you will see that "ldaplist -l passwd {username}" will not show the
password field..
the proxyagent user needs read access to all userPassword fields.. this
can be done with the controlpanel of FDS..
> So, looks like it worked but I can't authenticate any users. id testdba
> produces traffic
> on the FDS server, so it's definitely trying to query it but can't resolve
> anything.
>
> Also, I have two profiles:
>
> # default, profile, foo.com
> dn: cn=default,ou=profile,dc=foo,dc=com
> defaultSearchBase: dc=foo,dc=com
> authenticationMethod: simple
> followReferrals: TRUE
> bindTimeLimit: 2
> profileTTL: 43200
> searchTimeLimit: 30
> objectClass: top
> objectClass: DUAConfigProfile
> defaultServerList: 149.85.70.17
> credentialLevel: proxy
> cn: default
> defaultSearchScope: one
>
> # tls_profile, profile, foo.com
> dn: cn=tls_profile,ou=profile,dc=foo,dc=com
> defaultSearchBase: dc=foo,dc=com
> authenticationMethod: tls:simple
> followReferrals: FALSE
> bindTimeLimit: 10
> profileTTL: 43200
> searchTimeLimit: 30
> objectClass: top
> objectClass: DUAConfigProfile
> defaultServerList: cnyitlin02.composers.foo.com
> credentialLevel: proxy
> cn: tls_profile
> serviceSearchDescriptor: passwd: ou=People,dc=foo,dc=com
> serviceSearchDescriptor: group: ou=group,dc=foo,dc=com
> serviceSearchDescriptor: shadow: ou=People,dc=foo,dc=com
> defaultSearchScope: one
>
> My default profile doesn't have those 3 searchDescriptors. Or we are not
> using profiles
> anymore? Just curious...
>
> Do you still think I need to change my defaultSearchDN? Also, must those
> ACLs be added
> still? Because it looks like you're doing a manual config, right?
>
> Thank you for your help, Gary.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
