14 Apr
2025
14 Apr
'25
10:52 a.m.
Hi Ondrej
Am 14.04.25 um 18:19 schrieb Ondřej Kuzník:
Hi Stefan, hard to tell but it might be down to ACLs, if you want to use LDAP URIs for user selection, there is an internal search that is run and it needs `auth` privileges to run. You probably need to run with acl logs enabled and check that your ACLs are not standing in the way of that.
Again, you pushed me in the right direction. We already set the ACL for "uid" and "entry" to auth, but in this case we need KerberosPrincipalName in the same ACL. Reading your answer pushes me in the right direction :-)
Thank you
Stefan