On Fri, 24 Feb 2012, Yair Zaslavsky wrote:
Nathan, first of all, please try to run the query I suggested for you - change the filter to (&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan@BBLINKMIND.NET)) (I understand you try to query IPA with an external tool - please first try to use this filter and see if it works. In my humble opinion, I don't think that you need to change the code, we need to understand why IPA provider is not "detected".
Sorry, new to LDAP, took me a while to figure out how to do the query with ldapsearch. [root@ipa-master ~]# ldapsearch -x -b "dc=blinkmind,dc=net" "(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan@BLINKMIND.NET))" -h localhost # extended LDIF # # LDAPv3 # base <dc=blinkmind,dc=net> with scope subtree # filter: (&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan@BLINKMIND.NET)) # requesting: ALL # # nathan, users, accounts, blinkmind.net dn: uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net displayName: Nathan Stratton cn: Nathan Stratton objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: mepOriginEntry loginShell: /bin/sh sn: Stratton gecos: Nathan Stratton homeDirectory: /home/nathan krbPwdPolicyReference: cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkm ind,dc=net krbPrincipalName: nathan@BLINKMIND.NET givenName: Nathan uid: nathan initials: NS uidNumber: 333400004 gidNumber: 333400004 ipaUniqueID: cfcf627e-5e5c-11e1-8e68-001a4a0d0004 mepManagedEntry: cn=nathan,cn=groups,cn=accounts,dc=blinkmind,dc=net krbLastPwdChange: 20120223202917Z krbPasswordExpiration: 20220220202917Z krbLoginFailedCount: 0 krbExtraData:: AAgBAA== krbExtraData:: AAKdoUZPbmF0aGFuQEJMSU5LTUlORC5ORVQA krbLastFailedAuth: 20120223202750Z krbLastSuccessfulAuth: 20120224191502Z # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
<> Nathan Stratton CTO, BlinkMind, Inc. nathan at robotics.net nathan at blinkmind.com http://www.robotics.net http://www.blinkmind.com