Project

General

Profile

Configure FreeIPA for Authentication (Slightly outdated, see foreman manual for up to date into)

In order to login to the Foreman using FreeIPA credentials, you need to create a bind account for Foreman to use:

  1. On the FreeIPA server, create a foreman.ldif file, replacing dc=example,dc=com with your DN, and providing an appropriately secure password:
    dn: uid=foreman,cn=sysaccounts,cn=etc,dc=example,dc=com
    changetype: add
    objectclass: account
    objectclass: simplesecurityobject
    uid: foreman
    userPassword: secure password
    passwordExpirationTime: 20380119031407Z
    nsIdleTimeout: 0
    
  2. Import the LDIF (change localhost to an IPA server if needed), you’ll be prompted for your Directory Manager password:
    # ldapmodify -h localhost -p 389 -x -D \
    "cn=Directory Manager" -W -f foreman.ldif
    
  3. Add an IPA group for foreman_users (optional):
    # ipa group-add --desc="Foreman Users" foreman_users
    
  4. Now login to the Foreman as an Admin, click on “LDAP Authentication” under More/Users. Then click New LDAP Source and fill in the details, changing dn’s where appropriate to your own domain:
    • Server: astriaporta.example.com
    • Port: 636
    • TLS: checked
    • Account username: uid=foreman,cn=sysaccounts,cn=etc,dc=example,dc=com
    • Account password: as defined in the LDIF
    • Base DN: cn=accounts,dc=example,dc=com
    • Filter (optional): (memberOf=cn=foreman_users,cn=groups,cn=accounts,dc=example,dc=com)
    • Automatically create accounts in the Foreman: checked
    • LDAP mappings are as the examples given.