Hi, can't get an application to work with FreeIPA (4.10.2). Created a bind users as per manual (https://www.freeipa.org/page/HowTo/LDAP) but keep getting invalid creds.
Created the user as below:
----- [root@idm01 log]# ldapmodify -x -D 'cn=Directory Manager' -W Enter LDAP Password: dn: uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local changetype: add objectclass: account objectclass: simplesecurityobject uid: bndldapansibleforms userPassword: S3cr3t! passwordExpirationTime: 20380119031407Z nsIdleTimeout: 0
adding new entry "uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local" -----
In the app I have:
----- Server: idm01.linux.bogus.local Port: 389 Search base: dc=linux,dc=bogus,dc=local Bind User distinguished name: bndldapansibleforms Bind User Password: S3cr3t! Username Attribute: sAMAccountName Groups Attribute: memberOf -----
Also tried with a normal user, but that prints the same invalid credentials error. How do I do this correctly?
Cheers, slekkus.
On 13/02/2024 16.02, slek kus via FreeIPA-users wrote:
Hi, can't get an application to work with FreeIPA (4.10.2). Created a bind users as per manual (https://www.freeipa.org/page/HowTo/LDAP) but keep getting invalid creds.
Created the user as below:
[root@idm01 log]# ldapmodify -x -D 'cn=Directory Manager' -W Enter LDAP Password: dn: uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local changetype: add objectclass: account objectclass: simplesecurityobject uid: bndldapansibleforms userPassword: S3cr3t! passwordExpirationTime: 20380119031407Z nsIdleTimeout: 0
adding new entry "uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local"
In the app I have:
Server: idm01.linux.bogus.local Port: 389 Search base: dc=linux,dc=bogus,dc=local Bind User distinguished name: bndldapansibleforms Bind User Password: S3cr3t! Username Attribute: sAMAccountName Groups Attribute: memberOf
Also tried with a normal user, but that prints the same invalid credentials error. How do I do this correctly?
"Bind User distinguished name" must be a distinguished name (DN), not just the user name uid value. Use "uid=bndldapansibleforms,cn=sysaccounts,cn=etc,dc=linux,dc=bogus,dc=local" as bind user name.
freeipa-users@lists.fedorahosted.org
-
Christian Heimes -
slek kus