[Freeipa-users] Adding FreeIPA as a vsphere identity source

[reesb at hushmail.com]

Hi Martin,
Using my vadmin account,
"uid=vadmin,cn=users,cn=compat,dc=localdomain,dc=local", the search
completes successfully and i get a list of my users and groups however
when I've watched the ldap queries between vcenter and freeipa I can
see it's applying a filter to the user search looking for
'objectClass=groupOfUniqueNames' which my groups don't seem to
contain.
I'm very much an ldap newbie but I thought at step two in the vsphere
integration howto I modified the groups schema to include that object
class?

On 3/4/2015 at 8:32 PM, "Martin Kosek"  wrote:

Given that this HOWTO does not use the vanilla Schema Compatibility
settings
(FreeIPA Compat Tree by default uses posixGroup objectclass and
memberUid
attribute for user membership), I would check if the groups really
have the
right objectclass and uniqueMember generated:

# ldapsearch -D "VSPHERE_DN" -x -w "$VSPHERE_DN_PASSWORD" -b
"cn=groups,cn=compat,dc=localdomain,dc=local"

I expect there will be some problem preventing the LDAP search to
succeed. Then
we would know where to look next.

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150305/96024a3d/attachment.htm>