On 11/04/2016 03:09 PM, Sebastien Julliot wrote:
> Hello everyone,
>
> As I explained you some time ago, I have been skirting the ipa's
> limitation to setting pre-hashed passwords by using ldappasswd. (I know
> you guys think it's wrong. In this case the hashes come from an other
> ldap which, for intern reasons, we can not synchronize with otherwise
> than by frequent ldif extractions. So it's the only solution to have
> unified passwords)
>
> To have the kerberos key generated, I can ask the users to do an
> ldapsearch or to ssh on a machine with sssd enabled.
> Yet, as most users will mainly want to use the WebUi, I am looking for a
> way to have them able to connect to it without needing to do an
> ldapsearch first.
>
> To be precise, I set the userPassword field using ldappasswd, and delete
> the krbprincipalkey.
>
> Do you see any way to make the webui directly authenticable ?
>
> Thanks,
> Sebastien Julliot.
>
Not sure what you want exactly. But if you want users to do simple ldap
bind with username and password and nothing else then they can use
migration page:
https://ipa.demo1.freeipa.org/ipa/migration/index.html
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
