Hi Chris,

> # remoteu, sysaccounts, etc, example.com
> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
> objectClass: account
> objectClass: simplesecurityobject
> objectClass: top
> uid: remoteu
> userPassword:: [hash value]
> 
> This new user is unable to run LDAP searches though:
> ldapsearch -D 'cn=remoteu' -W -H ldap://ipa01.example.com -x uid=remoteu
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)

Your DN (-D) is incorrect in your ldapsearch call.  It needs to match the part 
after the "dn:" string you provided in your query of the user above 
(uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com).

In some cases you can shorten the DN but only if your suffix/basedn is set 
correctly for the client making the call.

Regards,

j

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to