[Freeipa-users] Connect to FreeIPA's LDAP Directory
Justin Brown
justin.brown at fandingo.org
Mon May 27 22:38:32 UTC 2013
I'm working on a small project that needs access to user information
(primarily email addresses and phone numbers) from a LDAP directory. I'm
successfully using FreeIPA for general authentication and DNS in my lab and
would like to have this application use FreeIPA as well.
I need to be able to bind to the LDAP directory, using both Apache
Directory Studio (for development) and python-ldap. Both support various
methods of authentication, including "simple" aka password and Kerberos via
GSSAPI. Unfortunately, I haven't had much access in connecting with either.
I have tried a variety of user accounts for password authentication to no
success. Additionally, I have used `kinit` to obtain a TGT and even
specified the TGT cache dir (/run/user/1000/krb5cc.../tkt); however, I get
an error: "unable to obtain Principal Name for authentication." From my
basic understanding of Kerberos, it seems that I need a TGT specific for
access to LDAP from FreeIPA, but I have no idea how to generate it.
$ klist
Ticket cache: DIR::/run/user/1000/krb5cc_.../tkt
Default principal: justin at FANDINGO.ORG
Valid starting Expires Service principal
05/27/13 17:25:45 05/28/13 17:25:42 krbtgt/FANDINGO.ORG at FANDINGO.ORG
Any help would be greatly appreciated.
Thanks,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130527/c059f947/attachment.htm>
More information about the Freeipa-users
mailing list