> -----Original Message----- > From: Stephen Ingram <[email protected]> > To: Jonathan J. Ramirez C. <[email protected]> > Subject: Re: OC and FreeIPA > Date: Wed, 16 Jul 2014 15:16:35 -0700 > > Jonathan- > > Please see my comments inline below: > > On Wed, Jul 16, 2014 at 2:25 PM, Jonathan J. Ramirez C. > <[email protected]> wrote: > > > Here's what I've got: > > ### SERVER ### > Host: atlas.mydomain.com > Port: 389 > User DN: uid=system,cn=sysaccounts,cn=etc,dc=mydomain,dc=com > Password: myconnectionpassword > Base DN: cn=users,cn=accounts,dc=mydomain,dc=com > > > > > This part looks good. > > > ### USER FILTER ### > only those object classes: Blank > only from those groups: grayed > raw filter result: (objectclass=*) > 234 users found > > > > > So you are not filtering on user, but group below. > > > ### LOGIN FILTER ### > LDAP Username: checked > LDAP Email Address: unchecked > Other Attributes: Blank > raw filter result: (&(objectclass=*)(cn=%uid)) > > > > > This should be raw filter result: (&(objectclass=*)(uid=%uid)) <- this > is why I think you can't login!!! > > ### GROUP FILTER ### > only those object classes: Blank > only from those groups: ocloud > raw filter result: (|(cn=ocloud)) > 2 groups found > > > > > Shouldn't you just use the "only from those groups" or the "raw filter > result"? Also, do you need the "|" if there is nothing to "or" > against? > > > ### ADVANCED ### > # Connection Settings > Case insensitve LDAP server (Windows): Unchecked > # Directory Settings > User Display Name Field: displayname > Base User Tree: dc=mydomain,dc=com > > > > > Here I used for the Base User Tree: > cn=users,cn=accounts,dc=mydomain,dc=com to narrow the search and make > it faster. > > Group Display Name Field: cn > Base Group Tree: dc=mydomain,dc=com > > > > > And here for the Base Group Tree: > cn=groups,cn=accounts,dc=mydomain,dc=com to narrow the search and make > it faster. > > Group-Member association: uniqueMember > > > > > Here I used member (AD) to get the group-member association to work > properly. That's the closest scheme to what IPA uses. > > > # Special Attributes > User Home Folder Naming Rule: cn > > ### EXPERT ### > Blank > > I see the accounts in Users with Username in UUID but doesn't > let me login with any user account. > > > > > Hope that helps. > > Steve Thank you very much Steve, I made the changes you suggested above and now it's working beautifully. Kind regards. JonRam.
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
