so if I am reading you correctly....
connection.username=cn=ddfusr
should be
connection.username=uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com?




Michael Sean Conley



From:   Rob Crittenden <rcrit...@redhat.com>
To:     Michael Sean Conley <michael.sean.con...@raytheon.com>,
            freeipa-users@redhat.com
Date:   08/12/2016 04:13 PM
Subject:        Re: [Freeipa-users] ldaps Java script issues with RH IdM - odd
            that I cannot make it connect...



Michael Sean Conley wrote:
> UID binding - I believe - from what I saw in the script.
>
>
> I ran the nifty search...  First on user "binding"...
>
> Got an error 32.
>
> tried it with ddfusr
>
> # ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
> 'uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
> 'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddfusr)' cn
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=users,cn=accounts,dc=aba,dc=home,dc=com> with scope subtree
> # filter: (uid=ddfusr)
> # requesting: cn
> #
>
> # ddfusr, users, accounts, aba.home.com
> dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com
> cn: ddf user
>
> # search result
> search: 3
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Fabulous.
>
> So, I then checked the java xml file...
>
>   <jaas:config name="karaf" rank="1">
>      <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>                   flags="required">
>        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>        connection.username=cn=ddfusr
>        connection.password=iloveaba!
>        connection.url=ldaps://aba-idam.aba.house.com:636
>        user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com
>        user.filter=(uid=%u)
>        user.search.subtree=true
>        role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com
>        role.name.attribute=cn
>
> role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)
>        role.search.subtree=true
>        role.mapping=admin=group,admin,manager,viewer,webconsole
>        authentication=simple
>        ssl.protocol=SSL
>        ssl.truststore=truststore
>        ssl.algorithm=PKIX
>      </jaas:module>
>    </jaas:config>
>
> and I tried to log in with the ddfusr account and....
>
> Error 32.

You're still using the wrong user to bind. There is no cn=ddfusr. At
best there is a uid=ddfusr if the user.base is automatically added
(which it probably isn't).

It probably needs to be
uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com just like in the
ldapsearch.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to