On ti, 04 elo 2020, White, David via FreeIPA-users wrote:
We have a IPA environment that has an existing trust with Active Directory.
I'm trying to troubleshoot some things, and am trying to run a `ldapsearch`
against our IPA environment.
It keeps asking for an LDAP Bind password.
1. I know the Directory Admin password
2. I know the local 'admin' password to get into the UI as the "admin" userÂ
3. I know my own Active Directory password.
None of these passwords are working.
[root@cha-cop-lab-mgt-ath-001 whitedm]# ldapsearch -ZZ -H
ldap://ipa-hostname-001.lab.example.net -b
'cn=compat,dc=fiberlab,dc=example,dc=net' -D 'cn=whitedm' -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I recall setting up the LDAP password on the initial install of the IPA
software when these servers were first launched.
How can I reset this LDAP password?
What are you trying to achieve here? You are using compat tree which is
a read-only dynamic view on some content provided elsewhere.
You are using your own account RDN but ldapsearch wants your DN for
bind, not RDN. Your DN depends on what you want to authenticate with --
if this is your AD user, then you need to use a compat tree DN for
[email protected],cn=users,cn=compat,dc=....
if this is your IPA user, then you need to use your IPA user DN, e.g.
uid=admin,cn=users,cn=accounts,dc=...
if this is Directory Manager, then DN is 'cn=Directory Manager'. It
looks like RDN but that's a virtual object which don't exist anywhere
and is treated by 389-ds in a special way.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
