so if I am reading you correctly.... connection.username=cn=ddfusr should be connection.username=uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com?
Michael Sean Conley From: Rob Crittenden <[email protected]> To: Michael Sean Conley <[email protected]>, [email protected] Date: 08/12/2016 04:13 PM Subject: Re: [Freeipa-users] ldaps Java script issues with RH IdM - odd that I cannot make it connect... Michael Sean Conley wrote: > UID binding - I believe - from what I saw in the script. > > > I ran the nifty search... First on user "binding"... > > Got an error 32. > > tried it with ddfusr > > # ldapsearch -Z -H ldap://aba-idam.aba.home.com -D > 'uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b > 'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddfusr)' cn > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <cn=users,cn=accounts,dc=aba,dc=home,dc=com> with scope subtree > # filter: (uid=ddfusr) > # requesting: cn > # > > # ddfusr, users, accounts, aba.home.com > dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com > cn: ddf user > > # search result > search: 3 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > Fabulous. > > So, I then checked the java xml file... > > <jaas:config name="karaf" rank="1"> > <jaas:module > className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" > flags="required"> > initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory > connection.username=cn=ddfusr > connection.password=iloveaba! > connection.url=ldaps://aba-idam.aba.house.com:636 > user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com > user.filter=(uid=%u) > user.search.subtree=true > role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com > role.name.attribute=cn > > role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com) > role.search.subtree=true > role.mapping=admin=group,admin,manager,viewer,webconsole > authentication=simple > ssl.protocol=SSL > ssl.truststore=truststore > ssl.algorithm=PKIX > </jaas:module> > </jaas:config> > > and I tried to log in with the ddfusr account and.... > > Error 32. You're still using the wrong user to bind. There is no cn=ddfusr. At best there is a uid=ddfusr if the user.base is automatically added (which it probably isn't). It probably needs to be uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com just like in the ldapsearch. rob
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
