Hi,
I've done some SAML SSO integrations and work regularly with FreeIPA.
SSO is usually handled via a protocol like SAML, OpenID or Shibboleth,
FreeIPA only serves as LDAP Identity database in these architectures.
Our deployments used a "proxy" to handle these authentications and link
them with
Hi everyone,
Thanks to Ludwig's indications, I've been able to get the behaviour I
expected, using the filter with this ACI:
(targetattr = "*")
(target = "ldap:///cn=proxy,ou=Servers,dc=domain,dc=tld;)
(version 3.0;
acl "Allow only groups members to query this object";
allow (all)
(groupdn =
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4
I'll try using ACI with the filter as you suggested and take a look at
the logs, maybe I'll be luckier.
Thanks for your help!
Cheers,
Nicolas
2021-02-03 19:07 UTC+01:00, Ludwig Krispenz :
>
> On 03.02.21 16:23, N R wrote:
Hi everyone,
I'm not an English native speaker, so please forgive me if there's
mistakes in this e-mail.
OS : Fedora 30
389ds version / build number : 1.4.1.14 / 2020.023.2226
I'm struggling with ACI and despite hours of documentation reading, I
don't understand how to make it work as I want.
ot;annuaire.telerys.infra"
to both "cn=config" parameters mentioned by Mark :
nsslapd-listenhost: annuaire.telerys.infra
nsslapd-securelistenhost: annuaire.telerys.infra
Beswt regards,
Nick Rand
2020-02-28 2:53 UTC+01:00, William Brown :
>
>
>> On 28 Feb 2020, at 01:54, N R
I've been able to find what was wrong in my configuration, I had a
typo in the /etc/hosts file.
^_^'
Thank you a lot for your time and your precious advices.
Best regards,
Nick Rand
2020-02-27 16:25 UTC+01:00, Mark Reynolds :
>
> On 2/27/20 10:13 AM, N R wrote:
>> Hi Mark,
>>
285/ns-slapd
Why is the service always listening for IPV6 on port 636 whatever the
parameter is set to?
Best regards,
Nick rand
2020-02-27 14:10 UTC+01:00, Mark Reynolds :
>
> On 2/27/20 8:03 AM, Mark Reynolds wrote:
>>
>> On 2/27/20 5:30 AM, N R wrote:
>>> H
Hello all,
It's my first message on this list thanks in advance for your answers.
I've configured a 389ds instance with ipv6 address and it's working
great with it.
I need for this instance to be reachable via ipv4 also but despite
hours of research on the web and the archive of the list, I