Alexander Skwar wrote:
Hello FreeIPA List :-)

For protecting a web application, we are going to use a Web Application
Firewall (SES from USP). This WAF appliance needs to have a user
“database”. And for that, we would like to use FreeIPA 4.2 on RHEL 7.2.

The WAF can access external authentication “adapters” over various
methods. Among them would be SOAP or LDAP. But not Kerberos... We're
fixed on using this particular appliance.

Is it possible to use FreeIPA as an authentication source over LDAP?

It would be so, that users would have an account in IPA. And on the WAF,
there'd be a login form (or HTTP basic auth), where the user would enter
username and password (and maybe there might even be 2FA, like SMS text
or Google Authenticator or such - but for now, that would be out of scope).

The WAF would then send username and password to FreeIPA (using LDAP)
and would need to get back, whether the combination was good or not.

Is that scenario doable with FreeIPA and LDAP? Would anyone maybe even
know of some good howtos or links? Any gotchas, that we'd need to be
aware of?

Yes it's possible, see


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to