Red Hat IPA Authentication and Authorization
Red Hat IPA is an authentication system based around both LDAP and Kerberos. This document walks through the process of entering an LDAP user.
In case of a secure connection (SSL) to Red Hat IPA, the certificate of the Red Hat IPA server must be copied to into the Datameer JVM. To do this, follow the procedure described in: Configuring Secure LDAP (LDAPS)
The configuration form of this is:
uid=<user to query IPA>,cn=users,cn=accounts,dc=<IPA domain part1>,dc=<IPA domain part2>, dc=<IPA domain part3>, dc=<IPA domain part4>
If the domain has four parts, each part needs a separate dc entry. This is configuration dependent. This also applies for the user search base and the group search base in the document.
To configure Kerberos, the only requirement is to have a keytab for the Datameer service user as well as the cluster's and Datameer's principals. These tasks are performed by the Red Hat IPA administrators. The command to generate a keytab with Red Hat IPA is the following:
/sbin/ipa-getkeytab -P -p <KERBEROS REALM> -k datameer.keytab
The rest of the Kerberos install follows the normal installation procedure.