Николай Савельев via FreeIPA-users wrote:
> Hi.
> I asked about Owncloud, Zimbra, etc autentification in freeipa with AD trust.
> I was offered to use SAML.
> But I dont undestand SAML. It very dificult for me.
> I only want use LDAP for autentification as in this artikle 
> https://www.freeipa.org/page/Owncloud_Authentication_against_FreeIPA
> Or this 
> https://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA
> 
> Articles work fine but only for freeipa users. It dont work for AD users from 
> trusted domain.
> 
> I found Red Hat documentation for sinchronising AD with IPA 
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/active-directory
> 
> If i do it i can see AD user in ldap requests for ipa server?
> 

If you do winsync instead of AD trust then yes, the AD entries will
reside in the IPA LDAP server.

For passwords to work you'll need to install the passsync service on
every AD DC and any AD user that you want to authenticate will need to
reset their password for it work work when authenticating against IPA.

I agree that SAML can be confusing and difficult but IMHO it is a far,
far better path than co-mingling your AD and IPA entries using winsync.
winsync is not recommended.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to