Hi, We're looking into migrating our current LDAP setup (389) to a FreeIPA setup.
Reading documentation and searching online cannot answer the following question. Is FreeIPA able to authenticate normal LDAP clients without any Kerberos, GSSAPI involved on the client side? Most of my LDAP clients support only LDAP authentication over SSL/TLS. Will FreeIPA's LDAP server delegate authentication to Kerberos on behalf of the client or does it need the userPassword attribute stored in it's LDAP server? Which SASL Mechanism is being used in this case? If the userPassword in needed how does it stay in sync with the user's kerberos credentials? Is the sync both ways (LDAP-Kerberos)? Is there documentation about these specific tasks? Thanks, G -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
