On 16.6.2015 11:43, Henry Hofmann wrote:
> I understand this is for application which is using Kerberos.
> I have some web applications like "redmine" and "owncloud" which have a own 
> user management. They needs to be configure to LDAP to grant authorizations 
> without Kerberos. And not all of them used apache or tomcat as application 
> server.

Yes, use-cases with 'dumb' applications are covered by "AD Trust for Legacy
Clients" presentation as mentioned below. It can be used for any
standard-compliant LDAP client.

I hope this helps.

Petr^2 Spacek

> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
> Sent: Dienstag, 16. Juni 2015 10:35
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Question for AD trust and Webservices
> 
> On 16.6.2015 09:34, Henry Hofmann wrote:
>> Hi,
>>
>> I have a question about using IPA (v.4) with an AD (2012) Trust.
>> Is it possible to login with a user from the Active Directory Domain to an 
>> Web-Service (like redmine) which is configured to the IPA LDAP?
>>
>> I have understand this by read this article 
>> (http://www.freeipa.org/page/IPAv3_Architecture#IPA_managed_server_and_Password_based_Login).
> 
> Best solution is to use something like this:
> http://www.freeipa.org/page/Web_App_Authentication
> 
> Alternatively you should be able to treat web application as 'legacy' LDAP 
> client (which is not trust-aware) and use so-called compat tree.
> 
> Please see presentation: "AD Trust for Legacy Clients" by Tomas Babej:
> http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf
> 
> --
> Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to