Anyone ever successfully configured ldap with FreeIPA? I can query users, and groups, but not if users are members of any groups.
Question
LDAP configuration using FreeIPA
+4+4I having issues querying the members of groups. I am leveraging just the search base, with the object class limitation set to all, for both users and groups. for User Group Membership Mappings I am leveraging Object Class Limitation of All ObjectClass Values for groupOfNames. Would you mind sharing some examples of how you have your mappings are setup?
+8First, what version of the JSS? The User Group Membership Mappings only started working for me as recent as 10.1.1, previous to that there was a PI.
For my mappings:
User Group Membership Mappings:
- User Object
- memberOf
- no append
- Use distinguished is checked
- Use recursive is unchecked
User Group Mappings:
- All ObjectClass Values
- top
- cn=groups,cn-=accounts,dc=server,dc=net
- All Subtrees
- gidNumber
- cn
- objectGUID
User Mappings:
- All ObjectClass Values'
- blank object class(es)
- cn=users,cn=accounts,dc=server,dc=net
- All Subtrees
- uidNumber
- uid
- displayName
- mail
- etc, etc
- user uuid = uid
This also depends on your IPA setup. Ours is super basic.
+4I am using 10.1.1, I think I may have found my issue. Ours is not set up standard. I appreciate your help, this actually confirmed that I was on the right path. Thank you
+8Great. LDAP was a long standing request in my org and we had the basics set up but now I can give permission to the JSS web interface based off group membership, which is handy for certain departments.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.