[Freeipa-users] Trying To Connect FreeIPA with OKTA/OneLogin/Bitium

Tue Aug 12 15:26:44 UTC 2014

Thanks Martin!

On Tue, Aug 12, 2014 at 9:50 AM, Martin Kosek <mkosek at redhat.com> wrote:

> Thank you! I liked this page to
> http://www.freeipa.org/page/HowTos#Authentication
> and also improved formatting of the page. I am not sure about the "role"
> section though, we do not use "role" objectclass, so Okta's search probably
> returns no results anyway. It may be better to keep that blank IMO.
>
> Martin
>
> On 08/12/2014 03:46 PM, Chris Whittle wrote:
> > http://www.freeipa.org/page/HowTo/Integrate_With_Okta
> >
> >
> > On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <dpal at redhat.com> wrote:
> >
> >>  On 08/08/2014 04:26 PM, Chris Whittle wrote:
> >>
> >> Hey Dimitri, What do you mean?  Both of them gave me the same answer and
> >> it worked.
> >>
> >>
> >> Right, now you have the knowledge which is burred in a mail thread and
> >> would be hard to find for others that might want to follow your steps.
> >> I was hoping you would find some time to summarize your setup and
> >> experience and share with others via a HOWTO page on the FreeIPA site
> [1].
> >>
> >> [1] http://www.freeipa.org/page/HowTos
> >>
> >> Thanks
> >> Dmitri
> >>
> >>
> >>  On Aug 8, 2014 3:25 PM, "Dmitri Pal" <dpal at redhat.com> wrote:
> >>
> >>>  On 08/07/2014 02:21 PM, Chris Whittle wrote:
> >>>
> >>> Thanks guys that works!
> >>>
> >>>
> >>>
> >>> And what about HOWTO? ;-)
> >>>
> >>>
> >>>
> >>>
> >>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi <
> lyamanishi at sesda3.com>
> >>> wrote:
> >>>
> >>>>   On 08/07/2014 12:18 PM, Chris Whittle wrote:
> >>>>
> >>>> I'm currently working on a trial with OKTA and have installed their
> >>>> server agent with no issues.  Now I'm trying to map FreeIPA
> attributes with
> >>>> OKTA's
> >>>>
> >>>>  I'm getting no entries found, which leads me to think I'm missing
> >>>> something
> >>>> [image: Inline image 1]
> >>>>  [image: Inline image 2]
> >>>>  [image: Inline image 3]
> >>>>  Thanks!
> >>>>
> >>>>
> >>>>   The objectClass values look incorrect. Try posixAccount and
> posixGroup
> >>>> for users and groups. Roles are groupOfNames, but that’s a little less
> >>>> specific and will match non-role entries without a search base.
> >>>>
> >>>> You can easily look up raw entries to check your mappings with
> commands
> >>>> like these (the —all and —raw options are available for all *-show
> >>>> commands, afaik):
> >>>>
> >>>> ipa user-show --all --raw $USER_NAME
> >>>> ipa group-show --all  --raw $GROUP
> >>>> ipa role-show --all --raw $ROLE
> >>>>
> >>>> Or pure ldaputils:
> >>>>
> >>>>  ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com'
> 'uid=$USER_NAME'
> >>>>
> >>>> 
> >>>>
> >>>> --
> >>>> -----
> >>>> *question everything*learn something*answer nothing*
> >>>> ------------
> >>>> Lucas Yamanishi
> >>>> ------------------
> >>>> Systems Administrator, ADNET Systems, Inc.
> >>>> NASA Space and Earth Science Data Analysis (606.9)
> >>>> 7515 Mission Drive, Suite A100
> >>>> Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB
> >>>>
> >>>>
> >>>> --
> >>>> Manage your subscription for the Freeipa-users mailing list:
> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users
> >>>> Go To http://freeipa.org for more info on the project
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Thank you,
> >>> Dmitri Pal
> >>>
> >>> Sr. Engineering Manager IdM portfolio
> >>> Red Hat, Inc.
> >>>
> >>>
> >>> --
> >>> Manage your subscription for the Freeipa-users mailing list:
> >>> https://www.redhat.com/mailman/listinfo/freeipa-users
> >>> Go To http://freeipa.org for more info on the project
> >>>
> >>
> >>
> >> --
> >> Thank you,
> >> Dmitri Pal
> >>
> >> Sr. Engineering Manager IdM portfolio
> >> Red Hat, Inc.
> >>
> >>
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140812/dfe5ade1/attachment.htm>