On 09/12/2013 03:18 PM, Thomas Raehalme wrote:
> Hi!
> On Thu, Sep 12, 2013 at 4:06 PM, Martin Kosek <mko...@redhat.com> wrote:
>> I was just referring to fact, that when a system or application uses LDAP as 
>> an
>> identity and authentication source, it often use simple LDAP Bind operation
>> (i.e. accessing LDAP with user+password or) when testing if the user 
>> accessing
>> the application provided the right credentials.
> Yes, that's true at least for some applications. Does the LDAP in
> FreeIPA allow that kind of login by default for IPA users? If not, is
> it possible to enable it somehow?
> Best regards,
> Thomas Raehalme

Well, LDAP is the data backend for all FreeIPA identity data, you can certainly
use plain LDAP binds with them (though Kerberos/GSSAPI auth is preferred).

See an example when I add a new IPA user and do LDAP bind with his credentials:

# ipa user-add --first=John --last=Doe jdoe --random
Added user "jdoe"
  User login: jdoe
  First name: John
  Last name: Doe
  Full name: John Doe
  Display name: John Doe
  Initials: JD
  Home directory: /home/jdoe
  GECOS: John Doe
  Login shell: /bin/sh
  Kerberos principal: j...@example.com
  Email address: j...@example.com
  Random password: xO3xs5yOv,dL
  UID: 470000066
  GID: 470000066
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

# ldapsearch -h `hostname` -D "uid=jdoe,cn=users,cn=accounts,dc=example,dc=com"
-x -w xO3xs5yOv,dL -b "" -s base
# extended LDIF
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL

objectClass: top


Freeipa-users mailing list

Reply via email to