[Freeipa-users] How grant access to userPassword for System Accounts
Alexander Bokovoy
abokovoy at redhat.com
Tue Oct 27 08:42:29 UTC 2015
On Mon, 26 Oct 2015, John Duino wrote:
>I am trying to hook our VoIP solution (sipxecs-based openUC) to our
>FreeIPA. But it appears that it wants to read-in the userPassword
>rather than just auth against the ldap. I know Directory Manager is
>the only account that has the ability to read userPassword, but is
>there a way to grant that to a System Account
>(uid=voip,cn=sysaccounts,cn=etc,dc=oblong,dc=com)? Or perhaps some
>other path/process I'm overlooking short of using the Directory Manager
>account?
sipxecs internally uses LDAP bind authentication, it does not need
access to userPassword.
See, for example, the actual code that does it via Spring framework's
LDAP Bind Authentication provider:
https://github.com/SIPfoundry/sipxecs/blob/master/sipXconfig/neoconf/src/org/sipfoundry/sipxconfig/security/ConfigurableLdapAuthenticationProvider.java#L167
I wonder what is your configuration compared to what is listed in
https://sipfoundry.atlassian.net/wiki/display/sipXecs/LDAP+Integration
-- you can send me screenshots off-list.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list