Thanks! That helps. I have few suggestions that would be great if you test:

1) Can we point Redmine to search users directly in the users container?
I.e. cn=users,cn=accounts,dc=example,dc=com instead of just dc=example,dc=com.
It will narrow down the LDAP search.

2) Can you search over LDAPS? Just to make sure that the bind and user password
do not get in plain text over the wire.

3) Does the On-the-fly user creation goes well? In current configuration it
would seem to me that some of the attributes that FreeIPA keeps for each user
are not utilized. Would something like:

On-the-fly user creation = yes
Attributes
  Login     = uid
  Firstname = givenName
  Lastname  = sn
  Email     = mail

provide better results in on the fly user creation?

Martin


On 03/26/2014 09:32 PM, צביקה הרמתי wrote:
> Wow. That was much easier that my previous attempt...
> 
> Here is the HowTo I wrote:
> http://www.freeipa.org/page/HowTo/Authenticating_Redmine_with_IPA
> 
> I'll be glad if you review it.
> 
> Regarding Samba, that page looks a bit intimidating...
> 
> Thanks for the help.
> 
> 
> 2014-03-26 14:29 GMT+02:00 Martin Kosek <mko...@redhat.com>:
> 
>> On 03/26/2014 12:42 PM, צביקה הרמתי wrote:
>>> Thanks for the prompt reply.
>>> I tried to just bind Redmine, and failed; so I assumed that it's not
>>> possible.
>>> Now, with that information, I'm encouraged to try again...
>>
>> According to [1], you should be able to create a system account for
>> redmine in
>> FreeIPA LDAP (example in [2]) and pass the DN to "Account" option and fill
>> it's
>> password.
>>
>> Then it should be pretty straightforward to configure Redmine to bind users
>> against FreeIPA LDAP by filling the Base DN and the right user attributes.
>>
>> BTW as Petr already said, when you make your setup working it would be
>> indeed
>> very welcome and helpful for FreeIPA community if you create a howto on our
>> wiki [3].
>>
>> Martin
>>
>> [1] http://www.redmine.org/projects/redmine/wiki/RedmineLDAP
>> [2] ejabberd account creation in
>>
>> https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships/
>> [3] http://www.freeipa.org/page/HowTos
>>
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to