08.02.2018, 13:29, "Alexander Bokovoy" <[email protected]>: > On to, 08 helmi 2018, Николай Савельев via FreeIPA-users wrote: >> 07.02.2018, 22:20, "Rob Crittenden" <[email protected]>: >>> Николай Савельев via FreeIPA-users wrote: >>>> Hi. >>>> I have freeipa with AD trust. >>>> I want to setup Nextcloud with ipa and ad users. >>>> Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute. >>>> I setup ipsilon (https://ipsilon-project.org/) for SSO and SAML >>>> autentification. >>>> Autentification with login and password works >>>> But i have local domain for ipsilon and nextcloud and kerberos DOM.LAN >>>> and internet domain domain.ru >>>> So, when I go to nextcloud with my kerberos tiket, i get 500 internal >>>> error. >>>> >>>> Maybe anybody knows how correct this mistake? >>> >>> Is there an option to use uniqueMember for groups instead in nextcloud? >>> That should be available in cn=compat. >>> >>> As for the 500 error there isn't enough information on where that was >>> thrown. I assume that on that machine there should be additional logging >>> explaining the failure. >>> >>> rob >> >> How I can use uniqueMember, if nextcloud says: "The group box was disabled, >> because the LDAP / AD server does not support memberOf."? >> >> And I found strange thing - if i use ldapsearch for some user in compat >> tree, there appears second user with same uid! >> ldapsearch give 2 users! >> Also if I open IPA user in web UI, in compat tree appers 2 users whith same >> uid. >> Autentification via ldap (e.g openfire or nextcloud) doesn't work >> Its a bug& > > https://pagure.io/freeipa/issue/7170 which so far neither Thierry nor me > are able to reproduce ourselves. > > -- > / Alexander Bokovoy
https://pagure.io/freeipa/issue/7170#comment-492865 I wrote the way how you can reproduce it. -- С уважением, Николай. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
