BornTKill
commented
1 month ago Hello @schorschii
i was wondering if you need more information.
Closed BornTKill closed 4 days ago
BornTKill
commented
1 month ago Hello @schorschii
i was wondering if you need more information.
schorschii
commented
1 month ago Just wanted to close your other issue first.
Do you only use Linux clients with your freeipa or do you also have Windows and/or macOS machines connected with your freeipa?
BornTKill
commented
1 month ago Hi,
Computers (33% osx , 33% win, 33% Ubuntu) are not integrated in the freeipa domain. We just use freeipa for LDAP/Radius + keycloak/goauthentik for authentification.
schorschii
commented
1 month ago Computers (33% osx , 33% win, 33% Ubuntu) are not integrated in the freeipa domain.
OK, this means you are using local accounts to log on these client computers and you do not login with freeipa accounts? Then, the agent is not able to determine the domain user UUID for the logins. The Self Service portal currently relies on that.
I can imagine to make a configuration option to use the username as identifier instead. This means that the local user account on the machines must match the username in freeipa. Disadvantages of this solution are:
I'll make some more tests for that soon.
BornTKill
commented
1 month ago Exactly. Should be great to be able to bind ldap uid as login cred.
schorschii
commented
4 days ago Sorry for the delay. I added an option for using the username as identifier for the LDAP sync now (see linked commit). Feedback is greatly appreciated.
Dear,
i have configured ldap (freeipa) sync for admin and self portal but I cannot log on self portal with my ldap password. It works on admin portal.
Look like ldap uuid is not matching domain_user. can you help me ?