wenxing zheng via FreeIPA-users wrote: > Dear all, > > I met with an issue when doing the LDAP authentication on the Kylin. My > FreeIPA works with Ranger very well, but on Kylin, when binding the DN > with the admin, it failed to connect to the LDAP server: > > [05/Jul/2017:11:16:32 +0800] ipalockout_preop - [file ipa_lockout.c, > line 756]: Failed to retrieve entry > "uid=admin,cn=users,cn=accounts,dc=dat...": 32 > [05/Jul/2017:11:16:32 +0800] ipalockout_preop - [file ipa_lockout.c, > line 756]: Failed to retrieve entry > "uid=admin,cn=users,cn=accounts,dc=dat...": 32
I don't know what either Kylin or Ranger are. The only advice I can suggest is to ensure the whole DN is correct (the dc= bits). The plugin is just trying to fetch the entry that is doing the BIND. My memory is fuzzy on the ordering of the plugins, it's possible that the bind hasn't been authenticated yet at this point, I'm not sure. You should be able to test on the command-line which might make this easier: $ ldapsearch -D uid=admin,cn=users,cn=accounts,dc=example,dc=com -W -b uid=admin,cn=users,cn=accounts,dc=example,dc=com rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org