[Freeipa-users] FreeIPA for AMM users management
Simo Sorce
simo at redhat.com
Thu Nov 1 21:09:45 UTC 2012
On Thu, 2012-11-01 at 15:55 -0400, Simo Sorce wrote:
> On Thu, 2012-11-01 at 08:27 +0400, Pavel Zhukov wrote:
> > Hi all.
> > I'd like to use FreeIPA for AMM (advanced management module) user
> > management using this instruction [1]. I enabled option "use DNS for
> > find LDAP servers" and set root DN and Binding method "w/ Login
> > Credentials" but cannot login with IPA credentials. Logs of dirsrv
> > and kerberos are empty. DNS server works correctly.
> >
> > [1] - http://publib.boulder.ibm.com/infocenter/bladectr/documentation/index.jsp?topic=/com.ibm.bladecenter.advmgtmod.doc/kp1bb_bc_mmug_configldap_ADrolebasedauthen.html
>
> I am not sure that bind w/ Login Credentials will work properly if they
> assume Active Directory.
> AD has a non standard authentication method that allows to not use a DN
> to identify a user. We do not support that authentication method.
>
> However you should at least see the bind attempt and an error message in
> the dirsrv access log.
>
> If you do not see that then something else is broken before a bind is
> even attempted, perhaps DNS discovery ?
Ah btw, have you enabled SSL ?
FreeIPA enforces that simple binds be done on an encrypted channel.If
you try to bind with plain text credentials on an unencrypted channel
FreeIPA simply returns an error.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list