Hi Alexander Here is the object we are trying to change the password with: dn: uid=tes...@jisc3.ac.uk <mailto:uid=tes...@jisc3.ac.uk>,cn=users,cn=accounts,dc=jisc,dc=ac,dc=uk changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: krbPrincipalName objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry objectClass: eduPerson uid: tes...@jisc3.ac.uk <mailto:tes...@jisc3.ac.uk> givenName: NULL sn: NULL cn: wnQ6gpxNEbYDP4e0xSi42QvNLR4= displayName: displayName not set ou: Local eduPersonAffiliation: affiliate mail: tes...@jisc3.ac.uk <mailto:tes...@jisc3.ac.uk> userPassword: e1NIQX1rYjBwdk45WkpLVGpmMHdiMGJqYm5LSk10Vnk7 loginshell: /bin/sh homedirectory: /home/tes...@jisc3.ac.uk <mailto:home/tes...@jisc3.ac.uk> gidnumber: 1092000014 uidnumber: 1092000014
Is there anything you can suggest? Regards Per > On 11 May 2018, at 10:31, Alexander Bokovoy via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > On pe, 11 touko 2018, Per Qvindesland via FreeIPA-users wrote: >> Hi All >> >> We’re getting the following entries in the error logs >> >> [10/May/2018:15:37:18.628665013 +0100] - ERR - ipapwd_encrypt_encode_key - >> [file encoding.c, line 143]: no krbPrincipalName present in this entry >> [10/May/2018:15:37:18.630473873 +0100] - ERR - ipapwd_gen_hashes - [file >> encoding.c, line 234]: key encryption/encoding failed >> >> Is this related to the failed binds? is there any ways of turning on debug >> logging > You have or are trying to add an object in LDAP that is not a Kerberos > principal, yet somehow > object classes imply it should be a Kerberos principal. > You'd need to show the object or explain what are you doing. > >> >> The connection string is $ds = ldap_connect($hostport, $port); then we are >> setting some connection options: ldap_set_option($ds, >> LDAP_OPT_PROTOCOL_VERSION, 3); >> ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); Then binding using admin >> credential:$result = ldap_bind($ds, $rdn, $pass) >> >> We can connect to freeipa but we are suspecting that we might be using the >> wrong encryption {SHA} in plain text then results in err 19 which results >> in operations error. > No, this is not about connection to ldap but rather adding an LDAP > object or attempting to modify a password on existing object. > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org