[Freeipa-users] 4.0.0 password migration trouble
Rob Crittenden
rcritten at redhat.com
Thu Jul 17 22:05:27 UTC 2014
Nordgren, Bryce L -FS wrote:
> DNS is fixed, 4.0.0 is installed, and my external users have been
> migrated from an LDAP store via the migrate-ds script.
>
>
>
> The password migration page keeps telling me that the password or
> username I entered is incorrect. (username: test.user, password: test) I
> did not mistype this. I did set the minimum password length to 0, but
> not until after migrating my users.
>
>
>
> IPA forced me to reset the password for test.user, then kinit
> (attempting to login via sssd failed), then change the password before
> sssd logins and ldap binds started working. This is not an appropriate
> migration path for those users who primarily interact with web apps, so
> I need that migration page to work.
>
>
>
> The LDAP interface is also important to me, as I want to use this for
> web app authentication. As is, my migrated accounts are doing this:
>
>
>
> [root at fislstore ~]# ldapsearch -h ipa.usfs-i2.umt.edu -x -D
> 'uid=my_peeps,cn=users,cn=accounts,dc=usfs-i2,dc=umt,dc=edu' -W
> '(objectClass=posixAccount)' dn
>
> Enter LDAP Password:
>
> ldap_bind: Inappropriate authentication (48)
Are you sure the entry has a password set?
Someone has reported an issue with password migration where 389-ds is
rejecting the passwords with: passwords with storage scheme are not
allowed. That may be part of the problem.
rob
More information about the Freeipa-users
mailing list