Hi Chris, > # remoteu, sysaccounts, etc, example.com > dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com > objectClass: account > objectClass: simplesecurityobject > objectClass: top > uid: remoteu > userPassword:: [hash value] > > This new user is unable to run LDAP searches though: > ldapsearch -D 'cn=remoteu' -W -H ldap://ipa01.example.com -x uid=remoteu > Enter LDAP Password: > ldap_bind: Invalid credentials (49)
Your DN (-D) is incorrect in your ldapsearch call. It needs to match the part after the "dn:" string you provided in your query of the user above (uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com). In some cases you can shorten the DN but only if your suffix/basedn is set correctly for the client making the call. Regards, j -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
