[Freeipa-users] anonymous LDAP attributes with IPA ipa-server-4.1
craig.linux at mypenguin.net.au
craig.linux at mypenguin.net.au
Wed Oct 28 23:06:15 UTC 2015
Thanks it worked!
For those also intersted in the settings;
Permission: ldap_anonymous
Bind Type Rule: anonymous
Granted Rights: (I used) "read","search","compare"
Subtree: cn=users,cn=accounts,dc=example,dc=com
Extra target filter: (&(objectclass=Person)(|(uid=*)(givenName=*)))
Target DN: uid=*,cn=users,cn=accounts,dc=example,dc=com
Effective Attributes:
gecos, mail, mobile, telephoneNumber, uidNumber
cheers,
Craig
On Wed, Oct 28, 2015 at 11:18:29AM +0530, Prashant Bapat wrote:
> Refer this doc
> [1]https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls
> On 28 October 2015 at 11:11, Prashant Bapat <[2]prashant at apigee.com>
> wrote:
>
> Making attributes anonymously readable is very simple. You need to look
> into RBAC and define the permissions/privileges you need.
> On 28 October 2015 at 08:02, <[3]craig.linux at mypenguin.net.au> wrote:
>
> Hi,
>
> We have recently updated from IPA 3 to IPA 4.1 and one of the changes
> in
> security is what attributes are available for the anonymous LDAP
> queries.
>
> Does anyone know how to edit the anonymous LDAP settings so
> that the following are available?
>
> mail: [4]craig at example.com
> postalCode: 3000
> street: 1 Home Parade
> mobile: 0000-000-000
> telephoneNumber: 03-0000-0000
>
> Note: We have many different types of LDAP clients here and even
> though
> using encrypted BIND's did work from ldapsearch queries, I couldn't
> get
> them to consistently work from our email clients.
>
> Regards,
>
> Craig
> --
> Manage your subscription for the Freeipa-users mailing list:
> [5]https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to [6]http://freeipa.org for more info on the project
>
> References
>
> Visible links
> 1. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls
> 2. mailto:prashant at apigee.com
> 3. mailto:craig.linux at mypenguin.net.au
> 4. mailto:craig at example.com
> 5. https://www.redhat.com/mailman/listinfo/freeipa-users
> 6. http://freeipa.org/
More information about the Freeipa-users
mailing list