[Freeipa-users] LDAP only seems to allow anonymous access
Harry Kashouli
kashmancy at gmail.com
Mon Aug 29 09:05:17 UTC 2016
Sorry, I missed adding the mailing list, added now.
Ah, I'll bear that in mind about authentication prior to 4.4. I have 4.3.1
on Fedora 24 right now. I'm using anonymous authentication for now, for my
various situations such as Jira/etc, and it seems to work, and I'll try
again in 4.4 with various GUI apps.
Thanks again for all the help!
-Harry
On 29 August 2016 at 01:59, Alexander Bokovoy <abokovoy at redhat.com> wrote:
> Again, don't answer to me directly, use freeipa-users@ mailing list.
>
> On Mon, 29 Aug 2016, Harry Kashouli wrote:
>
>> Fixed it, and now it looks like I actually get a successful result, and it
>> gives me info on the account. Thanks, I should've guessed that I needed to
>> replace $REALM.
>>
>> Now, even though this works, if I try to connect via a GUI such as LDAP
>> Admin, I can only connect to the database if I use "Simple
>> Authentication",
>> and anonymous. If I switch it to GSS-API and add the admin user, I get an
>> error as follows:
>> "LDAP error! Invalid credentials: SASL(-13): authentication failure:
>> GSSAPI Failure: gss_accept_sec_context"
>>
>> I've tried using the following two options as base, but still no sucess:
>> - dc=outland,dc=zsazouli,dc=com
>> - cn=users,cn=accounts,dc=outland,dc=zsazouli,dc=com
>>
> I don't think it is related to the choice of the base here. You need to
> look into details of your GUI application. 'LDAP Admin' app is running
> on Windows and I don't think it is going to use IPA's credentials -- it
> is rather using Active Directory user's ones. However, we do not support
> GSSAPI authentication as an AD user to LDAP in versions before FreeIPA 4.4.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/5a8e8c29/attachment.htm>
More information about the Freeipa-users
mailing list