Sorry, I didn’t include much in the way of specifics did I?!  Before yum 
updated my IPA server from 2.2 to 3, FreeIPA provided (or appeared to provide) 
an instance of an LDAP server that was accessible locally on port 389.  The web 
applications I am concerned with is Atlassian Crowd, which I use to 
authenticate to Jira, Confluence, Bamboo and Fisheye on the local network and 
also Google Apps.  Crowd is on the same server as FreeIPA so as to allow me to 
keep port 389 behind the server’s firewall.  Crowd was configured to treat the 
LDAP server as a read only 389 DS server as experimentation showed that that 
worked, but I did not install or configure any LDAP software myself.  The LDAP 
server had been installed as part of the FreeIPA installation.

Crowd is failing since the update as there is no server listening on port 389.  
It gets a ‘connection refused’ message.  Netstat confirms that there is no 
server listening on port 389 and also shows that there is nothing listening on 
port 636.  Prior to the upgrade, FreeIPA had been running with default 
settings, I had done nothing to reduce security.



From: Dmitri Pal
Sent: ‎Sunday‎, ‎7‎ ‎April‎ ‎2013 ‎20‎:‎20

On 04/07/2013 05:44 AM, Simon Williams wrote: 


I ran a yum update on my CentOS 6 server that runs FreeIPA a couple of days ago 
and it upgraded FreeIPA to version 3. I use a couple of web applications that 
cannot use Kerberos, but can use LDAP to authenticate.  These stopped working. 
When I investigated the issue, I discovered that the LDAP server wasn't there 
any more. Google searches have proved fruitless and I can't find any 
documentation for v3. Can anyone tell me how to get my LDAP server back?



Hello Simon,

Can you please clarify:
Did you have an earlier version of the apps that used IPA via LDAP or you had a 
different LDAP instance and FreeIPA now took over the whole machine and you do 
not have access to those instances?
I assume you had 389 DS, right? Or OpenLDAP?

What is the general goal? Do you want to have the apps be able to access IPA 
data via LDAP or you want to be able to use different LDAP databases on the 
same machine?

If the apps you mention used to work against IPA and now they do not I would 
suggest checking the logs from those applications to see what is failing. It 
might be that they have been using an insecure way to authenticate and the 
upgraded bits enforce a higher security standard. If this is the case you 
either need to lower the authentication requirements on the server (not 
recommended) or provide a more secure way to authenticate from those apps 

Freeipa-users mailing list

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?
Freeipa-users mailing list

Reply via email to