[Freeipa-users] Re: mod_authz_ldap authentication against ipa
Ivan Levchenko
levchenko.i at gmail.com
Tue Oct 21 21:27:44 UTC 2008
On Wed, Oct 22, 2008 at 12:13 AM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> If it isn't returning anything then it means that the attribute doesn't
> exist which explains why LDAP authentication isn't working.
err.. sorry for misinforming you.. i had a typo in the command, thats
why it didn't return anything.
With the correct command, it returns some sort of hash.
>
> What I don't understand is how this can be. From my reading of the password
> change plugin it should always set the userPassword attribute.
>
> You might try:
>
> % kinit admin at YOUR_REALM
> % ldappasswd -S -Y GSSAPI dn_of_user
Now it works! I reset my password with this, and the ldap search now
authenticates and so does apache. so it looks like kerberos and ldap
are out of sync... any more troubleshooting i can do to help identify
the issue? (i promise to doublecheck before pressing enter!)
>
> And see if that adds the userPassword attribute to the entry.
>
> rob
>
Thanks!
More information about the Freeipa-users
mailing list