Simon Matthews via FreeIPA-users wrote:
I think that something else must be going on. I did a test where I
added the clear-text password:
[root@ipa1 ~]# ipa user-del simon
--------------------
Deleted user "simon"
--------------------
[root@ipa1 ~]# ipa user-add simon --first=NIS --last=USER --uid=1010 --gid=441
--gecos='Simon Matthews' --homedir=/home/simon --shell=/bin/bash --password
Password:
Enter Password again to verify:
------------------
Added user "simon"
------------------
User login: simon
First name: NIS
Last name: USER
Full name: NIS USER
Display name: NIS USER
Initials: NU
Home directory: /home/simon
GECOS: Simon Matthews
Login shell: /bin/bash
Principal name: simon(a)SJ.BPS
Principal alias: simon(a)SJ.BPS
User password expiration: 20211221005503Z
Email address: simon(a)sj.bps
UID: 1010
GID: 441
Password: True
Member of groups: ipausers
Kerberos keys available: True
Now to test that password:
[root@ipa1 ~]# ldapwhoami -Z -H ldap://ipa1.sj.bps -D
'cn=simon,cn=users,cn=accounts,dc=sj,dc=bps' -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
The database has a password:
[root@ipa1 ~]# ldapsearch -D "cn=Directory Manager" -x -W -b
uid=simon,cn=users,cn=accounts,dc=sj,dc=bps uid userPassword
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=simon,cn=users,cn=accounts,dc=sj,dc=bps> with scope subtree
# filter: (objectclass=*)
# requesting: uid userPassword
#
# simon, users, accounts, sj.bps
dn: uid=simon,cn=users,cn=accounts,dc=sj,dc=bps
uid: simon
userPassword:: e1NTSEE1MTJ9RnF3M1VpeEdmallFU1l4YVdRR2dCbFdUQnY0OExsKzNld1lJSzF
UR015ci9WMkJ6TWxaQy9WSXVxUDJYVlRuMURMOVMxeEFpcVBqTFZZRWM4Z0R5cHdpcVNRZytBalZi
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
These same steps work for me. This is the typical way to set passwords
in IPA.
rob