On ti, 23 huhti 2019, Manuki San via FreeIPA-users wrote:
I have a number of applications running on my home lan (Gitlab, Jenkins, Sonarqube, Nexus, Nextcloud, Wordpress, Bind. reverse proxy etc ...) that were previous running as Virtual machines (virtualbox). I got tired managing the OS of each individual virtual machine and switched everything to docker a couple of years ago. Recently, I have decided to explore how to manage users centrally. I have tried OpenLDAP and OpenDJ, with FusionDirectory (as docker containers) Both are missing the attribute MemberOf This is where I found FreeIPA with an integrated LDAP with support of attribute memberof and a web UI. The last step might be one day to share the access to some of the docker containers to a very limited group of people, but I don't know yet if it will be via HTTPS or via VPN (in which case HTTP is enough) It will be a steep learning curve if I need to enable HTTPS for FreeIPA taking into consideration the docker platform and a reverse proxy. (Sorry for the long story).
FreeIPA requires HTTPS for its API and Web UI (which is really a javascript client utilizing IPA API over HTTPS). Also, mod_auth_gssapi will refuse clients not using HTTPS.
If you need to access Web UI, make it directly accessible for yourself over HTTPS, it is automatic with integrated CA. You might want to research tutorials by Jan at https://www.adelton.com/ -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
