<html><body>
<p><font size="2" face="sans-serif">so if I am reading you correctly....</font><br>
<tt><font size="2">connection.username=cn=ddfusr</font></tt><br>
<font size="2" face="sans-serif">should be </font><tt><font size="2">connection.username=uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com?</font></tt><br>
<br>
<br>
<font size="2" face="sans-serif"><br>
</font><br>
<font size="2" face="Trebuchet MS"><b>Michael Sean Conley</b></font><br>
<br>
<img width="16" height="16" src="cid:1__=09BB0A9EDFEEF80F8f9e8a93df9@raytheon.com" border="0" alt="Inactive hide details for Rob Crittenden ---08/12/2016 04:13:27 PM---Michael Sean Conley wrote: > UID binding - I believe - fro"><font size="2" color="#424282" face="sans-serif">Rob Crittenden ---08/12/2016 04:13:27 PM---Michael Sean Conley wrote: > UID binding - I believe - from what I saw in the script.</font><br>
<br>
<font size="1" color="#5F5F5F" face="sans-serif">From: </font><font size="1" face="sans-serif">Rob Crittenden <rcritten@redhat.com></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">To: </font><font size="1" face="sans-serif">Michael Sean Conley <Michael.Sean.Conley@raytheon.com>, freeipa-users@redhat.com</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Date: </font><font size="1" face="sans-serif">08/12/2016 04:13 PM</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Subject: </font><font size="1" face="sans-serif">Re: [Freeipa-users] ldaps Java script issues with RH IdM - odd that I cannot make it connect...</font><br>
<hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br>
<br>
<br>
<tt><font size="2">Michael Sean Conley wrote:<br>
> UID binding - I believe - from what I saw in the script.<br>
><br>
><br>
> I ran the nifty search... First on user "binding"...<br>
><br>
> Got an error 32.<br>
><br>
> tried it with ddfusr<br>
><br>
> # ldapsearch -Z -H ldap://aba-idam.aba.home.com -D<br>
> 'uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b<br>
> 'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddfusr)' cn<br>
> Enter LDAP Password:<br>
> # extended LDIF<br>
> #<br>
> # LDAPv3<br>
> # base <cn=users,cn=accounts,dc=aba,dc=home,dc=com> with scope subtree<br>
> # filter: (uid=ddfusr)<br>
> # requesting: cn<br>
> #<br>
><br>
> # ddfusr, users, accounts, aba.home.com<br>
> dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com<br>
> cn: ddf user<br>
><br>
> # search result<br>
> search: 3<br>
> result: 0 Success<br>
><br>
> # numResponses: 2<br>
> # numEntries: 1<br>
><br>
><br>
> Fabulous.<br>
><br>
> So, I then checked the java xml file...<br>
><br>
> <jaas:config name="karaf" rank="1"><br>
> <jaas:module<br>
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"<br>
> flags="required"><br>
> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory<br>
> connection.username=cn=ddfusr<br>
> connection.password=iloveaba!<br>
> connection.url=ldaps://aba-idam.aba.house.com:636<br>
> user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com<br>
> user.filter=(uid=%u)<br>
> user.search.subtree=true<br>
> role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com<br>
> role.name.attribute=cn<br>
><br>
> role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)<br>
> role.search.subtree=true<br>
> role.mapping=admin=group,admin,manager,viewer,webconsole<br>
> authentication=simple<br>
> ssl.protocol=SSL<br>
> ssl.truststore=truststore<br>
> ssl.algorithm=PKIX<br>
> </jaas:module><br>
> </jaas:config><br>
><br>
> and I tried to log in with the ddfusr account and....<br>
><br>
> Error 32.<br>
<br>
You're still using the wrong user to bind. There is no cn=ddfusr. At <br>
best there is a uid=ddfusr if the user.base is automatically added <br>
(which it probably isn't).<br>
<br>
It probably needs to be <br>
uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com just like in the <br>
ldapsearch.<br>
<br>
rob<br>
<br>
</font></tt><br>
</body></html>