The DUA project used to configure Solaris and HP/ux clients is not available anonymously. This is a regression from 3.x.
The URI is cn=default,ou=profile,$SUFFIX.
Tested using freeipa-server-4.1.2-1 on F-21
$ ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com
In 3.x:
$ ldapsearch -LLL -x -b cn=default,ou=profile,dc=example,dc=com dn: cn=default,ou=profile,dc=example,dc=com defaultServerList: grindle.example.com defaultSearchBase: dc=example,dc=com objectClass: top objectClass: DUAConfigProfile serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com searchTimeLimit: 15 followReferrals: TRUE objectclassMap: shadow:shadowAccount=posixAccount bindTimeLimit: 5 authenticationMethod: none cn: default
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1184149
attachment freeipa-mkosek-492-add-anonymous-read-aci-for-dua-profile.patch
Patch freeipa-mkosek-492-add-anonymous-read-aci-for-dua-profile.patch sent for review
master:
ipa-4-1:
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 4.1.3
Login to comment on this ticket.