[Freeipa-users] Trying To Connect FreeIPA with OKTA/OneLogin/Bitium
Chris Whittle
cwhittl at gmail.com
Tue Aug 12 13:46:26 UTC 2014
http://www.freeipa.org/page/HowTo/Integrate_With_Okta
On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 08/08/2014 04:26 PM, Chris Whittle wrote:
>
> Hey Dimitri, What do you mean? Both of them gave me the same answer and
> it worked.
>
>
> Right, now you have the knowledge which is burred in a mail thread and
> would be hard to find for others that might want to follow your steps.
> I was hoping you would find some time to summarize your setup and
> experience and share with others via a HOWTO page on the FreeIPA site [1].
>
> [1] http://www.freeipa.org/page/HowTos
>
> Thanks
> Dmitri
>
>
> On Aug 8, 2014 3:25 PM, "Dmitri Pal" <dpal at redhat.com> wrote:
>
>> On 08/07/2014 02:21 PM, Chris Whittle wrote:
>>
>> Thanks guys that works!
>>
>>
>>
>> And what about HOWTO? ;-)
>>
>>
>>
>>
>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi <lyamanishi at sesda3.com>
>> wrote:
>>
>>> On 08/07/2014 12:18 PM, Chris Whittle wrote:
>>>
>>> I'm currently working on a trial with OKTA and have installed their
>>> server agent with no issues. Now I'm trying to map FreeIPA attributes with
>>> OKTA's
>>>
>>> I'm getting no entries found, which leads me to think I'm missing
>>> something
>>> [image: Inline image 1]
>>> [image: Inline image 2]
>>> [image: Inline image 3]
>>> Thanks!
>>>
>>>
>>> The objectClass values look incorrect. Try posixAccount and posixGroup
>>> for users and groups. Roles are groupOfNames, but that’s a little less
>>> specific and will match non-role entries without a search base.
>>>
>>> You can easily look up raw entries to check your mappings with commands
>>> like these (the —all and —raw options are available for all *-show
>>> commands, afaik):
>>>
>>> ipa user-show --all --raw $USER_NAME
>>> ipa group-show --all --raw $GROUP
>>> ipa role-show --all --raw $ROLE
>>>
>>> Or pure ldaputils:
>>>
>>> ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME'
>>>
>>>
>>>
>>> --
>>> -----
>>> *question everything*learn something*answer nothing*
>>> ------------
>>> Lucas Yamanishi
>>> ------------------
>>> Systems Administrator, ADNET Systems, Inc.
>>> NASA Space and Earth Science Data Analysis (606.9)
>>> 7515 Mission Drive, Suite A100
>>> Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go To http://freeipa.org for more info on the project
>>>
>>
>>
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140812/eebbb65b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 103249 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140812/eebbb65b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 89508 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140812/eebbb65b/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 88448 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140812/eebbb65b/attachment-0002.png>
More information about the Freeipa-users
mailing list