[Freeipa-users] creating an LDAP bind user
Jason B. Nance
jason at tresgeek.net
Wed Apr 26 21:11:03 UTC 2017
Hi Chris,
> # remoteu, sysaccounts, etc, example.com
> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
> objectClass: account
> objectClass: simplesecurityobject
> objectClass: top
> uid: remoteu
> userPassword:: [hash value]
>
> This new user is unable to run LDAP searches though:
> ldapsearch -D 'cn=remoteu' -W -H ldap://ipa01.example.com -x uid=remoteu
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
Your DN (-D) is incorrect in your ldapsearch call. It needs to match the part after the "dn:" string you provided in your query of the user above (uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com).
In some cases you can shorten the DN but only if your suffix/basedn is set correctly for the client making the call.
Regards,
j
More information about the Freeipa-users
mailing list