[Freeipa-users] Trying To Connect FreeIPA with OKTA/OneLogin/Bitium
Martin Kosek
mkosek at redhat.com
Tue Aug 12 14:50:21 UTC 2014
Thank you! I liked this page to
http://www.freeipa.org/page/HowTos#Authentication
and also improved formatting of the page. I am not sure about the "role"
section though, we do not use "role" objectclass, so Okta's search probably
returns no results anyway. It may be better to keep that blank IMO.
Martin
On 08/12/2014 03:46 PM, Chris Whittle wrote:
> http://www.freeipa.org/page/HowTo/Integrate_With_Okta
>
>
> On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <dpal at redhat.com> wrote:
>
>> On 08/08/2014 04:26 PM, Chris Whittle wrote:
>>
>> Hey Dimitri, What do you mean? Both of them gave me the same answer and
>> it worked.
>>
>>
>> Right, now you have the knowledge which is burred in a mail thread and
>> would be hard to find for others that might want to follow your steps.
>> I was hoping you would find some time to summarize your setup and
>> experience and share with others via a HOWTO page on the FreeIPA site [1].
>>
>> [1] http://www.freeipa.org/page/HowTos
>>
>> Thanks
>> Dmitri
>>
>>
>> On Aug 8, 2014 3:25 PM, "Dmitri Pal" <dpal at redhat.com> wrote:
>>
>>> On 08/07/2014 02:21 PM, Chris Whittle wrote:
>>>
>>> Thanks guys that works!
>>>
>>>
>>>
>>> And what about HOWTO? ;-)
>>>
>>>
>>>
>>>
>>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi <lyamanishi at sesda3.com>
>>> wrote:
>>>
>>>> On 08/07/2014 12:18 PM, Chris Whittle wrote:
>>>>
>>>> I'm currently working on a trial with OKTA and have installed their
>>>> server agent with no issues. Now I'm trying to map FreeIPA attributes with
>>>> OKTA's
>>>>
>>>> I'm getting no entries found, which leads me to think I'm missing
>>>> something
>>>> [image: Inline image 1]
>>>> [image: Inline image 2]
>>>> [image: Inline image 3]
>>>> Thanks!
>>>>
>>>>
>>>> The objectClass values look incorrect. Try posixAccount and posixGroup
>>>> for users and groups. Roles are groupOfNames, but that’s a little less
>>>> specific and will match non-role entries without a search base.
>>>>
>>>> You can easily look up raw entries to check your mappings with commands
>>>> like these (the —all and —raw options are available for all *-show
>>>> commands, afaik):
>>>>
>>>> ipa user-show --all --raw $USER_NAME
>>>> ipa group-show --all --raw $GROUP
>>>> ipa role-show --all --raw $ROLE
>>>>
>>>> Or pure ldaputils:
>>>>
>>>> ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME'
>>>>
>>>>
>>>>
>>>> --
>>>> -----
>>>> *question everything*learn something*answer nothing*
>>>> ------------
>>>> Lucas Yamanishi
>>>> ------------------
>>>> Systems Administrator, ADNET Systems, Inc.
>>>> NASA Space and Earth Science Data Analysis (606.9)
>>>> 7515 Mission Drive, Suite A100
>>>> Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB
>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go To http://freeipa.org for more info on the project
>>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go To http://freeipa.org for more info on the project
>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>
>
>
More information about the Freeipa-users
mailing list