[Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

Fri, 16 Dec 2016 22:00:10 -0800 

Hi,

After upgrading to EL 7.3 which included an upgrade of IPA from 4.2.0-
15.0.1.el7.centos.19 to 4.4.0-14.el7.centos I'm getting: 

22:01:00 ipa-dnskeysyncd ipa         : INFO     LDAP bind...
22:01:00 ipa-dnskeysyncd ipa         : ERROR    Login to LDAP server failed: 
{'desc': 'Invalid credentials'}
22:01:00 ipa-dnskeysyncd Traceback (most recent call last):
22:01:00 ipa-dnskeysyncd File "/usr/libexec/ipa/ipa-dnskeysyncd", line 90, in 
<module>
22:01:00 ipa-dnskeysyncd ldap_connection.sasl_interactive_bind_s("", 
ipaldap.SASL_GSSAPI)
22:01:00 ipa-dnskeysyncd File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in 
sasl_interactive_bind_s
22:01:00 ipa-dnskeysyncd res = 
self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
22:01:00 ipa-dnskeysyncd File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in 
_apply_method_s
22:01:00 ipa-dnskeysyncd return func(self,*args,**kwargs)
22:01:00 ipa-dnskeysyncd File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in 
sasl_interactive_bind_s
22:01:00 ipa-dnskeysyncd return 
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
22:01:00 ipa-dnskeysyncd File 
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in _ldap_call
22:01:00 ipa-dnskeysyncd result = func(*args,**kwargs)
22:01:00 ipa-dnskeysyncd INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
22:01:01 systemd ipa-dnskeysyncd.service: main process exited, code=exited, 
status=1/FAILURE
22:01:01 systemd Unit ipa-dnskeysyncd.service entered failed state.
22:01:01 systemd ipa-dnskeysyncd.service failed.

But I also had to fall back to simple authentication of bind with

        arg "auth_method simple";
        arg "bind_dn uid=admin,cn=users,cn=accounts,dc=example.com";
        arg "password my_password";

in /etc/named.conf due to:

21:12:19 LDAP error: Invalid credentials: bind to LDAP server failed

trying to start bind via systemctl start ipa.

Seems like something's gotten fouled up during that upgrade.

Any ideas?

Cheers,
b.

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to