[Freeipa-users] vcenter 5.5 and freeipa 3 authentication
Rob Crittenden
rcritten at redhat.com
Tue Nov 4 20:02:52 UTC 2014
richard wrote:
> We are trying to configure vcenter 5.5 to authenticate against freeipa
> instead of AD.
> Its working for single users, we can update passwd in freeipa and they
> can authenticate aganinst vcenter.
> But we are not able to get the groups to work as we want, we cant even
> see them on the vcenter side.
>
>
> Has any one configured vcenter to authenticate against freeipa, with
> booth users and groups working?
>
> // Richard
>
How are you configuring it, using the Open LDAP option?
According to
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2064977
the group scheme used by IPA is not supported. They require the
objectclass groupOfUniqueNames and uniqueMember.
It should be possible to add configuration to IPA to enable this via the
slapi-nis (schema compat) plugin. See this,
https://git.fedorahosted.org/cgit/slapi-nis.git/plain/doc/sch-getting-started.txt
rob
More information about the Freeipa-users
mailing list