Thanks Jason, that was exactly the issue! It's working now.

On Wed, Apr 26, 2017 at 4:11 PM, Jason B. Nance <> wrote:
> Hi Chris,
>> # remoteu, sysaccounts, etc,
>> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
>> objectClass: account
>> objectClass: simplesecurityobject
>> objectClass: top
>> uid: remoteu
>> userPassword:: [hash value]
>> This new user is unable to run LDAP searches though:
>> ldapsearch -D 'cn=remoteu' -W -H ldap:// -x uid=remoteu
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
> Your DN (-D) is incorrect in your ldapsearch call.  It needs to match the 
> part after the "dn:" string you provided in your query of the user above 
> (uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com).
> In some cases you can shorten the DN but only if your suffix/basedn is set 
> correctly for the client making the call.
> Regards,
> j

Chris Herdt
UIS Systems Administrator
612-301-2232 (office)
734-754-3585 (mobile)

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to