On ke, 10 loka 2018, Perry Smith via FreeIPA-users wrote:
I now have two FreeIPA servers set up as tests. I’m doing cloud stuff so its
easy to do. One has no DNS and the other has DNS with auto forwarders.
In both cases, its a DNS issue because it is looking for a SRV record
for LDAP over TCP. In the no DNS case, it never gets a reply. In the instance
with DNS, named is dying. I just discovered this late in the day. So, I’ll
need to
find out why named is dying.
I have Ubuntu issues. I have this issue:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447
<https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772447>
which I kludged around but then I thought I would get the “staging” update but
something isn’t working with the "add-apt-repository ppa:freeipa/staging”
(which I also discovered late in the day).
Two questions for this group:
1) Is there a way to get it to not look for the SRV record in the first place?
2) On a completely different topic, how do I install the “memberof” plug-in?
At least, I think that’s what I need / want. I need to do LDAP filter for
members
of a group and currently my LDAP records do not have memberof but instead have
memberUid (and that is only in compat and not in accounts)
I hope its ok to mix two questions into one email.
It would be if you'd provide more details to allow helping you. How are
you inferring that there is no 'memberof' plugin enabled? FreeIPA does
not allow to retrieve membership information for non-authenticated
connections from the primary subtree (cn=accounts,$SUFFIX). If you are
checking without authentication, that's your problem.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
