URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping
flo-renaud commented: """ Hi @sumit-bose , I am not able to reproduce this issue: `[root@vm-161 ~]# kinit -k [root@vm-161 ~]# klist Ticket cache: KEYRING:persistent:0:krb_ccache_h6XRpeK Default principal: host/vm-161.example....@dom-161.example.com Valid starting Expires Service principal 02/22/2017 21:30:10 02/23/2017 21:30:10 krbtgt/dom-161.example....@dom-161.example.com [root@vm-161 ~]# ldapsearch -H ldap://vm-161 '(&(objectClass=ipaCertMapRule)(ipaEnabledFlag=TRUE))' -Y GSSAPI -LLL SASL/GSSAPI authentication started SASL username: host/vm-161.example....@dom-161.example.com SASL SSF: 56 SASL data security layer installed. dn: cn=rule1,cn=certmaprules,cn=certmap,dc=dom-161,dc=example,dc=com objectClass: ipacertmaprule objectClass: top cn: rule1 description: d1 ipaEnabledFlag: TRUE ` Do you have the ACI "permission:System: Read Certmap Rules" defined on dn: cn=certmaprules,cn=certmap,$BASEDN? It should grant access to ldap:///all """ See the full comment at https://github.com/freeipa/freeipa/pull/398#issuecomment-281795345
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
