On 13/02/2024 16.02, slek kus via FreeIPA-users wrote:
Hi, can't get an application to work with FreeIPA (4.10.2).
Created a bind users as per manual (https://www.freeipa.org/page/HowTo/LDAP)
but keep getting invalid creds.
Created the user as below:
-----
[root@idm01 log]# ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: bndldapansibleforms
userPassword: S3cr3t!
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0
adding new entry
"uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local"
-----
In the app I have:
-----
Server: idm01.linux.bogus.local
Port: 389
Search base: dc=linux,dc=bogus,dc=local
Bind User distinguished name: bndldapansibleforms
Bind User Password: S3cr3t!
Username Attribute: sAMAccountName
Groups Attribute: memberOf
-----
Also tried with a normal user, but that prints the same invalid credentials
error.
How do I do this correctly?
"Bind User distinguished name" must be a distinguished name (DN), not
just the user name uid value. Use
"uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local"
as bind user name.
--
Christian Heimes
Principal Software Engineer, Identity Management and Platform Security
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael
O'Neill
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
