Posted on 03-01-2018 06:34 PM
Anyone ever successfully configured ldap with FreeIPA? I can query users, and groups, but not if users are members of any groups.
Posted on 03-02-2018 07:32 AM
I've got mine working fine. Let me know and I can show you some queries
Posted on 03-02-2018 10:14 AM
I having issues querying the members of groups. I am leveraging just the search base, with the object class limitation set to all, for both users and groups. for User Group Membership Mappings I am leveraging Object Class Limitation of All ObjectClass Values for groupOfNames. Would you mind sharing some examples of how you have your mappings are setup?
Posted on 03-02-2018 10:57 AM
First, what version of the JSS? The User Group Membership Mappings only started working for me as recent as 10.1.1, previous to that there was a PI.
For my mappings:
User Group Membership Mappings:
- User Object
- memberOf
- no append
- Use distinguished is checked
- Use recursive is unchecked
User Group Mappings:
- All ObjectClass Values
- top
- cn=groups,cn-=accounts,dc=server,dc=net
- All Subtrees
- gidNumber
- cn
- objectGUID
User Mappings:
- All ObjectClass Values'
- blank object class(es)
- cn=users,cn=accounts,dc=server,dc=net
- All Subtrees
- uidNumber
- uid
- displayName
- mail
- etc, etc
- user uuid = uid
This also depends on your IPA setup. Ours is super basic.
Posted on 03-02-2018 01:11 PM
I am using 10.1.1, I think I may have found my issue. Ours is not set up standard. I appreciate your help, this actually confirmed that I was on the right path. Thank you
Posted on 03-02-2018 02:42 PM
Great. LDAP was a long standing request in my org and we had the basics set up but now I can give permission to the JSS web interface based off group membership, which is handy for certain departments.
Posted on 09-25-2023 10:47 AM
Krispayne,
Has this continued to work for you through Ventura?