On pe, 02 helmi 2018, Николай Савельев via FreeIPA-users wrote:
I have Freeipa with AD trust. All works fine.
I want Nextcloud with all users - AD and IPA.
I set up Nextcloud for this article:
But I want restrict users for only one group.
When I open User Filter tab I get message:
Don't use that method as it is only for a single source.
The group box was disabled, because the LDAP / AD server does not support
I waches ldap tree:
cn=users,cn=account,dc=domain,dc=lan - there are users have memberof attribute,
there are тщ AD users
cn=users,cn=compat,dc=domain,dc=lan - there are AD users, but there ar users
don't have memberof attribute.
compat tree provides entries in a format for RFC2307 compliant clients,
not RFC2307bis, like the primary tree.
Instead of using directly LDAP connector, set your Nextcloud to use SAML
connector and use something like ipsilon (https://ipsilon-project.org/)
or Keycloak (http://www.keycloak.org/) as your IdP connected to FreeIPA.
This would make both IPA and AD users covered by the single SAML
/ Alexander Bokovoy
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org