[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Herwono W Wijaya root at linuxcoding.org
Fri Mar 6 11:11:37 UTC 2015 

Now all works well, I use another method

*FreeIPA:**
**Users:*
- admin
- herwono (member of "ssogroups" group)
- vcadmin (member of "ssogroups" group)

*Group**s:**
**Only one group for vCenter SSO.*
- ssogroups

*Modif "ssogroups" using ldif file*
<pre>
dn: cn=ssogroups,cn=groups,cn=accounts,dc=server,dc=local
changetype: modify
add: objectClass
objectClass: groupOfUniqueNames
-
add: uniqueMember
uniqueMember: uid=herwono,cn=users,cn=accounts,dc=server,dc=local
uniqueMember: uid=vcadmin,cn=users,cn=accounts,dc=server,dc=local
-
</pre>

*vCenter Identity Source Config:*
Name: IPA
Base DN for users: cn=users,cn=accounts,dc=server,dc=local
Domain name: server.local
Base DN for groups: cn=groups,cn=accounts,dc=server,dc=local
Primary server url: ldap://identity.server.local:389
Username: uid=admin,cn=users,cn=accounts,dc=server,dc=local
Password: ******

*FreeIPA users and groups for vCenter with Administrator permission:*
User: herwono (SERVER.LOCAL\herwono)
Group: ssogroups (SERVER.LOCAL\ssogroups)


On 3/6/15 3:37 PM, Gianluca Cecchi wrote:
> On Fri, Mar 6, 2015 at 8:34 AM, Martin Kosek <mkosek at redhat.com 
> <mailto:mkosek at redhat.com>> wrote:
>
>     On 03/06/2015 04:38 AM, Herwono W Wijaya wrote:
>
>         Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the
>         admin user can be
>         used and always get an error for other users.
>
>
>     You mean admin user from vCenter, not admin user from FreeIPA, right?
>
>     Did you follow this HOWTO:
>     http://www.freeipa.org/page/HowTo/vsphere5_integration
>
>     Note that the vSphere integration topic is being discussed this
>     week, CCing also Gialunca (author of the HOWTO), he may have some
>     ideas where the problem is too.
>
>     Martin
>
>
>
> The logs that let us know the kind of queries generated b vSPhere are in
> /var/log/dirsrv/slapd-REALM-NAME/
> (at least for 3.3.3)
>
> Also, searching through my e-mails I found one direct contact using 
> vSphere 5.5 and that was doing some tests with VMware support 
> connected to his systems.
> It seems they found out that it almost all worked correctly when using 
> accounts instead of compat BUT
> you can't log in.
>
> An action was the to add objectclass=groupOfUniqueNames to a single 
> test group and they were able to login
>
> I asked more information about his setup if still in place and to 
> eventually share with others.
>
> Stay tuned...
>
> Gianluca

-- 
Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert 
2014, 2015 
<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-03-06 at 5.22.06 PM.png
Type: image/png
Size: 304114 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-03-06 at 5.26.45 PM.png
Type: image/png
Size: 145491 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-03-06 at 5.27.09 PM.png
Type: image/png
Size: 283494 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-03-06 at 5.27.31 PM.png
Type: image/png
Size: 214276 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-03-06 at 5.27.46 PM.png
Type: image/png
Size: 245207 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2015-03-06 at 6.05.33 PM.png
Type: image/png
Size: 421175 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/08de6073/attachment-0005.png>

More information about the Freeipa-users mailing list