[Users] LDAP

Yair Zaslavsky yzaslavs at redhat.com
Fri Feb 24 19:46:49 UTC 2012 

On 02/24/2012 09:17 PM, Nathan Stratton wrote:
> On Fri, 24 Feb 2012, Yair Zaslavsky wrote:
> 
>> Nathan, first of all, please try to run the query I suggested for you -
>> change the filter to
>> (&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan at BBLINKMIND.NET))
>> (I understand you try to query IPA with an external tool - please first
>> try to use this filter and see if it works.
>> In my humble opinion, I don't think that you need to change the code, we
>> need to understand why IPA provider is not "detected".
> 
> Sorry, new to LDAP, took me a while to figure out how to do the query
> with ldapsearch.
> 
> [root at ipa-master ~]# ldapsearch -x -b "dc=blinkmind,dc=net"
> "(&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan at BLINKMIND.NET))" -h
> localhost
> # extended LDIF
> #
> # LDAPv3
> # base <dc=blinkmind,dc=net> with scope subtree
> # filter:
> (&(objectClass=krbPrincipalAux)(krbPrincipalName=nathan at BLINKMIND.NET))
> # requesting: ALL
> #
> 
> # nathan, users, accounts, blinkmind.net
> dn: uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net
> displayName: Nathan Stratton
> cn: Nathan Stratton
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: inetorgperson
> objectClass: inetuser
> objectClass: posixaccount
> objectClass: krbprincipalaux
> objectClass: krbticketpolicyaux
> objectClass: ipaobject
> objectClass: mepOriginEntry
> loginShell: /bin/sh
> sn: Stratton
> gecos: Nathan Stratton
> homeDirectory: /home/nathan
> krbPwdPolicyReference:
> cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkm
>  ind,dc=net
> krbPrincipalName: nathan at BLINKMIND.NET
> givenName: Nathan
> uid: nathan
> initials: NS
> uidNumber: 333400004
> gidNumber: 333400004
> ipaUniqueID: cfcf627e-5e5c-11e1-8e68-001a4a0d0004
> mepManagedEntry: cn=nathan,cn=groups,cn=accounts,dc=blinkmind,dc=net
> krbLastPwdChange: 20120223202917Z
> krbPasswordExpiration: 20220220202917Z
> krbLoginFailedCount: 0
> krbExtraData:: AAgBAA==
> krbExtraData:: AAKdoUZPbmF0aGFuQEJMSU5LTUlORC5ORVQA
> krbLastFailedAuth: 20120223202750Z
> krbLastSuccessfulAuth: 20120224191502Z
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1

Hi Nathan, that's awesome - looks like you got a result, so first of all
- we know the query syntax is working:)
Now, I would like to to run some queries on your psql db, so I will
check your configuration

select * from vdc_options where option_name ilike '%AdUser%';

select * from vdc_options where option_name = 'DomainName';




> 
> 
> 
>> <>
> Nathan Stratton                                CTO, BlinkMind, Inc.
> nathan at robotics.net                         nathan at blinkmind.com
> http://www.robotics.net                        http://www.blinkmind.com

More information about the Users mailing list