On to, 08 helmi 2018, Николай Савельев via FreeIPA-users wrote:
07.02.2018, 22:20, "Rob Crittenden" <[email protected]>:
Николай Савельев via FreeIPA-users wrote:
Hi.
I have freeipa with AD trust.
I want to setup Nextcloud with ipa and ad users.
Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute.
I setup ipsilon (https://ipsilon-project.org/) for SSO and SAML
autentification.
Autentification with login and password works
But i have local domain for ipsilon and nextcloud and kerberos DOM.LAN and
internet domain domain.ru
So, when I go to nextcloud with my kerberos tiket, i get 500 internal error.
Maybe anybody knows how correct this mistake?
Is there an option to use uniqueMember for groups instead in nextcloud?
That should be available in cn=compat.
As for the 500 error there isn't enough information on where that was
thrown. I assume that on that machine there should be additional logging
explaining the failure.
rob
How I can use uniqueMember, if nextcloud says: "The group box was disabled, because
the LDAP / AD server does not support memberOf."?
And I found strange thing - if i use ldapsearch for some user in compat tree,
there appears second user with same uid!
ldapsearch give 2 users!
Also if I open IPA user in web UI, in compat tree appers 2 users whith same uid.
Autentification via ldap (e.g openfire or nextcloud) doesn't work
Its a bug&
https://pagure.io/freeipa/issue/7170 which so far neither Thierry nor me
are able to reproduce ourselves.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
