[Freeipa-users] Re: AD trust external group in the foreman
On Wed, Mar 25, 2020 at 9:53 PM Alexander Bokovoy wrote: > On ke, 25 maalis 2020, Natxo Asenjo via FreeIPA-users wrote: > >hi, > > > >the foreman can not authenticate using external authentication using the > >api endpoints, apparently, which is a bit of a bummer. > > > >It can do ldap, though, so the question is: > > > >can I authenticate AD users using the compat tree in Idm? (rhel 7.7 by the > >way). > > Yes, if two conditions hold: > - the entry in compat tree is first looked up > - that entry DN is used for a bind DN > thanks for your answer. Looks like we'll have to talk directly to the AD ldap servers then :-) -- Groeten, natxo ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: AD trust external group in the foreman
On ke, 25 maalis 2020, Natxo Asenjo via FreeIPA-users wrote: hi, the foreman can not authenticate using external authentication using the api endpoints, apparently, which is a bit of a bummer. It can do ldap, though, so the question is: can I authenticate AD users using the compat tree in Idm? (rhel 7.7 by the way). Yes, if two conditions hold: - the entry in compat tree is first looked up - that entry DN is used for a bind DN -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org