[Freeipa-users] FreeIPA 4.2 on CentOS 7.2 restricts an access to krb* attributes
Konstantin M. Khankin
khankin.konstantin at gmail.com
Tue Jun 7 13:21:04 UTC 2016
HI!
I used to run FreeIPA 3.0 on CentOS 6 but recently upgraded this setup to
FreeIPA 4.2 on CentOS 7.2. And I got 2 my applications failing, because
they were accessing LDAP fields krb* (one by itself, another through
mod_lookup_identity). For the one which makes LDAP requests by its own I
created an account and LDAP happily gives an access to krb* fields once
that app makes simple bind
But with the one which relies on mod_lookup_identity I'm having troubles.
Even though SSSD is being authenticated through GSSAPI, LDAP does not give
an access to krb* fields. I tried to create a separate service record for
SSSD - no change. And I couldn't make SSSD do simple bind instead of using
GSSAPI. I tried to setup FreeIPA so that by default it gives an access to
krb* fields, but web interface rejected that change
Could you please help me with this issue? How can I control this behavior
properly, not with ugly hacks?
Thanks!
--
Konstantin Khankin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160607/e2625813/attachment.htm>
More information about the Freeipa-users
mailing list