I'm working on a small project that needs access to user information
(primarily email addresses and phone numbers) from a LDAP directory. I'm
successfully using FreeIPA for general authentication and DNS in my lab and
would like to have this application use FreeIPA as well.

I need to be able to bind to the LDAP directory, using both Apache
Directory Studio (for development) and python-ldap. Both support various
methods of authentication, including "simple" aka password and Kerberos via
GSSAPI. Unfortunately, I haven't had much access in connecting with either.

I have tried a variety of user accounts for password authentication to no
success. Additionally, I have used `kinit` to obtain a TGT and even
specified the TGT cache dir (/run/user/1000/krb5cc.../tkt); however, I get
an error: "unable to obtain Principal Name for authentication." From my
basic understanding of Kerberos, it seems that I need a TGT specific for
access to LDAP from FreeIPA, but I have no idea how to generate it.

$ klist
Ticket cache: DIR::/run/user/1000/krb5cc_.../tkt
Default principal: jus...@fandingo.org

Valid starting     Expires            Service principal
05/27/13 17:25:45  05/28/13 17:25:42  krbtgt/fandingo....@fandingo.org

Any help would be greatly appreciated.

Freeipa-users mailing list

Reply via email to