[Freeipa-users] Solaris 10 as IPA Client?

Steven Jones Steven.Jones at vuw.ac.nz
Mon Dec 5 19:42:28 UTC 2011 

Hi,

If I wanted a specific internet access group where the IPA group is  "internet-users"

What would the baseDN be?

I have been using dc=unix,dc=vuw,dc=ac,dc=nz  but I have tried a few combos, none worked....also I need to bind to the IPA?  or will anonymous work?  I cant search the tree as anonymous inside the bluecoat gui so I cant pick the group I want....which would make life easy.

This goes back to my request to see the dc= stuff inside the gui.....the gui "speaks" one way and everything else "speaks" differently, a translation is needed. So really you have succeeded in making the gui very easy to use, sure but not with other products.

If I have to bind with a user so I can pick the group I want in the bluecoat gui I assume I need to create a user for that?  with limited permissions?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Tuesday, 6 December 2011 3:40 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Solaris 10 as IPA Client?

Steven Jones wrote:
>
> 8><-----------
>
> Also Solaris assumes 2307 schema AFAIR and IPA is 2307bis.
> So you need to enable compat tree on ipa side and point your Solaris
> nss_ldap to the compat tree.
>
> 8><----------
>
> We have a Sun solar storage SAN.....uses Solaris I cant get it to work....maybe that's what I need to do to get them to talk....how to I enable "compat tree"?
>
> Also would other hardware vendors be similar?  Im trying to get a bluecoat proxy server to talk to IPA and it cant....

compat is enabled by default, to double check run: ipa-compat-manage status

For authentication typically all you need is the basedn of users
(cn=users,cn=accounts,dc=example,dc=com). For SSL you can get a copy of
the CA cert from http://ipa.example.com/ipa/config/ca.crt.

The 389-ds access logs can be found in
/var/log/dirsrv/slapd-YOURINSTANCE/access. These are buffered for up to
30 seconds. The error log by default tends to only log catastrophic
problems. You can enable server debugging, details are in the FAQ in the
389-ds wiki.

rob

More information about the Freeipa-users mailing list