07.02.2018, 22:20, "Rob Crittenden" <rcrit...@redhat.com>: > Николай Савельев via FreeIPA-users wrote: >> Hi. >> I have freeipa with AD trust. >> I want to setup Nextcloud with ipa and ad users. >> Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute. >> I setup ipsilon (https://ipsilon-project.org/) for SSO and SAML >> autentification. >> Autentification with login and password works >> But i have local domain for ipsilon and nextcloud and kerberos DOM.LAN and >> internet domain domain.ru >> So, when I go to nextcloud with my kerberos tiket, i get 500 internal error. >> >> Maybe anybody knows how correct this mistake? > > Is there an option to use uniqueMember for groups instead in nextcloud? > That should be available in cn=compat. > > As for the 500 error there isn't enough information on where that was > thrown. I assume that on that machine there should be additional logging > explaining the failure. > > rob
How I can use uniqueMember, if nextcloud says: "The group box was disabled, because the LDAP / AD server does not support memberOf."? And I found strange thing - if i use ldapsearch for some user in compat tree, there appears second user with same uid! ldapsearch give 2 users! Also if I open IPA user in web UI, in compat tree appers 2 users whith same uid. Autentification via ldap (e.g openfire or nextcloud) doesn't work Its a bug& -- С уважением, Николай. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org