On pe, 02 helmi 2018, Николай Савельев via FreeIPA-users wrote:
I have Freeipa with AD trust. All works fine.
I want Nextcloud with all users - AD and IPA.
I set up Nextcloud for this article:
But I want restrict users for only one group.
When I open User Filter tab I get message:
Don't use that method as it is only for a single source.

The group box was disabled, because the LDAP / AD server does not support 

I waches ldap tree:
cn=users,cn=account,dc=domain,dc=lan - there are users have memberof attribute, 
there are тщ AD users

cn=users,cn=compat,dc=domain,dc=lan - there are AD users, but there ar users 
don't have memberof attribute.

What's wrong?
compat tree provides entries in a format for RFC2307 compliant clients,
not RFC2307bis, like the primary tree.

Instead of using directly LDAP connector, set your Nextcloud to use SAML
connector and use something like ipsilon (https://ipsilon-project.org/)
or Keycloak (http://www.keycloak.org/) as your IdP connected to FreeIPA.
This would make both IPA and AD users covered by the single SAML
/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to