On 16.6.2015 11:43, Henry Hofmann wrote: > I understand this is for application which is using Kerberos. > I have some web applications like "redmine" and "owncloud" which have a own > user management. They needs to be configure to LDAP to grant authorizations > without Kerberos. And not all of them used apache or tomcat as application > server.
Yes, use-cases with 'dumb' applications are covered by "AD Trust for Legacy Clients" presentation as mentioned below. It can be used for any standard-compliant LDAP client. I hope this helps. Petr^2 Spacek > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Petr Spacek > Sent: Dienstag, 16. Juni 2015 10:35 > To: [email protected] > Subject: Re: [Freeipa-users] Question for AD trust and Webservices > > On 16.6.2015 09:34, Henry Hofmann wrote: >> Hi, >> >> I have a question about using IPA (v.4) with an AD (2012) Trust. >> Is it possible to login with a user from the Active Directory Domain to an >> Web-Service (like redmine) which is configured to the IPA LDAP? >> >> I have understand this by read this article >> (http://www.freeipa.org/page/IPAv3_Architecture#IPA_managed_server_and_Password_based_Login). > > Best solution is to use something like this: > http://www.freeipa.org/page/Web_App_Authentication > > Alternatively you should be able to treat web application as 'legacy' LDAP > client (which is not trust-aware) and use so-called compat tree. > > Please see presentation: "AD Trust for Legacy Clients" by Tomas Babej: > http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf > > -- > Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
