[Freeipa-users] Trying To Connect FreeIPA with OKTA/OneLogin/Bitium

Dmitri Pal dpal at redhat.com
Thu Aug 14 15:02:22 UTC 2014 

On 08/12/2014 05:26 PM, Chris Whittle wrote:
> Thanks Martin!

Thank you for the contribution!
Really appreciated.

>
>
> On Tue, Aug 12, 2014 at 9:50 AM, Martin Kosek <mkosek at redhat.com 
> <mailto:mkosek at redhat.com>> wrote:
>
>     Thank you! I liked this page to
>     http://www.freeipa.org/page/HowTos#Authentication
>     and also improved formatting of the page. I am not sure about the
>     "role"
>     section though, we do not use "role" objectclass, so Okta's search
>     probably
>     returns no results anyway. It may be better to keep that blank IMO.
>
>     Martin
>
>     On 08/12/2014 03:46 PM, Chris Whittle wrote:
>     > http://www.freeipa.org/page/HowTo/Integrate_With_Okta
>     >
>     >
>     > On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <dpal at redhat.com
>     <mailto:dpal at redhat.com>> wrote:
>     >
>     >>  On 08/08/2014 04:26 PM, Chris Whittle wrote:
>     >>
>     >> Hey Dimitri, What do you mean?  Both of them gave me the same
>     answer and
>     >> it worked.
>     >>
>     >>
>     >> Right, now you have the knowledge which is burred in a mail
>     thread and
>     >> would be hard to find for others that might want to follow your
>     steps.
>     >> I was hoping you would find some time to summarize your setup and
>     >> experience and share with others via a HOWTO page on the
>     FreeIPA site [1].
>     >>
>     >> [1] http://www.freeipa.org/page/HowTos
>     >>
>     >> Thanks
>     >> Dmitri
>     >>
>     >>
>     >>  On Aug 8, 2014 3:25 PM, "Dmitri Pal" <dpal at redhat.com
>     <mailto:dpal at redhat.com>> wrote:
>     >>
>     >>>  On 08/07/2014 02:21 PM, Chris Whittle wrote:
>     >>>
>     >>> Thanks guys that works!
>     >>>
>     >>>
>     >>>
>     >>> And what about HOWTO? ;-)
>     >>>
>     >>>
>     >>>
>     >>>
>     >>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi
>     <lyamanishi at sesda3.com <mailto:lyamanishi at sesda3.com>>
>     >>> wrote:
>     >>>
>     >>>>   On 08/07/2014 12:18 PM, Chris Whittle wrote:
>     >>>>
>     >>>> I'm currently working on a trial with OKTA and have installed
>     their
>     >>>> server agent with no issues.  Now I'm trying to map FreeIPA
>     attributes with
>     >>>> OKTA's
>     >>>>
>     >>>>  I'm getting no entries found, which leads me to think I'm
>     missing
>     >>>> something
>     >>>> [image: Inline image 1]
>     >>>>  [image: Inline image 2]
>     >>>>  [image: Inline image 3]
>     >>>>  Thanks!
>     >>>>
>     >>>>
>     >>>>   The objectClass values look incorrect. Try posixAccount and
>     posixGroup
>     >>>> for users and groups. Roles are groupOfNames, but that’s a
>     little less
>     >>>> specific and will match non-role entries without a search base.
>     >>>>
>     >>>> You can easily look up raw entries to check your mappings
>     with commands
>     >>>> like these (the —all and —raw options are available for all
>     *-show
>     >>>> commands, afaik):
>     >>>>
>     >>>> ipa user-show --all --raw $USER_NAME
>     >>>> ipa group-show --all  --raw $GROUP
>     >>>> ipa role-show --all --raw $ROLE
>     >>>>
>     >>>> Or pure ldaputils:
>     >>>>
>     >>>>  ldapsearch -LLL -YGSSAPI -b
>     'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME'
>     >>>>
>     >>>> ​
>     >>>>
>     >>>> --
>     >>>> -----
>     >>>> *question everything*learn something*answer nothing*
>     >>>> ------------
>     >>>> Lucas Yamanishi
>     >>>> ------------------
>     >>>> Systems Administrator, ADNET Systems, Inc.
>     >>>> NASA Space and Earth Science Data Analysis (606.9)
>     >>>> 7515 Mission Drive, Suite A100
>     >>>> Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB
>     >>>>
>     >>>>
>     >>>> --
>     >>>> Manage your subscription for the Freeipa-users mailing list:
>     >>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>     >>>> Go To http://freeipa.org for more info on the project
>     >>>>
>     >>>
>     >>>
>     >>>
>     >>>
>     >>>
>     >>> --
>     >>> Thank you,
>     >>> Dmitri Pal
>     >>>
>     >>> Sr. Engineering Manager IdM portfolio
>     >>> Red Hat, Inc.
>     >>>
>     >>>
>     >>> --
>     >>> Manage your subscription for the Freeipa-users mailing list:
>     >>> https://www.redhat.com/mailman/listinfo/freeipa-users
>     >>> Go To http://freeipa.org for more info on the project
>     >>>
>     >>
>     >>
>     >> --
>     >> Thank you,
>     >> Dmitri Pal
>     >>
>     >> Sr. Engineering Manager IdM portfolio
>     >> Red Hat, Inc.
>     >>
>     >>
>     >
>     >
>     >
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140814/ef6b98c2/attachment.htm>

More information about the Freeipa-users mailing list