[Freeipa-users] creating an LDAP bind user
Chris Herdt
cherdt at umn.edu
Wed Apr 26 21:37:20 UTC 2017
Thanks Jason, that was exactly the issue! It's working now.
On Wed, Apr 26, 2017 at 4:11 PM, Jason B. Nance <jason at tresgeek.net> wrote:
> Hi Chris,
>
>> # remoteu, sysaccounts, etc, example.com
>> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com
>> objectClass: account
>> objectClass: simplesecurityobject
>> objectClass: top
>> uid: remoteu
>> userPassword:: [hash value]
>>
>> This new user is unable to run LDAP searches though:
>> ldapsearch -D 'cn=remoteu' -W -H ldap://ipa01.example.com -x uid=remoteu
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
>
> Your DN (-D) is incorrect in your ldapsearch call. It needs to match the part after the "dn:" string you provided in your query of the user above (uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com).
>
> In some cases you can shorten the DN but only if your suffix/basedn is set correctly for the client making the call.
>
> Regards,
>
> j
--
Chris Herdt
UIS Systems Administrator
cherdt at umn.edu
612-301-2232 (office)
734-754-3585 (mobile)
More information about the Freeipa-users
mailing list