I used to run FreeIPA 3.0 on CentOS 6 but recently upgraded this setup to
FreeIPA 4.2 on CentOS 7.2. And I got 2 my applications failing, because
they were accessing LDAP fields krb* (one by itself, another through
mod_lookup_identity). For the one which makes LDAP requests by its own I
created an account and LDAP happily gives an access to krb* fields once
that app makes simple bind

But with the one which relies on mod_lookup_identity I'm having troubles.
Even though SSSD is being authenticated through GSSAPI, LDAP does not give
an access to krb* fields. I tried to create a separate service record for
SSSD - no change. And I couldn't make SSSD do simple bind instead of using
GSSAPI. I tried to setup FreeIPA so that by default it gives an access to
krb* fields, but web interface rejected that change

Could you please help me with this issue? How can I control this behavior
properly, not with ugly hacks?


Konstantin Khankin
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to