On Mon, 26 Oct 2015, John Duino wrote:
I am trying to hook our VoIP solution (sipxecs-based openUC) to our
FreeIPA. But it appears that it wants to read-in the userPassword
rather than just auth against the ldap. I know Directory Manager is
the only account that has the ability to read userPassword, but is
there a way to grant that to a System Account
(uid=voip,cn=sysaccounts,cn=etc,dc=oblong,dc=com)? Or perhaps some
other path/process I'm overlooking short of using the Directory Manager
account?
sipxecs internally uses LDAP bind authentication, it does not need
access to userPassword.
See, for example, the actual code that does it via Spring framework's
LDAP Bind Authentication provider:
https://github.com/SIPfoundry/sipxecs/blob/master/sipXconfig/neoconf/src/org/sipfoundry/sipxconfig/security/ConfigurableLdapAuthenticationProvider.java#L167
I wonder what is your configuration compared to what is listed in
https://sipfoundry.atlassian.net/wiki/display/sipXecs/LDAP+Integration
-- you can send me screenshots off-list.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
