[Pki-users] setting up Directory-based authentication

[Sérgio Pereira]

Hi there,

 

I’m having a hard time setting up the directory-based authentication for
dogtag 10.3.3-1. I did follow the instructions as
http://pki.fedoraproject.org/wiki/Directory-Authenticated_Profiles and I get
an error when trying to bind/authenticate against directory service
(Microsoft AD2008) as follows:

 

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: DirBasedAuthentication:
authenticate: before authenticate() call

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: Authenticating UID=john.luk

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: UidPwdDirAuthentication:
Authenticating: Searching for uid=john.luk base DN=OU=IT,dc=domain,dc=com

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: Authenticating: User
authentication failure: netscape.ldap.LDAPException: error result (1);
000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this
operation a successful bind must be completed on the connection., data 0,
v1772

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: Authenticating: closing bad
connection

 

The directives (bellow) are used to bind the AD2008 and I already tested the
account and it is working.

auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=cn=Service
Account,ou=IT,dc=domain,dc=com 

auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=password

 

John Luk is applying for the certificate using the web enrollment process
(caDirUserCert profile). 

 

What am I missing?

 

Thx,

sergio

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20160726/c85aa1b3/attachment.htm>