Reputation: 82
FREEIPA server. I cant auth with ldapsearch for users search in catalog
To authorize a user in the Microsoft AD catalog, the domain\login is specified for searching the catalog. Sample request to Microsoft AD - ldapsearch -h 172.16.100.3 -p 389 -W -D "mydomain\usersync" -b "cn=users,dc=mydomain,dc=ru" -s sub "(objectClass=person)" -x but this is no longer suitable for freeipa. It is also possible to log in
Upvotes: 0
Views: 1834
Answers (1)
Reputation: 882
FreeIPA is not an Active Directory and has no real requirement to be compatible with it on LDAP server level.
Use full DN when binding to LDAP. Active Directory allows to specify username as a bind DN but this is AD extension which is not supported by most of other LDAP servers.
So instead of 'mydomain\usersync' use a specific uid=usersync,cn=users,cn=accounts,dc=mydomain,dc=ru.
Also, FreeIPA LDAP DIT has a specific tree layout. You may use 'ipa env|grep container_' to see all container DNs relative to the base DN. E.g. for users it would be 'cn=users,cn=accounts', so full DN for the users' tree would be 'cn=users,cn=accounts,dc=mydomain,dc=ru'.
Upvotes: 0
Related Questions
- ldapsearch: Invalid credentials
- ldapsearch with username and password
- FreeIPA to Active Directory trust not working:Access denied error
- Test group membership on FreeIPA server
- ldapsearch doesn't return results when using userPrincipleName as filter?
- Unable to Authenticate a User with an LDAP Server using LDAP User Search Query with Spring Security
- SonarQube 5.6 LDAP (FreeIPA) authenticated users have no groups
- authentication failed using ldapsearch
- FreeIPA can't see LDAP custom attributes
- ldap authentication issue with the right credentials