I assume that this iteration was with the correct credentials as it responds with something other then "Invalid Credentials"
ldapsearch -xLLL -H ldap://dbduvdu145.dbr.roche.com -D "cn=directory manager" -W uid=asteinfeld \* krbPwdLockoutDuration ? Enter LDAP Password: No such object (32) Working account returns same thing... ldapsearch -xLLL -H ldap://dbduvdu145.dbr.roche.com -D "cn=directory manager" -W uid=jmacklin \* krbPwdLockoutDuration ? Enter LDAP Password: No such object (32) -----Original Message----- From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Wednesday, October 17, 2012 1:37 PM To: Macklin, Jason {DASB~Branford} Cc: rmegg...@redhat.com; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Sudo works for full access, but not on a per command or host level. Macklin, Jason wrote: > ldapsearch -xLLL -H ldap://dbduvdu145.dbr.roche.com -D "cn=directory manager" > -W uid=asteinfeld \* krbPwdLockoutDuration ? > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > I know this user password because I reset it for the purpose of > troubleshooting this issue with that account. I also get the same response > when I use the admin account of my own account. You use the password of the user you are binding as, in this case the directory manager. rob > > -----Original Message----- > From: Rich Megginson [mailto:rmegg...@redhat.com] > Sent: Wednesday, October 17, 2012 1:15 PM > To: Macklin, Jason {DASB~Branford} > Cc: s...@redhat.com; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Sudo works for full access, but not on a per > command or host level. > > On 10/17/2012 11:13 AM, Macklin, Jason wrote: >> None of my users have an LDAP password being requested by running that >> command (except the admin user). >> >> Does each user account require an ldap account to go along with their login >> account? I just get the following over and over no matter which account I >> switch in the command... >> >> [jmacklin@dbduwdu062 Desktop]$ ldapsearch -xLLL -D "cn=directory manager" -W >> uid=admin \* krbPwdLockoutDuration ? >> Enter LDAP Password: >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) >> [jmacklin@dbduwdu062 Desktop]$ ldapsearch -xLLL -D "cn=directory manager" -W >> uid=asteinfeld \* krbPwdLockoutDuration ? >> Enter LDAP Password: >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) >> [jmacklin@dbduwdu062 Desktop]$ ldapsearch -xLLL -D "cn=directory manager" -W >> uid=jmacklin \* krbPwdLockoutDuration ? >> Enter LDAP Password: >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > You have to specify which server to talk to using the -H ldap://fqdn.of.host > option. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
