Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- assumption:
- /etc/openldap/ldap.conf is correct:
- SASL_NOCANON on
- URI ldaps://ipa.foo.local
- BASE dc=foo,dc=local
- TLS_CACERT /etc/ipa/ca.crt
- check LDAP:
- ldapsearch -x -D 'cn=Directory Manager' -w password "(objectClass=*)"
- create new bindDN:
- create a script:
- #!/bin/bash
- # run on the FreeIPA server
- user="${1}"
- cat <<EOF >ldap-binddn.update
- dn: uid=${user},cn=sysaccounts,cn=etc,dc=foo,dc=local
- add:objectclass:account
- add:objectclass:simplesecurityobject
- add:uid:${user}
- add:userPassword:changeme
- add:passwordExpirationTime:20380119031407Z
- add:nsIdleTimeout:0
- EOF
- cat ldap-binddn.update
- ipa-ldap-updater ldap-binddn.update
- test:
- ldapsearch -v -x -D 'uid=tomcat,cn=sysaccounts,cn=etc,dc=foo,dc=local' -w changeme "(objectClass=*)"
Add Comment
Please, Sign In to add comment