[Freeipa-users] OC and FreeIPA
Jonathan J. Ramirez C.
jonathan.ramirez at solmar.com
Thu Jul 17 15:30:26 UTC 2014
> -----Original Message-----
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Jonathan J. Ramirez C. <jonathan.ramirez at solmar.com>
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] OC and FreeIPA
> Date: Thu, 17 Jul 2014 10:33:50 -0400
>
>
> Jonathan J. Ramirez C. wrote:
> > -----Original Message-----
> > *From*: Rob Crittenden <rcritten at redhat.com
> > <mailto:Rob%20Crittenden%20%3crcritten at redhat.com%3e>>
> > *To*: Jonathan J. Ramirez C. <jonathan.ramirez at solmar.com
> > <mailto:%22Jonathan%20J.%20Ramirez%20C.%22%20%3cjonathan.ramirez at solmar.com%3e>>,
> > freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> > *Subject*: Re: [Freeipa-users] OC and FreeIPA
> > *Date*: Wed, 16 Jul 2014 14:12:34 -0400
> >
> > Jonathan J. Ramirez C. wrote:
> >> Hi.
> >>
> >> Does anybody here know how to properly set up ownCloud 6.0.4 to work
> >> with FreeIPA 3.3.5? I keep getting these messages when trying to logon
> >> to OC with a created account in FreeIPA.
> >>
> >> Here's a sample:
> >>
> >> ownCloud[2182]: {user_ldap} initializing paged search for
> >> FilterobjectClass=* base Array ([0] =>
> >> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit
> >> 99999 offset 0
> >> ownCloud[2182]: {user_ldap} Ready for a paged search
> >> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found
> >> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com
> >> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute
> >> ownCloud[2182]: {user_ldap} Cannot determine UUID for
> >> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping.
> >> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password,
> >> IP:set log_authfailip=true in conf
> >>
> >> I'm really new to OC and IPA so I don't know where to poke to make it
> >> work. I'll much appreciate any hint.
> >
> >
> >> I've never dealt with OC before but I scanned the LDAP docs quickly.
> >>
> >> You will want to set separate user and group base DNs. It is using the
> >> compat tree and that is likely the wrong thing in this case.
> >>
> >> Users: cn=users,cn=accounts,dc=mydomain,dc=com
> >> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com
> >>
> >> That will fix the UUID issue at least.
> >>
> >> Have you set a password for this user account, and have you
> >> authenticated with it yet? IPA marks all administratively set passwords
> >> as expired, so you need to authenticate and change the password before
> >> it is generally usable.
> >>
> >> IPA uses memberOf for its grouping in case you need to specify it.
> >>
> >> rob
> >
> > Thank you very much Rob.
> >
> > The use of separate user and group DNs gave me the clue to what I had to add in the OC LDAP settings.
>
> Great news. If you have the time and inclination I'd encourage you to
> consider writing up a short how-to on our wiki at
> http://www.freeipa.org/page/HowTos
>
> regards
>
> rob
>
I will do that. As soon as I wrap it all up, I'll write a short tutorial.
Again, thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140717/8593715f/attachment.htm>
More information about the Freeipa-users
mailing list