On Wed, Nov 07, 2018 at 01:05:24PM -0500, Rob Crittenden via FreeIPA-users wrote:
Peter Oliver via FreeIPA-users wrote:
> [02/Nov/2018:14:54:37][ajp-bio-127.0.0.1-8009-exec-15]: CertUserDBAuthentication:
cannot map certificate to any userUser not found
> [02/Nov/2018:14:54:37][ajp-bio-127.0.0.1-8009-exec-15]: SignedAuditLogger: event
AUTH
>
> Any suggestions? Has something gone wrong with the setup?
>
I'm not sure, cc'ing a dogtag developer.
rob
Hi Peter,
Please check the LDAP entry 'uid=pkidbuser,ou=people,o=ipaca'.
Do the 'userCertificate', 'description' and 'seeAlso' attributes
match the IPA RA certificate (/var/lib/ipa/ra-agent.pem)?
If not, update the entry to match the certificate.
Note that the second field of the 'description' attribute is the
serial number (decimal), and the first field is always '2'.
Cheers,
Fraser