Macklin, Jason wrote:
ldapsearch -xLLL -H ldap://dbduvdu145.dbr.roche.com -D "cn=directory manager" 
-W uid=asteinfeld \* krbPwdLockoutDuration ?
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I know this user password because I reset it for the purpose of troubleshooting 
this issue with that account. I also get the same response when I use the admin 
account of my own account.

You use the password of the user you are binding as, in this case the directory manager.

rob


-----Original Message-----
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Wednesday, October 17, 2012 1:15 PM
To: Macklin, Jason {DASB~Branford}
Cc: s...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Sudo works for full access, but not on a per 
command or host level.

On 10/17/2012 11:13 AM, Macklin, Jason wrote:
None of my users have an LDAP password being requested by running that command 
(except the admin user).

Does each user account require an ldap account to go along with their login 
account?  I just get the following over and over no matter which account I 
switch in the command...

[jmacklin@dbduwdu062 Desktop]$ ldapsearch -xLLL -D "cn=directory manager" -W 
uid=admin \* krbPwdLockoutDuration ?
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[jmacklin@dbduwdu062 Desktop]$ ldapsearch -xLLL -D "cn=directory manager" -W 
uid=asteinfeld \* krbPwdLockoutDuration ?
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[jmacklin@dbduwdu062 Desktop]$ ldapsearch -xLLL -D "cn=directory manager" -W 
uid=jmacklin \* krbPwdLockoutDuration ?
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
You have to specify which server to talk to using the -H ldap://fqdn.of.host 
option.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to