[Freeipa-users] anonymous LDAP attributes with IPA ipa-server-4.1

craig.linux at mypenguin.net.au craig.linux at mypenguin.net.au
Wed Oct 28 23:06:15 UTC 2015 

Thanks it worked!
For those also intersted in the settings; 

Permission: ldap_anonymous
Bind Type Rule: anonymous
Granted Rights: (I used) "read","search","compare"
Subtree: cn=users,cn=accounts,dc=example,dc=com
Extra target filter: (&(objectclass=Person)(|(uid=*)(givenName=*)))
Target DN: uid=*,cn=users,cn=accounts,dc=example,dc=com
Effective Attributes: 
gecos, mail, mobile, telephoneNumber, uidNumber

cheers,

Craig




On Wed, Oct 28, 2015 at 11:18:29AM +0530, Prashant Bapat wrote:
>    ​Refer this doc
>    [1]https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls​
>    On 28 October 2015 at 11:11, Prashant Bapat <[2]prashant at apigee.com>
>    wrote:
> 
>      Making attributes anonymously readable is very simple. You need to look
>      into RBAC and define the permissions/privileges you need. 
>      On 28 October 2015 at 08:02, <[3]craig.linux at mypenguin.net.au> wrote:
> 
>        Hi,
> 
>        We have recently updated from IPA 3 to IPA 4.1 and one of the changes
>        in
>        security is what attributes are available for the anonymous LDAP
>        queries.
> 
>        Does anyone know how to edit the anonymous LDAP settings so
>        that the following are available?
> 
>        mail: [4]craig at example.com
>        postalCode: 3000
>        street: 1 Home Parade
>        mobile: 0000-000-000
>        telephoneNumber: 03-0000-0000
> 
>        Note: We have many different types of LDAP clients here and even
>        though
>        using encrypted BIND's did work from ldapsearch queries, I couldn't
>        get
>        them to consistently work from our email clients.
> 
>        Regards,
> 
>        Craig
>        --
>        Manage your subscription for the Freeipa-users mailing list:
>        [5]https://www.redhat.com/mailman/listinfo/freeipa-users
>        Go to [6]http://freeipa.org for more info on the project
> 
> References
> 
>    Visible links
>    1. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls
>    2. mailto:prashant at apigee.com
>    3. mailto:craig.linux at mypenguin.net.au
>    4. mailto:craig at example.com
>    5. https://www.redhat.com/mailman/listinfo/freeipa-users
>    6. http://freeipa.org/

More information about the Freeipa-users mailing list