Thanks Simo. 
I've downloaded ca.crt from FreeIPA, converted it to der format,
imported to AMM and enabled SSL. But nothing happened, I cannot login
to AMM with FreeIPA credentials and cannot see any errors or access
records still...
DNS has been checked and works (integrated with IPA). 

-- 
Best regards, Pavel Zhukov 
mailto:pa...@zhukoff.net
On Thu, 01 Nov 2012, Simo Sorce wrote:

> On Thu, 2012-11-01 at 15:55 -0400, Simo Sorce wrote:
> > On Thu, 2012-11-01 at 08:27 +0400, Pavel Zhukov wrote:
> > > Hi all. 
> > > I'd like to use FreeIPA for AMM (advanced management module) user
> > > management using this instruction [1]. I enabled option "use DNS for
> > > find LDAP servers"  and set root DN and Binding method "w/ Login
> > > Credentials" but cannot login with IPA credentials.  Logs of dirsrv
> > > and kerberos are empty. DNS server works correctly. 
> > > 
> > > [1] - 
> > > http://publib.boulder.ibm.com/infocenter/bladectr/documentation/index.jsp?topic=/com.ibm.bladecenter.advmgtmod.doc/kp1bb_bc_mmug_configldap_ADrolebasedauthen.html
> > 
> > I am not sure that bind w/ Login Credentials will work properly if they
> > assume Active Directory.
> > AD has a non standard authentication method that allows to not use a DN
> > to identify a user. We do not support that authentication method.
> > 
> > However you should at least see the bind attempt and an error message in
> > the dirsrv access log.
> > 
> > If you do not see that then something else is broken before a bind is
> > even attempted, perhaps DNS discovery ?
> 
> Ah btw, have you enabled SSL ?
> FreeIPA enforces that simple binds be done on an encrypted channel.If
> you try to bind with plain text credentials on an unencrypted channel
> FreeIPA simply returns an error.
> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to