[Pki-users] LDAP Authentication

[Christina Fu]

One of the panels during post-installation configuration for TPS asks 
you to set up your authentication ldap system. I usually just point it 
to an existing ldap system I have. The end result of the panel, when I 
take the defaults, is usually like the following in my CS.cfg file (I'm 
only listing the ones matters most to me):
...
auth.instance.0.authId=ldap1
auth.instance.0.baseDN=dc=sjc,dc=redhat,dc=com
auth.instance.0.hostport=localhost:389
...
op.enroll.userKey.auth.id=ldap1

I then need to add an user to the specified ldap system. I use the 
following ldap modify file, ldapModAddUser.txt:

dn: uid=cfu,ou=People,dc=sjc,dc=redhat,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
uid: cfu
cn: Christina Fu
sn: Fu
givenName: Christina
userPassword: xxxusrpwdxxx

then I run ldapmodify:

ldapmodify -h localhost -p 389 -D "cn=Directory Manager" -w xxxDMpwdxxx 
-x -f ldapModAddUser.txt

then I'm ready to use uid "cfu" and password "xxxusrpwdxxx" to enroll.

Christina

Zach Casper wrote:
>
> We have followed all steps to install/run Fedora Dogtag/FDS using 
> default settings.
>
> We have also added users/certificates from within the CA/RA subsystems.
>
> We are now to the point we need to format and enroll some smart cards, 
> however, the LDAP Authentication dialog appears and no combination of 
> LDAP User ID/Password work.
>
> We’ve tried cn=Directory Manager, Admin, pkiuser…all without luck.
>
> I know we must have users already in FDS but this documentation seems 
> not to exist.
>
> How do we either add users in FDS so that we can continue to format 
> and enroll smart cards? Are we missing something?
>
> --
>
> Zach Casper
>
> Envieta LLC
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>