On pe, 11 touko 2018, Per Qvindesland via FreeIPA-users wrote:
Hi All
We’re getting the following entries in the error logs
[10/May/2018:15:37:18.628665013 +0100] - ERR - ipapwd_encrypt_encode_key -
[file encoding.c, line 143]: no krbPrincipalName present in this entry
[10/May/2018:15:37:18.630473873 +0100] - ERR - ipapwd_gen_hashes - [file
encoding.c, line 234]: key encryption/encoding failed
Is this related to the failed binds? is there any ways of turning on debug
logging
You have or are trying to add an object in LDAP that is not a Kerberos
principal, yet somehow
object classes imply it should be a Kerberos principal.
You'd need to show the object or explain what are you doing.
The connection string is $ds = ldap_connect($hostport, $port); then we are
setting some connection options: ldap_set_option($ds,
LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); Then binding using admin
credential:$result = ldap_bind($ds, $rdn, $pass)
We can connect to freeipa but we are suspecting that we might be using the
wrong encryption {SHA} in plain text then results in err 19 which results in
operations error.
No, this is not about connection to ldap but rather adding an LDAP
object or attempting to modify a password on existing object.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org