Hello Rob 2016-05-18 16:21 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>: > Alexander Skwar wrote: >> >> Hello Rob >> >> 2016-05-12 0:06 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>: >>> >>> >>> Alexander Skwar wrote:
>> Important parts here: >> >> - [USER_AUTH_FAILED_TECH] >> - javax.naming.AuthenticationNotSupportedException: [LDAP: error code >> 48 - Inappropriate Authentication] >> >> I suppose, the "tech" user doesn't have the sufficient rights. > > > Is your user "tech?" It doesn't appear to be though this logging leaves much > to be desired. Well, according to the howto, I created a user with "DN: uid=system,cn=sysaccounts,cn=etc,dc=hydrus,dc=intern". That's also what I configured as the „Technical user DN“ in my appliance (→ uid=system,cn=sysaccounts,cn=etc,dc=hydrus,dc=intern). The password is correct. I double checked. On the IPA server, I can do: local@bbva-auth01-prod ~ % ldapsearch -x -D uid=system,cn=sysaccounts,cn=etc,dc=hydrus,dc=intern -W | head # extended LDIF # # LDAPv3 # base <dc=hydrus,dc=intern> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # computers, compat, hydrus.intern dn: cn=computers,cn=compat,dc=hydrus,dc=intern … > LDAP err 48 means a bind was tried using a bad mechanism, like trying to do > a simple bind when stronger auth is required, for example. Or you try to > bind with a user that has no password. Thanks. > What is confusing to me is that the DN doesn't include uid=system, so it may > be a configuration error on your part. I bet that this will eventually be the reason :) Hmm… Yes, that's indeed confusing. Playing a bit with the appliance, it was indeed a configuration error on my part. The Bind DN was set wrong. After fixing this, everything is working :) Thanks a lot, that was indeed a helpful hint! >> What would be good ACIs to grant read access to >> cn=users,cn=accounts,dc=hydrus,dc=intern to this uid=system user? > > > This is not the problem. And that was also quite helpful. I was looking there, and thus in the wrong direction. Thanks again, Alexander -- => Google+ => http://plus.skwar.me <== => Chat (Jabber/Google Talk) => a.sk...@gmail.com <== -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project