> If using FreeIPA LDAP as the identity source, how should
> authentication be handled? Is it possible to read the hash code for
> passwords? Is it possible to authenticate against the LDAP service?
> Any advice appreciated!
> Best regards,
> Thomas

When using FreeIPA LDAP as identity source, you could ideally use
Kerberos/GSSAPI authentication. But if that is not available, you can use
simple LDAP binds too. You cannot read the hash codes unless you are
"cn=Directory Manager" (or unless you set ACI allowing that, but this is very

If you do not want to access the LDAP anonymously and you do not want to use a
full IPA user for that (added via "ipa user-add"), you can manually add a
system user and use that for binding to LDAP:

# ldapadd -h `hostname` -D "cn=Directory Manager" -x -w kokos123
dn: uid=vsphere,cn=sysaccounts,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: vsphere
userPassword: SuperSecretPassword

adding new entry


Freeipa-users mailing list

Reply via email to