Hi there,

I’m having a hard time setting up the directory-based authentication for dogtag 10.3.3-1. I did follow the instructions as http://pki.fedoraproject.org/wiki/Directory-Authenticated_Profiles and I get an error when trying to bind/authenticate against directory service (Microsoft AD2008) as follows:

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: DirBasedAuthentication: authenticate: before authenticate() call

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: Authenticating UID=john.luk

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: UidPwdDirAuthentication: Authenticating: Searching for uid=john.luk base DN=OU=IT,dc=domain,dc=com

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: Authenticating: User authentication failure: netscape.ldap.LDAPException: error result (1); 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772

[26/Jul/2016:08:27:27][http-bio-8443-exec-1]: Authenticating: closing bad connection

The directives (bellow) are used to bind the AD2008 and I already tested the account and it is working.

auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=cn=Service Account,ou=IT,dc=domain,dc=com

auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=password

John Luk is applying for the certificate using the web enrollment process (caDirUserCert profile).

What am I missing?

Thx,

sergio