On 09/12/2013 02:54 PM, Thomas Raehalme wrote:
> Hi!
> On Thu, Sep 12, 2013 at 3:28 PM, Martin Kosek <mko...@redhat.com> wrote:
>> When using FreeIPA LDAP as identity source, you could ideally use
>> Kerberos/GSSAPI authentication. But if that is not available, you can use
>> simple LDAP binds too. You cannot read the hash codes unless you are
>> "cn=Directory Manager" (or unless you set ACI allowing that, but this is very
>> unsecure).
> Could you please elaborate on using simple LDAP binds?

I was just referring to fact, that when a system or application uses LDAP as an
identity and authentication source, it often use simple LDAP Bind operation
(i.e. accessing LDAP with user+password or) when testing if the user accessing
the application provided the right credentials.

I am no expert on how you configure that with vSphere or similar, but if it
supports general LDAP as an identity/authentication source, it should also work
with FreeIPA.

I found some doc where may be relevant:

Maybe other users are capable of giving more detailed answer with respect to


Freeipa-users mailing list

Reply via email to