Hmm. My setup had the employeenumber not checked in the permissions for that role.
It's working now.
On April 20, 2022 11:24:53 AM EDT, Rob Crittenden <rcritten(a)redhat.com> wrote:
Jim Kinney via FreeIPA-users wrote:
> I need to compare a number stored on CAC with the one in
employeenumber
> in IdM. I have a non-admin bind user for this and other generic LDAP
> data access for 3rd party needs. But only the Directory Manager can
pull
> that field.
>
> Is there a permission setting to allow a system account to access
that
> field? The account was created using the method from redhat solutions
> 4408441.
Any authenticated user can read it per the permission "System: Read
User
Addressbook Attributes".
There is definitely not something specific to the DM. A kinit should
allow it as well:
ldapsearch -LLLQ -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test
employeenumber
A bind user works for me.
rob
--
Computers amplify human error
Super computers are really cool