Introduction to FreeIPA
FreeIPA is used for authentication at Freeside, FreeIPA provides an all in one system that implementing the LDAP protocol along with Kerberos and CA services. It is advised to familiarise yourself with LDAP and Kerberos before using FreeIPA.
The FreeIPA documentation can also be very useful.
URL for FreeIPA: ipa.freeside.co.uk (220.127.116.11)
Installing a FreeIPA server
Instead of including infomation which will go out of date on the Wiki I shall link to a guide on http://server-world.info Their guides are straight to the point and regulary updated for new Distro updates. https://www.server-world.info/en/note?os=Fedora_27&p=freeipa - This is the guide I followed to setup FreeIPA
Installing a FreeIPA Client
First make sure the Client has a FQDN example
fs-importantserver-01.freeside.co.uk localhost in your /etc/host, a corresponding enty should be made on the DNS server hosted on
ipa.freeside.co.uk by editing the
You should also check that the DNS is set on the Client to use the server
18.104.22.168 without this FreeIPA won’t automatically be able to retrieve infomation from kerbros and you will have problems connecting to kerbros down the line.
Installing a client is a simple as typing the command:
# ipa-client-install --server=ipa.freeside.co.uk --domain freeside.co.uk
Add to setup home directory mounting
# ipa-client-automount --location=default
Configuring a service to use LDAP Authentication:
The ldap Base shoould be
dc=freeside,dc=co,dc=uk on it’s own would work but the application may use the the compat tree which would result in the application not being able to retrieve user infomation such as emails.
The bind DN is
this is a system account which does not have write privilidges. DO NOT USE A BIND WITH WRITE PERMISSION
- Guide how to use the FreeIPA interface