[Freeipa-users] Trying To Connect FreeIPA with OKTA/OneLogin/Bitium
Dmitri Pal
dpal at redhat.com
Sun Aug 10 04:31:09 UTC 2014
On 08/08/2014 04:26 PM, Chris Whittle wrote:
>
> Hey Dimitri, What do you mean? Both of them gave me the same answer
> and it worked.
>
Right, now you have the knowledge which is burred in a mail thread and
would be hard to find for others that might want to follow your steps.
I was hoping you would find some time to summarize your setup and
experience and share with others via a HOWTO page on the FreeIPA site [1].
[1] http://www.freeipa.org/page/HowTos
Thanks
Dmitri
> On Aug 8, 2014 3:25 PM, "Dmitri Pal" <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> On 08/07/2014 02:21 PM, Chris Whittle wrote:
>> Thanks guys that works!
>
>
> And what about HOWTO? ;-)
>
>
>>
>>
>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi
>> <lyamanishi at sesda3.com <mailto:lyamanishi at sesda3.com>> wrote:
>>
>> On 08/07/2014 12:18 PM, Chris Whittle wrote:
>>
>>> I'm currently working on a trial with OKTA and have
>>> installed their server agent with no issues. Now I'm trying
>>> to map FreeIPA attributes with OKTA's
>>>
>>> I'm getting no entries found, which leads me to think I'm
>>> missing something
>>> Inline image 1
>>> Inline image 2
>>> Inline image 3
>>> Thanks!
>>>
>>>
>> The objectClass values look incorrect. Try |posixAccount| and
>> |posixGroup| for users and groups. Roles are |groupOfNames|,
>> but that’s a little less specific and will match non-role
>> entries without a search base.
>>
>> You can easily look up raw entries to check your mappings
>> with commands like these (the —all and —raw options are
>> available for all *-show commands, afaik):
>>
>> |ipa user-show --all --raw $USER_NAME
>> ipa group-show --all --raw $GROUP
>> ipa role-show --all --raw $ROLE
>> |
>>
>> Or pure ldaputils:
>>
>> | ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME'
>> |
>>
>>
>>
>> --
>> -----
>> *question everything*learn something*answer nothing*
>> ------------
>> Lucas Yamanishi
>> ------------------
>> Systems Administrator, ADNET Systems, Inc.
>> NASA Space and Earth Science Data Analysis (606.9)
>> 7515 Mission Drive, Suite A100
>> Lanham, MD 20706 *301-352-4646 <tel:301-352-4646> * 0xD354B2CB
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
>>
>>
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140810/0d793364/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 89508 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140810/0d793364/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 88448 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140810/0d793364/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 103249 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140810/0d793364/attachment-0002.png>
More information about the Freeipa-users
mailing list