On Thu, Sep 12, 2013 at 03:54:59PM +0300, Thomas Raehalme wrote:
> On Thu, Sep 12, 2013 at 3:28 PM, Martin Kosek <mko...@redhat.com> wrote:
> > When using FreeIPA LDAP as identity source, you could ideally use
> > Kerberos/GSSAPI authentication. But if that is not available, you can use
> > simple LDAP binds too. You cannot read the hash codes unless you are
> > "cn=Directory Manager" (or unless you set ACI allowing that, but this is
> > very
> > unsecure).
> Could you please elaborate on using simple LDAP binds?
> Thanks for the detailed example!
simple bind == with a password. The simple bind has two components - the
DN to bind as and a password.
See the example Martin posted. The ldapadd command there authenticates
using DN "cn=Directory Manager" and Martin was kind enough to also show
how a password can be provided.
Freeipa-users mailing list