[Freeipa-users] How grant access to userPassword for System Accounts
John Duino
jduino at oblong.com
Tue Oct 27 15:26:11 UTC 2015
Hmmm seems I have been misinformed, then. And then why does it have a field for 'mapping' the password? Well, I think that's off-topic for the list. I'll dig more later today.
--
John Duino
----- Original Message -----
From: "Alexander Bokovoy" <abokovoy at redhat.com>
To: "John Duino" <jduino at oblong.com>
Cc: "freeipa-users" <freeipa-users at redhat.com>
Sent: Tuesday, October 27, 2015 1:42:29 AM
Subject: Re: [Freeipa-users] How grant access to userPassword for System Accounts
On Mon, 26 Oct 2015, John Duino wrote:
>I am trying to hook our VoIP solution (sipxecs-based openUC) to our
>FreeIPA. But it appears that it wants to read-in the userPassword
>rather than just auth against the ldap. I know Directory Manager is
>the only account that has the ability to read userPassword, but is
>there a way to grant that to a System Account
>(uid=voip,cn=sysaccounts,cn=etc,dc=oblong,dc=com)? Or perhaps some
>other path/process I'm overlooking short of using the Directory Manager
>account?
sipxecs internally uses LDAP bind authentication, it does not need
access to userPassword.
See, for example, the actual code that does it via Spring framework's
LDAP Bind Authentication provider:
https://github.com/SIPfoundry/sipxecs/blob/master/sipXconfig/neoconf/src/org/sipfoundry/sipxconfig/security/ConfigurableLdapAuthenticationProvider.java#L167
I wonder what is your configuration compared to what is listed in
https://sipfoundry.atlassian.net/wiki/display/sipXecs/LDAP+Integration
-- you can send me screenshots off-list.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list