Thanks it worked! For those also intersted in the settings; Permission: ldap_anonymous Bind Type Rule: anonymous Granted Rights: (I used) "read","search","compare" Subtree: cn=users,cn=accounts,dc=example,dc=com Extra target filter: (&(objectclass=Person)(|(uid=*)(givenName=*))) Target DN: uid=*,cn=users,cn=accounts,dc=example,dc=com Effective Attributes: gecos, mail, mobile, telephoneNumber, uidNumber
cheers, Craig On Wed, Oct 28, 2015 at 11:18:29AM +0530, Prashant Bapat wrote: > Refer this doc > > [1]https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls > On 28 October 2015 at 11:11, Prashant Bapat <[2]prash...@apigee.com> > wrote: > > Making attributes anonymously readable is very simple. You need to look > into RBAC and define the permissions/privileges you need. > On 28 October 2015 at 08:02, <[3]craig.li...@mypenguin.net.au> wrote: > > Hi, > > We have recently updated from IPA 3 to IPA 4.1 and one of the changes > in > security is what attributes are available for the anonymous LDAP > queries. > > Does anyone know how to edit the anonymous LDAP settings so > that the following are available? > > mail: [4]cr...@example.com > postalCode: 3000 > street: 1 Home Parade > mobile: 0000-000-000 > telephoneNumber: 03-0000-0000 > > Note: We have many different types of LDAP clients here and even > though > using encrypted BIND's did work from ldapsearch queries, I couldn't > get > them to consistently work from our email clients. > > Regards, > > Craig > -- > Manage your subscription for the Freeipa-users mailing list: > [5]https://www.redhat.com/mailman/listinfo/freeipa-users > Go to [6]http://freeipa.org for more info on the project > > References > > Visible links > 1. > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls > 2. mailto:prash...@apigee.com > 3. mailto:craig.li...@mypenguin.net.au > 4. mailto:cr...@example.com > 5. https://www.redhat.com/mailman/listinfo/freeipa-users > 6. http://freeipa.org/ -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project