Re: Help - Missing nsAccount objectClass for WinSync users from AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On 1 Dec 2021, at 18:51, Caderize Caderize <caderize@xxxxxxxxx> wrote:
> 
> Hi to all,
> hope someone can help me on this.
> I am struggling with my last configuration step.
> 
> Summary:
> I have configured D389 to sync One-Way from Active Directory.
> Everything is working fine and AD users is correctly synchronized in a specific OU of D389.
> Then i've configured PAM Pass Through in order to permit AD synced users in D389 to make login without exposing the User Password(Leave it empty, this will be a frontend for a web portal).
> The result would be:
> Web Portal login -> D389(AD synced users with no password)-> Pam PassThrough to AD that return back the login result.
> 
> The only thing that is not working is regarding nsAccount objectClass that it is not present in synced D389 users. 
> For example creating user with dsidm command will add nsAccount objectClass as expected and bind is successful.
> 
> During my test i've seen that if nsAccount is not present, PAM PT return an error while if present everything is working well.

Can we see your pam PT configuration? dsconf instance plugins pass-thru show (I think ... I'm going from memory here).

Could also be useful to see an example of an adsynced user as well. I've been looking into adsync a bit lately, so I can investigate this further if needed later. 

> 
> So my question is:
> How can i set this objectClass during Winsync(in automatic way) in order to "Activate" synced users or am i missing anything?
> 
> Many thanks for your help.
> Regards
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

--
Sincerely,

William Brown

Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux