On 03/22/2013 10:20 AM, Jan-Frode Myklebust wrote:
> On Fri, Mar 22, 2013 at 09:59:14AM -0400, Dmitri Pal wrote:
>> Because anonymous binds are rightly turned off by default,
> They are? I don't think I've ever explicitly turned on anonymous binds,
> and my directories are open to anonymous searches. The confusing thing is
> that not all attributes are available when doing anonymous binds. Are
> there any way to configure how open we want the directory to be?
I thought you are using IPA or DS and in the latest versions we turned
>> The best would have been for apache to support GSSAPI for that matter
>> but based on the link you sent this is not the case.
>> IMO you should file and RFE for them to support GSSAPI bind and not only
>> bind with the password.
> Newer apache supports nested groups, and all the needed attributes for
> that seems to be available trough anonymous binds.. so no GSSAPI is
> needed (for us) there.
> IMHO it's seems inconsistent that memberOf attribute is hidden for anonymous
> searches on the user, but "member" attribute on groups is not. Same
> information, different places in the tree.
Sounds like it does not understand 2307bis schema and assumes only 2307
which is very limiting in group membership aspect.
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list