Sorry, I missed adding the mailing list, added now.

Ah, I'll bear that in mind about authentication prior to 4.4. I have 4.3.1
on Fedora 24 right now. I'm using anonymous authentication for now, for my
various situations such as Jira/etc, and it seems to work, and I'll try
again in 4.4 with various GUI apps.

Thanks again for all the help!


On 29 August 2016 at 01:59, Alexander Bokovoy <> wrote:

> Again, don't answer to me directly, use freeipa-users@ mailing list.
> On Mon, 29 Aug 2016, Harry Kashouli wrote:
>> Fixed it, and now it looks like I actually get a successful result, and it
>> gives me info on the account. Thanks, I should've guessed that I needed to
>> replace $REALM.
>> Now, even though this works, if I try to connect via a GUI such as LDAP
>> Admin, I can only connect to the database if I use "Simple
>> Authentication",
>> and anonymous. If I switch it to GSS-API and add the admin user, I get an
>> error as follows:
>> "LDAP error! Invalid credentials: SASL(-13): authentication failure:
>> GSSAPI Failure: gss_accept_sec_context"
>> I've tried using the following two options as base, but still no sucess:
>> - dc=outland,dc=zsazouli,dc=com
>> - cn=users,cn=accounts,dc=outland,dc=zsazouli,dc=com
> I don't think it is related to the choice of the base here. You need to
> look into details of your GUI application. 'LDAP Admin' app is running
> on Windows and I don't think it is going to use IPA's credentials -- it
> is rather using Active Directory user's ones. However, we do not support
> GSSAPI authentication as an AD user to LDAP in versions before FreeIPA 4.4.
> --
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to