Hmmm seems I have been misinformed, then. And then why does it have a field for 
'mapping' the password? Well, I think that's off-topic for the list. I'll dig 
more later today.

John Duino

----- Original Message -----
From: "Alexander Bokovoy" <>
To: "John Duino" <>
Cc: "freeipa-users" <>
Sent: Tuesday, October 27, 2015 1:42:29 AM
Subject: Re: [Freeipa-users] How grant access to userPassword for System 

On Mon, 26 Oct 2015, John Duino wrote:
>I am trying to hook our VoIP solution (sipxecs-based openUC) to our
>FreeIPA. But it appears that it wants to read-in the userPassword
>rather than just auth against the ldap.  I know Directory Manager is
>the only account that has the ability to read userPassword, but is
>there a way to grant that to a System Account
>(uid=voip,cn=sysaccounts,cn=etc,dc=oblong,dc=com)? Or perhaps some
>other path/process I'm overlooking short of using the Directory Manager
sipxecs internally uses LDAP bind authentication, it does not need
access to userPassword. 

See, for example, the actual code that does it via Spring framework's
LDAP Bind Authentication provider:

I wonder what is your configuration compared to what is listed in
-- you can send me screenshots off-list.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to