[Freeipa-users] FreeIPA for AMM users management

Mon Mar 4 13:23:13 UTC 2013

Okay! I will try to consult with IBM tech-support :)

В Ср., 27/02/2013 в 10:31 +0100, Petr Spacek пишет:
> On 27.2.2013 04:07, Артур Файзуллин wrote:
> > Ok! I will try :) but would you give me some advice :) what configs to
> > put. should I use:
> 
> Well, we don't know anything about AAM. This is freeipa-users list :-)
> 
> We can try to give you some advices if you provide links to documentation for 
> exact AAM version you use.
> 
> My best guess (without looking to AAM docs):
> 
> > * "Use LDAP Servers for Authentication and Authorization"
> Probably yes.
> 
> > * "Use DNS to find LDAP Servers"
> > 	and put here domain name if IPA-server?
> Probably yes.
> 
> > * should in "Active Directory Settings" Enhanced role-based security be
> > enabled?
> I would disable any AD specific things (at least for the beginning).
> 
>  > And what means AMM Target Name?
> I don't have an idea. Please consult AAM docs.
> 
> > * root dn = something like this dc=example,dc=com ?
> Question is what "root" means in IBM's world. FreeIPA domain "example.com" has 
> root of LDAP tree at "dc=example,dc=com". You can try also 
> "cn=users,cn=compat,dc=example,dc=com" and 
> "cn=users,cn=accounts,dc=ecample,dc=com".
> 
> > * Binding method which one to choose?
> > 	w/ Configured Credentials
> I guess: This method will use special account created specifically for AAM.
> 
> > 	w/ Login Credentials
> I guess: This method will try to do LDAP BIND with credentials provided by 
> user for particular login attempt. I would prefer this method.
> 
> > Some questions may be stupid, but I want to be sure in them :)
> 
> I really don't know AAM specifics. Please read all AAM's documentation you 
> find and try various settings. We can provide general advices and publish your 
> findings on freeipa.org.
> 
> Any contributions welcome!
> 
> Petr^2 Spacek
> 
> > В Вт., 26/02/2013 в 12:41 +0100, Petr Spacek пишет:
> >> On 26.2.2013 11:49, Артур Файзуллин wrote:
> >>> And what?
> >>> Is there any result? I try same thing with my AMM and IPA
> >>
> >> Unfortunately, we don't have sufficient information to give you any advice.
> >>
> >> Please, try to provide output from a sniffer as I asked in last reply. Then we
> >> will try to help you. (You can send the data to me privately, if you want.)
> >>
> >> Petr^2 Spacek
> >>
> >>> В Пн., 05/11/2012 в 09:32 +0100, Petr Spacek пишет:
> >>>> On 11/03/2012 01:12 PM, Pavel Zhukov wrote:
> >>>>>> Can you do NS lookup of the IPA server from the AMM box?
> >>>>> yes
> >>>>>> Can you do kinit from the AMM box against IPA?
> >>>>>> Can you do ldapsearch from the AMM box against IPA?
> >>>>> no, AMM has restricted shell and web GUI.
> >>>>
> >>>> Hmm, that is unfortunate. Can you run tcpdump (or sniffer provided on AMM) on
> >>>> the link between AMM and IPA server? Because there are no records in access
> >>>> log I will bet on some name resolution or firewall problem.
> >>>>
> >>>> Do AMM get right DNS responses (i.e. name and IP address of the IPA server)?
> >>>>
> >>>> Do AMM established TCP connection with the IPA server?
> >>>>
> >>>> --
> >>>> Petr^2 Spacek
> >>>>
> >>>>>> Do you see anything in the logs from such activity?
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users