Hi Alexander,

In fact, I have specified one of the rules as a direct username and can log
in to it using that username and password. However, it's just the group
membership that isn't working.

Kind Regards,

Josh Cullum

On Tue, Jan 12, 2016 at 10:09 AM CFMS Support <supp...@cfms.org.uk> wrote:

> Hi Alexander,
>
> Brilliant thanks. I still don't seem to be able to see any users, and
> cannot sign in as a user from one of the groups that I can see.
>
> Do you have any ideas about groups, I'm only picking up 8 static groups
> when Member Attribute is set to memberof (Filter is cn=<GROUPNAME> and DN
> is cn=groups,cn=accounts)
>
> Kind Regards,
>
> Josh Cullum
>
> On Tue, Jan 12, 2016 at 9:55 AM Alexander Bokovoy <aboko...@redhat.com>
> wrote:
>
>> On Tue, 12 Jan 2016, CFMS Support wrote:
>> >Hi All,
>> >
>> >New to the mailing list, fairly new to IPA. We have three IPA servers in
>> a
>> >cluster in a staging environment.
>> >
>> >We're looking to replace AD with IPA as we are mostly Linux based and we
>> >have just bought some new Pulse Secure Appliances to replace our aging
>> >Juniper SA devices.
>> >
>> >With a migration to IPA currently being staged, the PSA devices have been
>> >added to the staging environment so that we can provide them with
>> Directory
>> >access. Unfortunately, we seem to be having some problems with the
>> >configuration of both (Pulse Secure are also working with us) to allow
>> the
>> >directory contents to be searched. The connection between the devices and
>> >the IPA cluster are fine, it's more the LDAP binding that seems to be the
>> >problem.
>> >
>> >The following is the configuration from the pulse secure device:
>> There are some incorrectly set options:
>>
>>  - change to use StartTLS, not unencrypted connection
>>  - finding user entries requires 'uid=<USER>' filter
>>
>>
>> --
>> / Alexander Bokovoy
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to