<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 01/28/2014 03:33 PM, Guillermo Fuentes wrote: <blockquote cite="mid:CAMAAbqUXM3_dTRZW_H_wSX9D5=usK_JqWZs+nyZUbS4rwmzCzw@mail.gmail.com" type="cite"> <div dir="ltr"> Hello, We are deploying FreeIPA (which it’s a great project BTW) as our Identity Management System. As we don’t want any info from the directory to be publically available, we tried disabling anonymous binds but it breaks UI logins on Macs (10.8.5 and 10.9.1) FreeIPA logs show that OS X retrieves attributes using anonymous bind and when it’s disabled it logs: … authzid="(null)", anonymous search not allowed Has anyone been able to get this setup working properly? </div> </blockquote> You need to look on the Mac side. It seems that in the configuration you used Mac tries to do a lookup after anonymous bind. It might be that you need to configure a special account on Mac to be able to work around this issue. <blockquote cite="mid:CAMAAbqUXM3_dTRZW_H_wSX9D5=usK_JqWZs+nyZUbS4rwmzCzw@mail.gmail.com" type="cite"> <div dir="ltr"> Thanks in advance, Guillermo </div> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>