Urbackup service principal in a freeipa domain?

linforpros · June 22, 2018, 10:05am

Hi,
I wonder if urbackup-server could be integrated into freeipa as a webapps service?
The benefit could be that linux clients could be given permission to get backup-ed. The permissions could be centrally administered from the freeipa server. Also if freeipa is configured as trust with Active Directory some windows clients could also be given permissions to get backup-ed.
So when a win/linux clients were given machine accounts and joined to freeipa they could communicate with urbackup-server registered as a service in a freeipa domain.

Also urbackup user names and their paswords could go through freeipa server with sssd and offline caching.

Has this been discussed here before and does it solve any problems in real life.

Thanks
Lin

References:

orogor · June 22, 2018, 2:58pm

Hi

Did you tried the ldap integration in recent versions?

linforpros · June 22, 2018, 3:14pm

I did not. Do you think it can be tweaked to connect to freeipa as it is basically DS386 Ldap based plus kerberos and others.

Lin

orogor · June 22, 2018, 9:37pm

Gotta try, the settings looks flexible enough so it could works.
Typical issue between ldap/ad is groups not represented the same (users in group objects, or groups in user objects) I dont know about kerberised ldap, but often clients have problems with ldaps/ldap over tls.