On Wed, Nov 07, 2018 at 01:05:24PM -0500, Rob Crittenden via FreeIPA-users wrote:
Peter Oliver via FreeIPA-users wrote:
[02/Nov/2018:14:54:37][ajp-bio-127.0.0.1-8009-exec-15]: CertUserDBAuthentication: cannot map certificate to any userUser not found [02/Nov/2018:14:54:37][ajp-bio-127.0.0.1-8009-exec-15]: SignedAuditLogger: event AUTH
Any suggestions? Has something gone wrong with the setup?
I'm not sure, cc'ing a dogtag developer.
rob
Hi Peter,
Please check the LDAP entry 'uid=pkidbuser,ou=people,o=ipaca'. Do the 'userCertificate', 'description' and 'seeAlso' attributes match the IPA RA certificate (/var/lib/ipa/ra-agent.pem)?
If not, update the entry to match the certificate.
Note that the second field of the 'description' attribute is the serial number (decimal), and the first field is always '2'.
Cheers, Fraser