LDAP configuration using FreeIPA

Jeremy
New Contributor

Anyone ever successfully configured ldap with FreeIPA? I can query users, and groups, but not if users are members of any groups.

5 REPLIES 5

krispayne
Contributor

I've got mine working fine. Let me know and I can show you some queries

Jeremy
New Contributor

I having issues querying the members of groups. I am leveraging just the search base, with the object class limitation set to all, for both users and groups. for User Group Membership Mappings I am leveraging Object Class Limitation of All ObjectClass Values for groupOfNames. Would you mind sharing some examples of how you have your mappings are setup?

krispayne
Contributor

First, what version of the JSS? The User Group Membership Mappings only started working for me as recent as 10.1.1, previous to that there was a PI.

For my mappings:

User Group Membership Mappings:
- User Object
- memberOf
- no append
- Use distinguished is checked
- Use recursive is unchecked

User Group Mappings:
- All ObjectClass Values
- top
- cn=groups,cn-=accounts,dc=server,dc=net
- All Subtrees
- gidNumber
- cn
- objectGUID

User Mappings:
- All ObjectClass Values'
- blank object class(es)
- cn=users,cn=accounts,dc=server,dc=net
- All Subtrees
- uidNumber
- uid
- displayName
- mail
- etc, etc
- user uuid = uid

This also depends on your IPA setup. Ours is super basic.

Jeremy
New Contributor

I am using 10.1.1, I think I may have found my issue. Ours is not set up standard. I appreciate your help, this actually confirmed that I was on the right path. Thank you

krispayne
Contributor

Great. LDAP was a long standing request in my org and we had the basics set up but now I can give permission to the JSS web interface based off group membership, which is handy for certain departments.