Configure FreeIPA for Authentication (Slightly outdated, see foreman manual for up to date into)

In order to login to the Foreman using FreeIPA credentials, you need to create a bind account for Foreman to use:

  1. On the FreeIPA server, create a foreman.ldif file, replacing dc=example,dc=com with your DN, and providing an appropriately secure password:
    dn: uid=foreman,cn=sysaccounts,cn=etc,dc=example,dc=com
    changetype: add
    objectclass: account
    objectclass: simplesecurityobject
    uid: foreman
    userPassword: secure password
    passwordExpirationTime: 20380119031407Z
    nsIdleTimeout: 0
  2. Import the LDIF (change localhost to an IPA server if needed), you’ll be prompted for your Directory Manager password:
    # ldapmodify -h localhost -p 389 -x -D \
    "cn=Directory Manager" -W -f foreman.ldif
  3. Add an IPA group for foreman_users (optional):
    # ipa group-add --desc="Foreman Users" foreman_users
  4. Now login to the Foreman as an Admin, click on “LDAP Authentication” under More/Users. Then click New LDAP Source and fill in the details, changing dn’s where appropriate to your own domain:
    • Server:
    • Port: 636
    • TLS: checked
    • Account username: uid=foreman,cn=sysaccounts,cn=etc,dc=example,dc=com
    • Account password: as defined in the LDIF
    • Base DN: cn=accounts,dc=example,dc=com
    • Filter (optional): (memberOf=cn=foreman_users,cn=groups,cn=accounts,dc=example,dc=com)
    • Automatically create accounts in the Foreman: checked
    • LDAP mappings are as the examples given.