On 03/22/2013 09:12 AM, Jan-Frode Myklebust wrote: > This works: > > Require ldap-attribute > memberof="cn=cactiaccess,cn=groups,cn=accounts,dc=example,dc=net" > > but only if I also provide a username/password for apache > to bind as. Doesn't work with unauthenticated binds. > > > -jf Because anonymous binds are rightly turned off by default, you can turn them on on the server but this is a security risk as well as storing passwords in the file. You need to assess what is the least of two evils for your environment. The best would have been for apache to support GSSAPI for that matter but based on the link you sent this is not the case. IMO you should file and RFE for them to support GSSAPI bind and not only bind with the password.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
