<html><body> So, having some fun today, trying to get a javascript in a docker container to speak to FreeIPA via LDAPS. I made sure that the key was inserted into the store, (aba-idam:/etc/ipa/ca.crt), and ensured that an ldap user was created for ldap binding (coincidentally I used "binding"). I also added a user in ipa called ddfusr, and set its password, and logged in via kinit to ensure that we could check it. it is available, and is able to log in and getent its information, not to mention I can see it has Kerberos info and all that jazz. So, based on the ldif, we entered the data we expect to be able to log in with into the java script. And so we get back an error=32. What am I missing here? Information included here: LDASEARCH RESPONSE binding # ldapsearch -x uid=binding # extended LDIF # # LDAPv3 # base <dc=aba,dc=house,dc=com> (default) with scope subtree # filter: uid=binding # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 LDAPSEARCH RESPONSE ddfusr # ldapsearch -x uid=ddfusr # extended LDIF # # LDAPv3 # base <dc=aba,dc=house,dc=com> (default) with scope subtree # filter: uid=ddfusr # requesting: ALL # # ddfusr, users, compat, aba.house.com dn: uid=ddfusr,cn=users,cn=compat,dc=aba,dc=house,dc=com cn: ddf user objectClass: posixAccount objectClass: top gidNumber: 1043600007 gecos: ddf user uidNumber: 1043600007 loginShell: /bin/sh homeDirectory: /home/ddfusr uid: ddfusr # ddfusr, users, accounts, aba.house.com dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=house,dc=com displayName: ddf user uid: ddfusr objectClass: ipaobject objectClass: person objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: organizationalperson objectClass: krbticketpolicyaux objectClass: krbprincipalaux objectClass: inetuser objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry objectClass: ipauserauthtypeclass loginShell: /bin/sh initials: du gecos: ddf user sn: user homeDirectory: /home/ddfusr givenName: ddf cn: ddf user uidNumber: 1043600007 gidNumber: 1043600007 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 KLIST RESPONSE # klist Ticket cache: KEYRING:persistent:0:krb_ccache_wtB5z4N Default principal: ddfusr@ABA.HOUSE.COM Valid starting Expires Service principal 08/12/2016 11:56:17 08/13/2016 11:56:14 krbtgt/ABA.HOUSE.COM@ABA.HOUSE.COM GETENT RESPONSE # getent passwd ddfusr ddfusr:*:1043600007:1043600007:ddf user:/home/ddfusr:/bin/sh LDAP-MODULE.XML <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=cn=binding connection.password=password! connection.url=ldaps://aba-idam.aba.house.com:636 user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com user.filter=(uid=%u) user.search.subtree=true role.base.dn=cn=JBoss,dc=aba,dc=house,dc=com role.name.attribute=cn role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com) role.search.subtree=true role.mapping=admin=group,admin,manager,viewer,webconsole authentication=simple ssl.protocol=SSL ssl.truststore=truststore ssl.algorithm=PKIX </jaas:module> </jaas:config> <jaas:keystore name="truststore" path="<a href="file:$">file:$</a>{javax.net.ssl.trustStore}" keystorePassword="${javax.net.ssl.trustStorePassword}" /> JAVA LOG FILE: 2016-08-12 11:10:27,174 | WARN | d]-nio2-thread-5 | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.4 | Can't connect to the LDAP server: [LDAP: error code 32 - No Such Object] javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:295)[:1.8.0_65] at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)[:1.8.0_65] at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)[:1.8.0_65] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)[:1.8.0_65] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)[:1.8.0_65] at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)[:1.8.0_65] at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)[:1.8.0_65] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)[:1.8.0_65] at javax.naming.InitialContext.init(InitialContext.java:244)[:1.8.0_65] at javax.naming.InitialContext.<init>(InitialContext.java:216)[:1.8.0_65] at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)[:1.8.0_65] at org.apache.karaf.jaas.modules.ldap.LDAPCache.open(LDAPCache.java:113)[116:org.apache.karaf.jaas.modules:4.0.4] at org.apache.karaf.jaas.modules.ldap.LDAPCache.doGetUserDnAndNamespace(LDAPCache.java:147)[116:org.apache.karaf.jaas.modules:4.0.4] at org.apache.karaf.jaas.modules.ldap.LDAPCache.getUserDnAndNamespace(LDAPCache.java:138)[116:org.apache.karaf.jaas.modules:4.0.4] at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:110)[116:org.apache.karaf.jaas.modules:4.0.4] at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:54)[116:org.apache.karaf.jaas.modules:4.0.4] at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[org.apache.karaf.jaas.boot-4.0.4.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_65] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_65] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_65] at java.lang.reflect.Method.invoke(Method.java:497)[:1.8.0_65] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)[:1.8.0_65] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)[:1.8.0_65] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)[:1.8.0_65] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)[:1.8.0_65] at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_65] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.8.0_65] at javax.security.auth.login.LoginContext.login(LoginContext.java:587)[:1.8.0_65] at org.apache.karaf.shell.ssh.KarafJaasAuthenticator.authenticate(KarafJaasAuthenticator.java:78) at org.apache.sshd.server.auth.UserAuthKeyboardInteractive.checkPassword(UserAuthKeyboardInteractive.java:75)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.server.auth.UserAuthKeyboardInteractive.doAuth(UserAuthKeyboardInteractive.java:68)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.server.auth.AbstractUserAuth.next(AbstractUserAuth.java:53)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.server.session.ServerUserAuthService.process(ServerUserAuthService.java:159)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:431)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)[1:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_65] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[1:org.apache.sshd.core:0.14.0] at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_65] at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.8.0_65] at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.8.0_65] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_65] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_65] at java.lang.Thread.run(Thread.java:745)[:1.8.0_65] RH IDM ACCESS LOG FILE [12/Aug/2016:11:05:34 -0500] conn=850 fd=112 slot=112 SSL connection from 172.17.4.64 to 172.17.4.20 [12/Aug/2016:11:05:34 -0500] conn=850 TLS1.2 256-bit AES-GCM [12/Aug/2016:11:05:34 -0500] conn=850 op=0 BIND dn="cn=binding" method=128 version=3 [12/Aug/2016:11:05:34 -0500] conn=850 op=0 RESULT err=32 tag=97 nentries=0 etime=0 [12/Aug/2016:11:05:34 -0500] conn=850 op=-1 fd=112 closed - B1 Michael Sean Conley</body></html>