Michael Sean Conley wrote:
So, having some fun today, trying to get a javascript in a docker
container to speak to FreeIPA via LDAPS.
I made sure that the key was inserted into the store,
(aba-idam:/etc/ipa/ca.crt), and ensured that an ldap user was created
for ldap binding (coincidentally I used "binding").
I also added a user in ipa called ddfusr, and set its password, and
logged in via kinit to ensure that we could check it.  it is available,
and is able to log in and getent its information, not to mention I can
see it has Kerberos info and all that jazz.

You need the full DN for the user binding, not just cn=binding.

You can confirm the bind on the cli using ldapsearch :

ldapsearch -Z -H ldap://ipa.example.com -D 'uid=admin,cn=users,cn=accounts,dc=example,dc=com' -W -b 'cn=users,cn=accounts,dc=example,dc=com' '(uid=admin)' cn

So, based on the ldif, we entered the data we expect to be able to log
in with into the java script.  And so we get back an error=32.

What am I missing here?

Information included here:

LDASEARCH RESPONSE binding
# ldapsearch -x uid=binding
# extended LDIF
#
# LDAPv3
# base <dc=aba,dc=house,dc=com> (default) with scope subtree
# filter: uid=binding
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

Filter returned no matches. Is it uid=binding or cn=binding?

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to