[Freeipa-users] Invalid Credentials error on migrate-ds
Jeff B
jeffb.list at gmail.com
Mon Jan 24 20:53:58 UTC 2011
The Apple Open Directory uses kerberos so they aren't readable as the
rood dn either. the password fields all have the same token:
KioqKioqKio=
I wasn't expecting to be able to import passwords so I thought I could
run an import as an anonymous bind.
I'll try again with a bind dn and see what hapens.
On Mon, Jan 24, 2011 at 3:22 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On 01/24/2011 08:57 PM, Jeff B wrote:
>>
>> I might of missed this yesterday, is it trying to bind to the apple
>> as Directory Manager? I thought that was for FreeIPA but now I'm not
>> sure. I was intending to have it do an anonymous bind to the apple.
>>
>> If so I guess that would explain it.
>>
>
> Yes, "cn=Directory Manager" against Apple DS. Anonymous bind wouldn't work,
> because during migration, you need to read LDAP attributes that store user
> passwords. Those are usually not readable anonymously.
>
> Jakub
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list