[Freeipa-users] ldaps Java script issues with RH IdM - odd that I cannot make it connect...
Rob Crittenden
rcritten at redhat.com
Fri Aug 12 19:39:02 UTC 2016
Michael Sean Conley wrote:
> So, having some fun today, trying to get a javascript in a docker
> container to speak to FreeIPA via LDAPS.
> I made sure that the key was inserted into the store,
> (aba-idam:/etc/ipa/ca.crt), and ensured that an ldap user was created
> for ldap binding (coincidentally I used "binding").
> I also added a user in ipa called ddfusr, and set its password, and
> logged in via kinit to ensure that we could check it. it is available,
> and is able to log in and getent its information, not to mention I can
> see it has Kerberos info and all that jazz.
You need the full DN for the user binding, not just cn=binding.
You can confirm the bind on the cli using ldapsearch :
ldapsearch -Z -H ldap://ipa.example.com -D
'uid=admin,cn=users,cn=accounts,dc=example,dc=com' -W -b
'cn=users,cn=accounts,dc=example,dc=com' '(uid=admin)' cn
> So, based on the ldif, we entered the data we expect to be able to log
> in with into the java script. And so we get back an error=32.
>
> What am I missing here?
>
> Information included here:
>
> LDASEARCH RESPONSE binding
> # ldapsearch -x uid=binding
> # extended LDIF
> #
> # LDAPv3
> # base <dc=aba,dc=house,dc=com> (default) with scope subtree
> # filter: uid=binding
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
Filter returned no matches. Is it uid=binding or cn=binding?
rob
More information about the Freeipa-users
mailing list