On 09/12/2013 02:54 PM, Thomas Raehalme wrote: > Hi! > > On Thu, Sep 12, 2013 at 3:28 PM, Martin Kosek <mko...@redhat.com> wrote: > >> When using FreeIPA LDAP as identity source, you could ideally use >> Kerberos/GSSAPI authentication. But if that is not available, you can use >> simple LDAP binds too. You cannot read the hash codes unless you are >> "cn=Directory Manager" (or unless you set ACI allowing that, but this is very >> unsecure). > > Could you please elaborate on using simple LDAP binds?
I was just referring to fact, that when a system or application uses LDAP as an identity and authentication source, it often use simple LDAP Bind operation (i.e. accessing LDAP with user+password or) when testing if the user accessing the application provided the right credentials. I am no expert on how you configure that with vSphere or similar, but if it supports general LDAP as an identity/authentication source, it should also work with FreeIPA. I found some doc where may be relevant: http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B23B1360-8838-4FF2-B074-71643C4CB040.html Maybe other users are capable of giving more detailed answer with respect to vSphere. Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users