Highlighted
Honored Contributor.
Honored Contributor.
427 views

LDAP Kerberos Authentication


Hello All,

I have a client running a RedHat directory called "IPA". It's an LDAP
directory server but requires Kerberos authentication. As far as I can
see there is no way to configure the LDAP driver for Kerberos
authentication, is there by any chance a way to hook in an extension
class for authentication to that driver?

Thanks
Rob


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: https://forums.netiq.com/member.php?userid=403
View this thread: https://forums.netiq.com/showthread.php?t=57254

Labels (1)
0 Likes
5 Replies
Absent Member.
Absent Member.

Re: LDAP Kerberos Authentication


rrawson;274286 Wrote:
> Hello All,
>
> I have a client running a RedHat directory called "IPA". It's an LDAP
> directory server but requires Kerberos authentication. As far as I can
> see there is no way to configure the LDAP driver for Kerberos
> authentication, is there by any chance a way to hook in an extension
> class for authentication to that driver?
>
> Thanks
> Rob


IPA _is_ a Kerberos server, and has a built-in mechanism to update
kerberos keys when the password is changed via LDAP. I've connected IPA
to IDM just using the out of the box LDAP driver.


--
kbuley
------------------------------------------------------------------------
kbuley's Profile: https://forums.netiq.com/member.php?userid=489
View this thread: https://forums.netiq.com/showthread.php?t=57254

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: LDAP Kerberos Authentication


Thank you!


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: https://forums.netiq.com/member.php?userid=403
View this thread: https://forums.netiq.com/showthread.php?t=57254

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: LDAP Kerberos Authentication


I think the client is concerned that they are binding to LDAP via
Kerberos, it's expected that a password change will work once bound. But
perhaps I misunderstood them.


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: https://forums.netiq.com/member.php?userid=403
View this thread: https://forums.netiq.com/showthread.php?t=57254

0 Likes
Highlighted
New Member.

Re: LDAP Kerberos Authentication


I did provision to IPA in the past via the REST interface of IPA. It
worked without a lot of problems. The publisher channel was done via a
normal LDAP driver.

Stefaan


--
scauwe
------------------------------------------------------------------------
scauwe's Profile: https://forums.netiq.com/member.php?userid=1273
View this thread: https://forums.netiq.com/showthread.php?t=57254

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: LDAP Kerberos Authentication

Hi Stefaan,
Did you used 2 separate drivers (Rest for subscriber and LDAP for publisher) or you already created your own asymmetric (REST/LDAP) SHIM (like you planned to include in your text driver)?

Alex
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.