Hi Alexander
Here is the object we are trying to change the password with:
dn: uid=tes...@jisc3.ac.uk
<mailto:uid=tes...@jisc3.ac.uk>,cn=users,cn=accounts,dc=jisc,dc=ac,dc=uk
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: krbPrincipalName
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
objectClass: eduPerson
uid: tes...@jisc3.ac.uk <mailto:tes...@jisc3.ac.uk>
givenName: NULL
sn: NULL
cn: wnQ6gpxNEbYDP4e0xSi42QvNLR4=
displayName: displayName not set
ou: Local
eduPersonAffiliation: affiliate
mail: tes...@jisc3.ac.uk <mailto:tes...@jisc3.ac.uk>
userPassword: e1NIQX1rYjBwdk45WkpLVGpmMHdiMGJqYm5LSk10Vnk7
loginshell: /bin/sh
homedirectory: /home/tes...@jisc3.ac.uk <mailto:home/tes...@jisc3.ac.uk>
gidnumber: 1092000014
uidnumber: 1092000014
Is there anything you can suggest?
Regards
Per
> On 11 May 2018, at 10:31, Alexander Bokovoy via FreeIPA-users
> <freeipa-users@lists.fedorahosted.org> wrote:
>
> On pe, 11 touko 2018, Per Qvindesland via FreeIPA-users wrote:
>> Hi All
>>
>> We’re getting the following entries in the error logs
>>
>> [10/May/2018:15:37:18.628665013 +0100] - ERR - ipapwd_encrypt_encode_key -
>> [file encoding.c, line 143]: no krbPrincipalName present in this entry
>> [10/May/2018:15:37:18.630473873 +0100] - ERR - ipapwd_gen_hashes - [file
>> encoding.c, line 234]: key encryption/encoding failed
>>
>> Is this related to the failed binds? is there any ways of turning on debug
>> logging
> You have or are trying to add an object in LDAP that is not a Kerberos
> principal, yet somehow
> object classes imply it should be a Kerberos principal.
> You'd need to show the object or explain what are you doing.
>
>>
>> The connection string is $ds = ldap_connect($hostport, $port); then we are
>> setting some connection options: ldap_set_option($ds,
>> LDAP_OPT_PROTOCOL_VERSION, 3);
>> ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); Then binding using admin
>> credential:$result = ldap_bind($ds, $rdn, $pass)
>>
>> We can connect to freeipa but we are suspecting that we might be using the
>> wrong encryption {SHA} in plain text then results in err 19 which results
>> in operations error.
> No, this is not about connection to ldap but rather adding an LDAP
> object or attempting to modify a password on existing object.
>
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
