2016-05-18 16:21 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:
> Alexander Skwar wrote:
>> Hello Rob
>> 2016-05-12 0:06 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:
>>> Alexander Skwar wrote:
>> Important parts here:
>> - [USER_AUTH_FAILED_TECH]
>> - javax.naming.AuthenticationNotSupportedException: [LDAP: error code
>> 48 - Inappropriate Authentication]
>> I suppose, the "tech" user doesn't have the sufficient rights.
> Is your user "tech?" It doesn't appear to be though this logging leaves much
> to be desired.
Well, according to the howto, I created a user with "DN:
uid=system,cn=sysaccounts,cn=etc,dc=hydrus,dc=intern". That's also
what I configured as the „Technical user DN“ in my appliance (→
The password is correct. I double checked. On the IPA server, I can do:
local@bbva-auth01-prod ~ % ldapsearch -x -D
uid=system,cn=sysaccounts,cn=etc,dc=hydrus,dc=intern -W | head
# extended LDIF
# base <dc=hydrus,dc=intern> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# computers, compat, hydrus.intern
> LDAP err 48 means a bind was tried using a bad mechanism, like trying to do
> a simple bind when stronger auth is required, for example. Or you try to
> bind with a user that has no password.
> What is confusing to me is that the DN doesn't include uid=system, so it may
> be a configuration error on your part.
I bet that this will eventually be the reason :)
Hmm… Yes, that's indeed confusing. Playing a bit with the appliance,
it was indeed a configuration error on my part. The Bind DN was set
After fixing this, everything is working :)
Thanks a lot, that was indeed a helpful hint!
>> What would be good ACIs to grant read access to
>> cn=users,cn=accounts,dc=hydrus,dc=intern to this uid=system user?
> This is not the problem.
And that was also quite helpful. I was looking there, and thus in the
=> Google+ => http://plus.skwar.me <==
=> Chat (Jabber/Google Talk) => a.sk...@gmail.com <==
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project