[Freeipa-users] Revisiting ILO [SOLVED]

[KodaK]

Not exactly "solved" but I'll call it that, since there is no way to change
the login attribute.

I've requested this feature, but I requested it through support and I'm
sure it will die in a queue somewhere.


On Wed, Nov 6, 2013 at 6:25 AM, Dmitri Pal <dpal at redhat.com> wrote:

>  On 11/05/2013 02:51 PM, KodaK wrote:
>
> If I use the whole connection string:
>
>  uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
>
>  I can authenticate.
>
>
> Does this count as SOLVED?
> If so can you please reply with the SOLVED in the subject?
>
>
>
> On Tue, Nov 5, 2013 at 1:40 PM, KodaK <sakodak at gmail.com> wrote:
>
>> I'm attempting to get HP ILO authenticating against IPA again.
>>
>>  I've configured the user context in ILO as:
>>
>>  cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
>>
>>  When ILO tries to connect, it sends the string:
>>
>>  CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
>>
>>  Which, of course, doesn't exist.  IPA uses uid=<username>, but as far
>> as I can tell I can't tell ILO to use a different username attribute.  It
>> doesn't even look like it's trying to use a username attribute.
>>
>>  I've tried to force it to look for uid=jebalicki by using
>> "uid=jebalicki" in the login field, but that fails too.  The errors in the
>> errors log look like this:
>>
>>
>>  [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c,
>> line 645]: Failed to retrieve entry "jebalicki": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry "jebalicki": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry
>> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry
>> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry "jebalicki": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry "jebalicki": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry
>> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry
>> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry "jebalicki": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry "jebalicki": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry
>> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry
>> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry "uid=jebalicki": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry "uid=jebalicki": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry
>> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry
>> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry "uid=jebalicki": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry "uid=jebalicki": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry
>> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry
>> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry "uid=jebalicki": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry "uid=jebalicki": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line
>> 645]: Failed to retrieve entry
>> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c,
>> line 421]: Failed to retrieve entry
>> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32
>>
>>  And the access log looks like this:
>>
>>  [05/Nov/2013:13:32:06 -0600] conn=214941 fd=438 slot=438 SSL connection
>> from 10.200.10.192 to 10.200.16.170
>> [05/Nov/2013:13:32:06 -0600] conn=214941 SSL 256-bit AES
>> [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 BIND dn="uid=jebalicki"
>> method=128 version=2
>> [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 RESULT err=32 tag=97
>> nentries=0 etime=0
>> [05/Nov/2013:13:32:06 -0600] conn=214941 op=1 BIND
>> dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com"
>> method=128 version=2
>> [05/Nov/2013:13:32:07 -0600] conn=214941 op=1 RESULT err=32 tag=97
>> nentries=0 etime=1
>> [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 UNBIND
>> [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 fd=438 closed - U1
>> [05/Nov/2013:13:32:07 -0600] conn=214942 fd=439 slot=439 SSL connection
>> from 10.200.10.192 to 10.200.16.170
>> [05/Nov/2013:13:32:07 -0600] conn=214942 SSL 256-bit AES
>> [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 BIND dn="uid=jebalicki"
>> method=128 version=2
>> [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 RESULT err=32 tag=97
>> nentries=0 etime=0
>> [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 UNBIND
>> [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 fd=439 closed - U1
>> [05/Nov/2013:13:32:07 -0600] conn=214943 fd=438 slot=438 SSL connection
>> from 10.200.10.192 to 10.200.16.170
>> [05/Nov/2013:13:32:07 -0600] conn=214943 SSL 256-bit AES
>> [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 BIND
>> dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com"
>> method=128 version=2
>> [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 RESULT err=32 tag=97
>> nentries=0 etime=0
>> [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 UNBIND
>> [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 fd=438 closed - U1
>>
>>  Is there any way to force things on the IPA side?  Can I automatically
>> attach on the necessary components to the provided username?
>>
>>
>
>
>  --
> The government is going to read our mail anyway, might as well make it
> tough for them.  GPG Public key ID:  B6A1A7C6
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>



-- 
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131120/3620d176/attachment.htm>