wkleinhenz Posted November 7, 2018 Share Posted November 7, 2018 Currently i manage a fully Linux environment that uses freeipa for ldap and ive run into 3 issues First , the account discovery works using an freeipa account but doesnt seem to correctly pull the found users passwords second, unless im doing something wrong i am unable to use the host discovery option to connect to freeipa lastly, the account discovery misses the freeipa users and thus makes it hard to use the ssh connection option as the ldap users are the only true non-service and non-root accounts so with these issues i was wondering if there has been any thought into better supporting non windows ldap for host/account discovery Thanks Link to comment Share on other sites More sharing options...
support Posted November 7, 2018 Share Posted November 7, 2018 Hello wkleinhenz, Thanks for your enquiry. We've just had a look at what freeipa is, as we've never heard of this before. Unfortunately our software is not designed to work with this, and we only currently support Microsoft Active directory for LDAP. Sorry our software is not able to help with this. Regards Click Studios Link to comment Share on other sites More sharing options...
Sarge Posted November 8, 2018 Share Posted November 8, 2018 On 11/7/2018 at 12:21 PM, wkleinhenz said: so with these issues i was wondering if there has been any thought into better supporting non windows ldap for host/account discovery Passwordstate with LDAP integration is something I requested some time ago, under tracking ID PS-1992. Assuming theres enough demand for it, it would allow integration with IPA for authentication and host discovery. IPA is a bundle of tools, ldap being one of the tools it bundles. We also use IPA for our Linux servers authentication. Assuming wkleinhenz would like this as a feature request, I'd have to +1 it. Buckit 1 Link to comment Share on other sites More sharing options...
support Posted November 23, 2018 Share Posted November 23, 2018 Hi everyone, We spent a bit of time today investigating FreeIPA, and had a question if that's ok? Were you hoping to have authenticate into Passwordstate using a FreeIPA user account? Or were you hoping Passwordstate could perform password resets and account heartbeats on accounts in FreeIPA? If this is the case, would these accounts be used on applications in the Linux world, similar to how AD accounts in Windows can be used on things like Windows Services, or IIS Application pools at an example? Regards, Support. Link to comment Share on other sites More sharing options...
wkleinhenz Posted November 23, 2018 Author Share Posted November 23, 2018 Currently I use Freeipa to manage Linux accounts specifically for SSH and being able to manage, audit and reset these passwords would be very nice. In addition, the ability to use Freeipa as an authentication source for passwordstate would also be great. I was also wondering as Freeipa does technically involve the registering of hosts, would it be possible to implement some method of host discovery using LDAP query or the like Thanks for the interest into this, for those who cant afford windows server or prefer an open source alternative this type of support is nice to see Link to comment Share on other sites More sharing options...
Buckit Posted November 23, 2018 Share Posted November 23, 2018 To further demystify FreeIPA for @support: it really is plain LDAP as a directory, with Kerberos authentication and which has a bunch of management tools added onto it. Quite literally RedHat's answer to Active Directory. To further complicate matters there's also RedHat's Idm (Identity Manager), which is mostly similar but a paid-for product. What @wkleinhenz, @Sarge and myself would be looking for, is host and account discovery inside the respective LDAP OU's. Better yet if you make it configurable All in all it would be very similar to how you handle AD discovery, with a few tweaks to the expected OUs and perhaps a few field names. Link to comment Share on other sites More sharing options...
mtovey Posted December 5, 2019 Share Posted December 5, 2019 Did this ever go anywhere? We have Passwordstate 8 now and we have recently deployed IPA to manage access to our Linux / Unix system. Now we would like to tie that to Passwordstate. Having Passwordstate perform auto-discovery through the IPA system would be very useful. Since IPA is really just a front end for LDAP, I can't imagine that it would be difficult for Passwordstate to perform queries to the LDAP system. Link to comment Share on other sites More sharing options...
support Posted December 5, 2019 Share Posted December 5, 2019 Sorry mtovey, We still do not have any support for this - implementing something like this would take a considerable amount of time, considering the number of different LDAP systems available. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now