I'm working on a small project that needs access to user information (primarily email addresses and phone numbers) from a LDAP directory. I'm successfully using FreeIPA for general authentication and DNS in my lab and would like to have this application use FreeIPA as well.
I need to be able to bind to the LDAP directory, using both Apache Directory Studio (for development) and python-ldap. Both support various methods of authentication, including "simple" aka password and Kerberos via GSSAPI. Unfortunately, I haven't had much access in connecting with either. I have tried a variety of user accounts for password authentication to no success. Additionally, I have used `kinit` to obtain a TGT and even specified the TGT cache dir (/run/user/1000/krb5cc.../tkt); however, I get an error: "unable to obtain Principal Name for authentication." From my basic understanding of Kerberos, it seems that I need a TGT specific for access to LDAP from FreeIPA, but I have no idea how to generate it. $ klist Ticket cache: DIR::/run/user/1000/krb5cc_.../tkt Default principal: [email protected] Valid starting Expires Service principal 05/27/13 17:25:45 05/28/13 17:25:42 krbtgt/[email protected] Any help would be greatly appreciated. Thanks, Justin
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
