Anto Nello via FreeIPA-users wrote:
> Hi Rob
>
> Thanks, i suspected this.
>
> So i need to bind to LDAP service, i tried with a user name but it asks me
> for password and fails.
> any hints for a valid bind DN string ?
>
> Thanks in advance
>
> Anto
>
You need to use a full DN. Something like:
uid=deranged69,cn=users,cn=accounts,dc=example,dc=test
Or you can allow the mail attribute to be read without authentication.
By default IPA tries to severely restrict what can be read anonymously
for security reasons. With mail for example, someone could harvest every
e-mail address in your organization. Probably not ideal.
But if you determine this is ok you can extend an existing permission by
adding the mail attribute like:
ipa permission-mod
--attrs={cn,createtimestamp,description,displayname,entryusn,gecos,gidnumber,givenname,homedirectory,initials,ipantsecurityidentifier,loginshell,manager,modifytimestamp,objectclass,sn,title,uid,uidnumber,mail}
'System: Read User Standard Attributes'
Then you wouldn't need to bind in Thunderbird.
You'd have to balance security vs convenience here. The Thunderbird
setup is a one-time thing that is pretty easily documented using screen
shots.
rob
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
