[Pki-users] LDAP Authentication
Christina Fu
cfu at redhat.com
Tue Dec 16 17:20:55 UTC 2008
One of the panels during post-installation configuration for TPS asks
you to set up your authentication ldap system. I usually just point it
to an existing ldap system I have. The end result of the panel, when I
take the defaults, is usually like the following in my CS.cfg file (I'm
only listing the ones matters most to me):
...
auth.instance.0.authId=ldap1
auth.instance.0.baseDN=dc=sjc,dc=redhat,dc=com
auth.instance.0.hostport=localhost:389
...
op.enroll.userKey.auth.id=ldap1
I then need to add an user to the specified ldap system. I use the
following ldap modify file, ldapModAddUser.txt:
dn: uid=cfu,ou=People,dc=sjc,dc=redhat,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
uid: cfu
cn: Christina Fu
sn: Fu
givenName: Christina
userPassword: xxxusrpwdxxx
then I run ldapmodify:
ldapmodify -h localhost -p 389 -D "cn=Directory Manager" -w xxxDMpwdxxx
-x -f ldapModAddUser.txt
then I'm ready to use uid "cfu" and password "xxxusrpwdxxx" to enroll.
Christina
Zach Casper wrote:
>
> We have followed all steps to install/run Fedora Dogtag/FDS using
> default settings.
>
> We have also added users/certificates from within the CA/RA subsystems.
>
> We are now to the point we need to format and enroll some smart cards,
> however, the LDAP Authentication dialog appears and no combination of
> LDAP User ID/Password work.
>
> We’ve tried cn=Directory Manager, Admin, pkiuser…all without luck.
>
> I know we must have users already in FDS but this documentation seems
> not to exist.
>
> How do we either add users in FDS so that we can continue to format
> and enroll smart cards? Are we missing something?
>
> --
>
> Zach Casper
>
> Envieta LLC
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
More information about the Pki-users
mailing list