On 11/12/18 12:58 PM, Tobi Berninger via FreeIPA-users wrote:
hey,
i just tried to add an new user as described in the howto/ldap from
freeipa. and the console doenst show any errors,
but when i try to use that user as an bind user - it wont work at all.
Maybe something bigger isnt work?
this is the bind settings i use in zammad:
dc=int,dc=asta-frankfurt,dc=de
uid=system4,cn=users,cn=accounts,dc=int,dc=asta-frankfurt,dc=de
this it eh log when i try:
[12/Nov/2018:12:56:12.367897702 +0100] conn=5 op=117374 RESULT err=0
tag=101 nentries=1 etime=0.0000079172
[12/Nov/2018:12:56:12.368072341 +0100] conn=5 op=117375 MOD
dn="fqdn=radius.int.asta-frankfurt.de
<http://radius.int.asta-frankfurt.de>,cn=computers,cn=accounts,dc=int,dc=asta-frankfurt,dc=de"
[12/Nov/2018:12:56:12.370654530 +0100] conn=5 op=117375 RESULT err=0
tag=103 nentries=0 etime=0.0002612503 csn=5be96b5fa6f300040000
[12/Nov/2018:12:56:12.372265034 +0100] conn=74960 op=1 UNBIND
[12/Nov/2018:12:56:12.372279026 +0100] conn=74960 op=1 fd=146 closed - U1
[12/Nov/2018:12:56:15.498614694 +0100] conn=74961 fd=146 slot=146 SSL
connection from 10.8.0.1 to 10.8.0.6
[12/Nov/2018:12:56:15.531133872 +0100] conn=74961 TLS1.2 256-bit AES-GCM
[12/Nov/2018:12:56:15.558425764 +0100] conn=74961 op=0 BIND
dn="uid=system4,cn=users,cn=accounts,dc=int,dc=asta-frankfurt,dc=de"
method=128 version=3
[12/Nov/2018:12:56:15.558859253 +0100] conn=74961 op=0 RESULT err=48
tag=97 nentries=0 etime=0.0059811400
Hi,
the BIND fails with err=48, which means inappropriate authentication.
Did you create the user with a password?
flo
[12/Nov/2018:12:56:15.586313574 +0100] conn=74961 op=-1 fd=146 closed - B1
with that change in setting binding isnt working at all,
when i change back to the system3 (the account i am also using for
nextcloud) it is working fine, when i try it with an normal user also no
problems
Am Mo., 12. Nov. 2018 um 09:56 Uhr schrieb Alexander Bokovoy
<aboko...@redhat.com <mailto:aboko...@redhat.com>>:
On ma, 12 marras 2018, Tobi Berninger via FreeIPA-users wrote:
>Hey,
>i have an freeipa 4.5.4 on an Centos 7 up and running.
>I allready binded that ipa trough an ldap on an nextcloud
installation.
>Now i try to do the same with an zammad. Sadly it doesnt offers me the
>right fields (first name, last name, mail and many more are missing)
>I set up an extra ldap sysaccount just for that reason, as it was
described
>here: https://www.freeipa.org/page/HowTo/LDAP
>
>Any ideas what i was doing wrong?
>
>Others users in the zammad forum told me that zammad is offering
them the
>fields i need, so i am quite convinced that the error is in an
>missconfiguration on my side. Sadly i didnt set the server up, i
just try
>to keep it running.
It would be good to see what you did exactly.
Can you show which fields you are trying to access and what is the
sysaccount entry?
Can you show what searches are done by zammad in the
/var/log/dirsrv/slapd-<INSTANCE-NAME>/access log? You can find them by
the connection which starts by binding as your sysaccount. It should
look something like below. I used admin user to do the search but it
should not matter in terms of how things a logged. You need logs for the
same connection (conn=<number>).
[12/Nov/2018:10:51:11.951508884 +0200] conn=1098 fd=93 slot=93 SSL
connection from 192.168.100.180 to 192.168.100.180
[12/Nov/2018:10:51:11.959543784 +0200] conn=1098 TLS1.3 128-bit AES-GCM
[12/Nov/2018:10:51:11.959795901 +0200] conn=1098 op=0 BIND
dn="uid=admin,cn=users,cn=accounts,dc=h,dc=example,dc=com"
method=128 version=3
[12/Nov/2018:10:51:12.034886792 +0200] conn=1098 op=0 RESULT err=0
tag=97 nentries=0 etime=0.1916669164
dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com"
[12/Nov/2018:10:51:12.035585653 +0200] conn=1098 op=1 SRCH
base="dc=h,dc=example,dc=com" scope=2 filter="(uid=admin)" attrs=ALL
[12/Nov/2018:10:51:12.037307748 +0200] conn=1098 op=1 RESULT err=0
tag=101 nentries=1 etime=0.0001826480
[12/Nov/2018:10:51:12.039934460 +0200] conn=1098 op=2 UNBIND
[12/Nov/2018:10:51:12.039960936 +0200] conn=1098 op=2 fd=93 closed - U1
>
>Thank u all for ur help and i apoligze for my english...
>_______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
>To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
>Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
