On 09/22/2016 12:48 PM, Sumit Bose wrote:
Yes, you use an authenticated bind in the ldapsearch (-D
uid=admin,cn=users,cn=accounts,dc=beta) while you anonymously bind with
your ldap.beta configuration.

IPA does not show group member for anonymousy binds, please add

ldap_default_bind_dn = uid=admin,cn=users,cn=accounts,dc=beta
ldap_default_authtok = myspulin

to [domain/ldap.beta] and you should see the members, but please _never_
use the admin account for this in production. As an alternative you can
add the SASL bind related option to your configuration.



Thanks, Sumit, it works now.


Petr^4 Čech
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to