Enabling FreeIPA Authentication

Beginning with version 2.10, Orchid Fusion VMS allows FreeIPA authentication. By performing some configuration work on the front end, your Orchid Fusion VMS users will be able to sign in with their existing FreeIPA credentials.

*If you are using Orchid Hybrid VMS, remember that it is a managed system. IPConfigure Support staff will need to configure the system to use FreeIPA authentication.

Prerequisites

To configure Orchid Fusion VMS to work with FreeIPA, you will need to have an FreeIPA server that:

• Is reachable from your Orchid Fusion VMS server.
• Contains at least one FreeIPA user who is a member of at least one FreeIPA group.

Modifying the Configuration File

There are a couple of properties in the Orchid Fusion VMS configuration file that will need to be modified in order for FreeIPA authentication to work.

*For extra help with the steps below, please refer back to the Installation section that corresponds to the operating system in which you are working.

1. Set the following properties in the Orchid Fusion VMS configuration file:

• authentication.freeipa.servers= <domain1>|<domainServerAddress1>,<domain2>|<domainServerAddress2>
  • Replace <domain1> with the domain on which your first FreeIPA server exists. Replace <domainServerAddress1> with the address of your first FreeIPA server.
• authentication.freeipa.domain.userdn= cn=<domain>-users,cn=<domain>-accounts
  • Replace domain with one of the configured FreeIPA servers. Replace <domain> with the name of the alternate user container.

*<domainServerAddress> may be a DNS name or IP address and may be prefixed with either ldap:// or ldaps:// to specify the protocol.

2. After modifications to the configuration file are complete, restart the Orchid Fusion VMS service, then sign in to Orchid Fusion VMS.

Refer to the Add a Permission Group for FreeIPA section of the Orchid Fusion VMS Administrator Guide for instructions on setting FreeIPA Permission Groups.