Thanks Jason, that was exactly the issue! It's working now.

On Wed, Apr 26, 2017 at 4:11 PM, Jason B. Nance <ja...@tresgeek.net> wrote:
> Hi Chris,
>
>> # remoteu, sysaccounts, etc, example.com
>> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
>> objectClass: account
>> objectClass: simplesecurityobject
>> objectClass: top
>> uid: remoteu
>> userPassword:: [hash value]
>>
>> This new user is unable to run LDAP searches though:
>> ldapsearch -D 'cn=remoteu' -W -H ldap://ipa01.example.com -x uid=remoteu
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
>
> Your DN (-D) is incorrect in your ldapsearch call.  It needs to match the 
> part after the "dn:" string you provided in your query of the user above 
> (uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com).
>
> In some cases you can shorten the DN but only if your suffix/basedn is set 
> correctly for the client making the call.
>
> Regards,
>
> j



-- 
Chris Herdt
UIS Systems Administrator
che...@umn.edu
612-301-2232 (office)
734-754-3585 (mobile)

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to