Hello, I would like to get freeipa to work with a proxy solution ( I currently have this working with an active directory/no trust authentication and sudo but no HBAC) including HBAC. I can get sudo to work but not HBAC. I see there is a ticket for this as a new enhancement #4634 but wanted to confirm that there isn't another way to accomplish this.
Here is my current configuration for proxy and this works OK: [domain/mikey.com] sudo_provider = ipa ipa_domain = va2.b2c.mikey.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = ip-10-12-177-28.va2.b2c.mikey.com chpass_provider = ipa ipa_server = _srv_, ip-10-12-177-24.va2.b2c.mikey.com ldap_tls_cacert = /etc/ipa/ca.crt id_provider = proxy proxy_lib_name = files auth_provider = ldap reconnection_retries = 3 ldap_uri = ldap://adldaplb.mikey.com ldap_search_base = dc=ad,dc=mikey,dc=com?subtree? ldap_schema = AD ldap_default_authtok_type = password ldap_network_timeout = 120 ldap_opt_timeout = 120 ldap_search_timeout = 120 ldap_id_use_start_tls = false ldap_user_object_class = user ldap_group_object_class = group ldap_user_name = sAMAccountName enumerate = true ldap_referrals = true ldap_tls_reqcert = allow ldap_tls_cacertdir = /etc/openldap/cacerts ldap_access_filter = * case_sensitive = false lookup_family_order = ipv4_only dns_resolver_timeout = 30 cache_credentials = false Thanks for your help, Warren Birnbaum
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project