Fedora directory users - Dec 2008 - LDAP Authentication

We have followed all steps to install/run Fedora Dogtag/FDS using default
settings. 

 

We have also added users/certificates from within the CA/RA subsystems. 

 

We are now to the point we need to format and enroll some smart cards,
however, the LDAP Authentication dialog appears and no combination of LDAP
User ID/Password work. 

 

We''ve tried cn=Directory Manager, Admin, pkiuser.all without luck. 

 

I know we must have users already in FDS but this documentation seems not to
exist. 

 

How do we either add users in FDS so that we can continue to format and
enroll smart cards? Are we missing something? 

--

Zach Casper

Envieta LLC

I ran into some thing like this when I also first began to configure CA
etc.  Not enough documentation
for beginners.  I had to get Wireshark and trace what network packets
are sent across from client to server
and see the LDAP credentials searched for and then I acted accordingly.
i.e when I see that the search was for uid=abc, o=TokenUser
then I setup such in the Directory Server.  Only because I had access to
both client and server.  Wireshark helped me a lot!
 

From: Julius Adewumi 
@GDC4S.com 
Ph:480-441-6768 
Contract Corp:MTSI 

 

________________________________

From: pki-users-bounces@redhat.com [mailto:pki-users-bounces@redhat.com]
On Behalf Of Zach Casper
Sent: Tuesday, December 16, 2008 9:00 AM
To: pki-users@redhat.com; ''General discussion list for the Fedora
Directory server project.''
Subject: [Pki-users] LDAP Authentication



We have followed all steps to install/run Fedora Dogtag/FDS using
default settings. 

 

We have also added users/certificates from within the CA/RA subsystems. 

 

We are now to the point we need to format and enroll some smart cards,
however, the LDAP Authentication dialog appears and no combination of
LDAP User ID/Password work. 

 

We''ve tried cn=Directory Manager, Admin, pkiuser...all without luck. 

 

I know we must have users already in FDS but this documentation seems
not to exist. 

 

How do we either add users in FDS so that we can continue to format and
enroll smart cards? Are we missing something? 

--

Zach Casper

Envieta LLC

One of the panels during post-installation configuration for TPS asks 
you to set up your authentication ldap system. I usually just point it 
to an existing ldap system I have. The end result of the panel, when I 
take the defaults, is usually like the following in my CS.cfg file (I''m
only listing the ones matters most to me):
...
auth.instance.0.authId=ldap1
auth.instance.0.baseDN=dc=sjc,dc=redhat,dc=com
auth.instance.0.hostport=localhost:389
...
op.enroll.userKey.auth.id=ldap1

I then need to add an user to the specified ldap system. I use the 
following ldap modify file, ldapModAddUser.txt:

dn: uid=cfu,ou=People,dc=sjc,dc=redhat,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
uid: cfu
cn: Christina Fu
sn: Fu
givenName: Christina
userPassword: xxxusrpwdxxx

then I run ldapmodify:

ldapmodify -h localhost -p 389 -D "cn=Directory Manager" -w
xxxDMpwdxxx
-x -f ldapModAddUser.txt

then I''m ready to use uid "cfu" and password
"xxxusrpwdxxx" to enroll.

Christina

Zach Casper wrote:
>
> We have followed all steps to install/run Fedora Dogtag/FDS using 
> default settings.
>
> We have also added users/certificates from within the CA/RA subsystems.
>
> We are now to the point we need to format and enroll some smart cards, 
> however, the LDAP Authentication dialog appears and no combination of 
> LDAP User ID/Password work.
>
> We’ve tried cn=Directory Manager, Admin, pkiuser…all without luck.
>
> I know we must have users already in FDS but this documentation seems 
> not to exist.
>
> How do we either add users in FDS so that we can continue to format 
> and enroll smart cards? Are we missing something?
>
> --
>
> Zach Casper
>
> Envieta LLC
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>