> this is normal (and desirable), the user is added in both users/accounts tree
> and the
> compat tree.
If it is normal, it would be nice if the documentation reflected this.
> I have had issues with nested groups when I fail to use the compat tree in my
> LDAP
> integrations.
>
I have
> Simon Matthews via FreeIPA-users wrote:
>
> Your URL needs to be more specific to find users, like
> cn=users,cn=accounts,dc=...
>
> Or alternatively you could add an objectclass filter, but searching the
> entire tree for users is more work than necessary.
>
> IPA maintains a separate,
this is normal (and desirable), the user is added in both users/accounts tree
and the compat tree.
I have had issues with nested groups when I fail to use the compat tree in my
LDAP integrations.
- grant
___
FreeIPA-users mailing list --
Simon Matthews via FreeIPA-users wrote:
> I seem to get two entries every time I create new user. This is causing the
> webserver authentication to fail with the message about "User is not unique":
>
> [Tue Jan 11 20:42:16.645046 2022] [authnz_ldap:debug] [pid 21005]
> mod_authnz_ldap.c(505):
> Simon Matthews via FreeIPA-users wrote:
>
> Remove the leading spaces on all the lines. A leading space is a
> continuation marker in LDIF so the contents are being treated as a
> single line.
>
> rob
Thank you. That worked!
___
FreeIPA-users
Simon Matthews via FreeIPA-users wrote:
>> Simon Matthews via FreeIPA-users wrote:
>>
>> I'm lost. What users did you delete? A basic IPA installation contains
>> only one user: admin. And that is a required account.
>>
>> The process you're following is to create a bind account in IPA. This is
>>
> Simon Matthews via FreeIPA-users wrote:
>
> I'm lost. What users did you delete? A basic IPA installation contains
> only one user: admin. And that is a required account.
>
> The process you're following is to create a bind account in IPA. This is
> done by tweaking the ldif on the wiki page
Simon Matthews via FreeIPA-users wrote:
> I should also mention that I ran a script to delete most of the users. If
> this (httpbind) is a user that is automatically configured when I set up my
> ip installation, that might explain this.
I'm lost. What users did you delete? A basic IPA
I should also mention that I ran a script to delete most of the users. If this
(httpbind) is a user that is automatically configured when I set up my ip
installation, that might explain this.
___
FreeIPA-users mailing list --
> Simon Matthews via FreeIPA-users wrote:
>
> Hard to say without seeing the actual ldif you are loading but you'll
> need to carefully check the dn to ensure it matches your configuration.
>
> rob
How do I check that?
___
FreeIPA-users mailing list
Simon Matthews via FreeIPA-users wrote:
> I am trying to follow the instructions on this page:
> https://www.freeipa.org/page/Apache_Group_Based_Authorization
>
> Because I want to only grant access to the web resources and not logins and
> because the load can often be heavy, I am trying use
11 matches
Mail list logo