Hi to all, hope someone can help me on this. I am struggling with my last configuration step.
Summary: I have configured D389 to sync One-Way from Active Directory. Everything is working fine and AD users is correctly synchronized in a specific OU of D389. Then i've configured PAM Pass Through in order to permit AD synced users in D389 to make login without exposing the User Password(Leave it empty, this will be a frontend for a web portal). The result would be: Web Portal login -> D389(AD synced users with no password)-> Pam PassThrough to AD that return back the login result. The only thing that is not working is regarding nsAccount objectClass that it is not present in synced D389 users. For example creating user with dsidm command will add nsAccount objectClass as expected and bind is successful. During my test i've seen that if nsAccount is not present, PAM PT return an error while if present everything is working well. So my question is: How can i set this objectClass during Winsync(in automatic way) in order to "Activate" synced users or am i missing anything? Many thanks for your help. Regards _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
