Closed BornTKill closed 4 days ago
Hello @schorschii
i was wondering if you need more information.
Just wanted to close your other issue first.
Do you only use Linux clients with your freeipa or do you also have Windows and/or macOS machines connected with your freeipa?
Hi,
Computers (33% osx , 33% win, 33% Ubuntu) are not integrated in the freeipa domain. We just use freeipa for LDAP/Radius + keycloak/goauthentik for authentification.
Computers (33% osx , 33% win, 33% Ubuntu) are not integrated in the freeipa domain.
OK, this means you are using local accounts to log on these client computers and you do not login with freeipa accounts? Then, the agent is not able to determine the domain user UUID for the logins. The Self Service portal currently relies on that.
I can imagine to make a configuration option to use the username as identifier instead. This means that the local user account on the machines must match the username in freeipa. Disadvantages of this solution are:
I'll make some more tests for that soon.
Exactly. Should be great to be able to bind ldap uid as login cred.
Sorry for the delay. I added an option for using the username as identifier for the LDAP sync now (see linked commit). Feedback is greatly appreciated.
Dear,
i have configured ldap (freeipa) sync for admin and self portal but I cannot log on self portal with my ldap password. It works on admin portal.
Look like ldap uuid is not matching domain_user. can you help me ?