On 03/27/2014 03:09 PM, צביקה הרמתי wrote: > I have updated the HowTo with suggestions 1 & 2 (after checking them, of > course...)
Good! > Regarding suggestion 3 - I'm not sure I understand it. > Isn't that the difference I wrote between "Basic" and "Full" configurations? Ah, I see - you are right. I updated your article and fixed few minor issues I saw and linked it to http://www.freeipa.org/page/HowTos Thank you, Martin > 2014-03-27 9:15 GMT+02:00 Martin Kosek <[email protected]>: > >> Thanks! That helps. I have few suggestions that would be great if you test: >> >> 1) Can we point Redmine to search users directly in the users container? >> I.e. cn=users,cn=accounts,dc=example,dc=com instead of just >> dc=example,dc=com. >> It will narrow down the LDAP search. >> >> 2) Can you search over LDAPS? Just to make sure that the bind and user >> password >> do not get in plain text over the wire. >> >> 3) Does the On-the-fly user creation goes well? In current configuration it >> would seem to me that some of the attributes that FreeIPA keeps for each >> user >> are not utilized. Would something like: >> >> On-the-fly user creation = yes >> Attributes >> Login = uid >> Firstname = givenName >> Lastname = sn >> Email = mail >> >> provide better results in on the fly user creation? >> >> Martin >> >> >> On 03/26/2014 09:32 PM, צביקה הרמתי wrote: >>> Wow. That was much easier that my previous attempt... >>> >>> Here is the HowTo I wrote: >>> http://www.freeipa.org/page/HowTo/Authenticating_Redmine_with_IPA >>> >>> I'll be glad if you review it. >>> >>> Regarding Samba, that page looks a bit intimidating... >>> >>> Thanks for the help. >>> >>> >>> 2014-03-26 14:29 GMT+02:00 Martin Kosek <[email protected]>: >>> >>>> On 03/26/2014 12:42 PM, צביקה הרמתי wrote: >>>>> Thanks for the prompt reply. >>>>> I tried to just bind Redmine, and failed; so I assumed that it's not >>>>> possible. >>>>> Now, with that information, I'm encouraged to try again... >>>> >>>> According to [1], you should be able to create a system account for >>>> redmine in >>>> FreeIPA LDAP (example in [2]) and pass the DN to "Account" option and >> fill >>>> it's >>>> password. >>>> >>>> Then it should be pretty straightforward to configure Redmine to bind >> users >>>> against FreeIPA LDAP by filling the Base DN and the right user >> attributes. >>>> >>>> BTW as Petr already said, when you make your setup working it would be >>>> indeed >>>> very welcome and helpful for FreeIPA community if you create a howto on >> our >>>> wiki [3]. >>>> >>>> Martin >>>> >>>> [1] http://www.redmine.org/projects/redmine/wiki/RedmineLDAP >>>> [2] ejabberd account creation in >>>> >>>> >> https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships/ >>>> [3] http://www.freeipa.org/page/HowTos >>>> >>> >> >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
