you will see that "ldaplist -l passwd {username}" will not show the
password field..
the proxyagent user needs read access to all userPassword fields.. this
can be done with the controlpanel of FDS..
So, looks like it worked but I can't authenticate any users. id
testdba
produces traffic
on the FDS server, so it's definitely trying to query it but can't resolve
anything.
Also, I have two profiles:
# default, profile,
foo.com
dn: cn=default,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 149.85.70.17
credentialLevel: proxy
cn: default
defaultSearchScope: one
# tls_profile, profile,
foo.com
dn: cn=tls_profile,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: tls:simple
followReferrals: FALSE
bindTimeLimit: 10
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList:
cnyitlin02.composers.foo.com
credentialLevel: proxy
cn: tls_profile
serviceSearchDescriptor: passwd: ou=People,dc=foo,dc=com
serviceSearchDescriptor: group: ou=group,dc=foo,dc=com
serviceSearchDescriptor: shadow: ou=People,dc=foo,dc=com
defaultSearchScope: one
My default profile doesn't have those 3 searchDescriptors. Or we are not
using profiles
anymore? Just curious...
Do you still think I need to change my defaultSearchDN? Also, must those
ACLs be added
still? Because it looks like you're doing a manual config, right?
Thank you for your help, Gary.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users