07.02.2018, 22:20, "Rob Crittenden" <rcritten(a)redhat.com>:
Николай Савельев via FreeIPA-users wrote:
> Hi.
> I have freeipa with AD trust.
> I want to setup Nextcloud with ipa and ad users.
> Ldap in cn=compat,dc=dom,dc=lan doesnt have memberOf atribute.
> I setup ipsilon (
https://ipsilon-project.org/) for SSO and SAML autentification.
> Autentification with login and password works
> But i have local domain for ipsilon and nextcloud and kerberos DOM.LAN and internet
domain domain.ru
> So, when I go to nextcloud with my kerberos tiket, i get 500 internal error.
>
> Maybe anybody knows how correct this mistake?
Is there an option to use uniqueMember for groups instead in nextcloud?
That should be available in cn=compat.
As for the 500 error there isn't enough information on where that was
thrown. I assume that on that machine there should be additional logging
explaining the failure.
rob
How I can use uniqueMember, if nextcloud says: "The group box was disabled, because
the LDAP / AD server does not support memberOf."?
And I found strange thing - if i use ldapsearch for some user in compat tree, there
appears second user with same uid!
ldapsearch give 2 users!
Also if I open IPA user in web UI, in compat tree appers 2 users whith same uid.
Autentification via ldap (e.g openfire or nextcloud) doesn't work
Its a bug&
--
С уважением, Николай.