HI! I used to run FreeIPA 3.0 on CentOS 6 but recently upgraded this setup to FreeIPA 4.2 on CentOS 7.2. And I got 2 my applications failing, because they were accessing LDAP fields krb* (one by itself, another through mod_lookup_identity). For the one which makes LDAP requests by its own I created an account and LDAP happily gives an access to krb* fields once that app makes simple bind
But with the one which relies on mod_lookup_identity I'm having troubles. Even though SSSD is being authenticated through GSSAPI, LDAP does not give an access to krb* fields. I tried to create a separate service record for SSSD - no change. And I couldn't make SSSD do simple bind instead of using GSSAPI. I tried to setup FreeIPA so that by default it gives an access to krb* fields, but web interface rejected that change Could you please help me with this issue? How can I control this behavior properly, not with ugly hacks? Thanks! -- Konstantin Khankin
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
