Hello Martin,

Thanks that does help, I didn't know about this project. I will try this
approach first. Seems like it will be better integrated with FreeIPA and in
general more maintainable than PWM.

On 21 April 2016 at 09:59, Martin Kosek <mko...@redhat.com> wrote:

> On 04/20/2016 05:23 PM, Tiemen Ruiten wrote:
> > Hello,
> >
> > I'm trying to set up a self-service page for a new IPA domain and I'm
> trying to
> > use PWM for that.
> >
> > When I try to bind to FreeIPA from within PWM, with the configured "LDAP
> Proxy
> > User", I get the following error:
> >
> > error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636
> > <http://polonium.ipa.rdmedia.com:636>': unable to create connection:
> unable to
> > bind to ldaps://polonium.ipa.rdmedia.com:636
> > <http://polonium.ipa.rdmedia.com:636> as
> > cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason:
> [LDAP:
> > error code 48 - Inappropriate Authentication]
> >
> > In /var/log/krb5kdc.log I see:
> >
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> > <http://192.168.50.33>: NEEDED_PREAUTH:
> > host/protactinium.ipa.rdmedia....@ipa.rdmedia.com
> > <mailto:protactinium.ipa.rdmedia....@ipa.rdmedia.com> for
> > krbtgt/ipa.rdmedia....@ipa.rdmedia.com <mailto:
> ipa.rdmedia....@ipa.rdmedia.com>,
> > Additional pre-authentication required
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): closing down fd 12
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18
> tkt=18
> > ses=18}, host/protactinium.ipa.rdmedia....@ipa.rdmedia.com
> > <mailto:protactinium.ipa.rdmedia....@ipa.rdmedia.com> for
> > krbtgt/ipa.rdmedia....@ipa.rdmedia.com <mailto:
> ipa.rdmedia....@ipa.rdmedia.com>
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): closing down fd 12
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): TGS_REQ (6 etypes {18 17 16 23 25 26})
> 192.168.50.33
> > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18
> tkt=18
> > ses=18}, host/protactinium.ipa.rdmedia....@ipa.rdmedia.com
> > <mailto:protactinium.ipa.rdmedia....@ipa.rdmedia.com> for
> > ldap/polonium.ipa.rdmedia....@ipa.rdmedia.com
> > <mailto:polonium.ipa.rdmedia....@ipa.rdmedia.com>
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): closing down fd 12
> >
> > What is going on? What can I do to debug this more?
> >
> >
> > --
> > Tiemen Ruiten
> > Systems Engineer
> > R&D Media
>
> Hello Tiemen,
>
> Just for the record, in FreeIPA we have been also working on our own
> version of
> the Community Portal that could be useful for the registration and is
> already
> well integrated with FreeIPA:
>
> https://github.com/freeipa/freeipa-community-portal
> http://freeipa-community-portal.readthedocs.org/en/latest/
>
> CCing Christian who currently owns the project.
>
> HTH,
> Martin
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to