The Apple Open Directory uses kerberos so they aren't readable as the rood dn either. the password fields all have the same token: KioqKioqKio=
I wasn't expecting to be able to import passwords so I thought I could run an import as an anonymous bind. I'll try again with a bind dn and see what hapens. On Mon, Jan 24, 2011 at 3:22 PM, Jakub Hrozek <[email protected]> wrote: > On 01/24/2011 08:57 PM, Jeff B wrote: >> >> I might of missed this yesterday, is it trying to bind to the apple >> as Directory Manager? I thought that was for FreeIPA but now I'm not >> sure. I was intending to have it do an anonymous bind to the apple. >> >> If so I guess that would explain it. >> > > Yes, "cn=Directory Manager" against Apple DS. Anonymous bind wouldn't work, > because during migration, you need to read LDAP attributes that store user > passwords. Those are usually not readable anonymously. > > Jakub > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
