[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Herwono W Wijaya root at linuxcoding.org
Fri Mar 6 13:09:05 UTC 2015 

Gianluca's method not working for me, always get this error

Error: Idm client exception: control not found

and also try using this:
http://www.freeipa.org/page/HowTo/vsphere5_integration#Permission_Update

On 3/6/15 7:49 PM, Martin Kosek wrote:
> I am glad you have it working. However, I would like to discourage 
> from this another method as this way, you would need to maintain 
> uniqueMember attribute yourself. FreeIPA only maintains the "member" 
> attribute.
>
> I would recommend using the Gianluca's method in
> http://www.freeipa.org/page/HowTo/vsphere5_integration
>
> with taking users and groups from compat tree. This way, you will have 
> uniqueMember populated when you do changes to the group using FreeIPA 
> CLI or UI.
>
> If it was not working for you in the past, note that we identified a 
> change today that needs to be done with FreeIPA 4.0+:
>
> http://www.freeipa.org/page/HowTo/vsphere5_integration#Permission_Update
>
> Martin
>
>
> On 03/06/2015 12:11 PM, Herwono W Wijaya wrote:
>> Now all works well, I use another method
>>
>> *FreeIPA:**
>> **Users:*
>> - admin
>> - herwono (member of "ssogroups" group)
>> - vcadmin (member of "ssogroups" group)
>>
>> *Group**s:**
>> **Only one group for vCenter SSO.*
>> - ssogroups
>>
>> *Modif "ssogroups" using ldif file*
>> <pre>
>> dn: cn=ssogroups,cn=groups,cn=accounts,dc=server,dc=local
>> changetype: modify
>> add: objectClass
>> objectClass: groupOfUniqueNames
>> -
>> add: uniqueMember
>> uniqueMember: uid=herwono,cn=users,cn=accounts,dc=server,dc=local
>> uniqueMember: uid=vcadmin,cn=users,cn=accounts,dc=server,dc=local
>> -
>> </pre>
>>
>> *vCenter Identity Source Config:*
>> Name: IPA
>> Base DN for users: cn=users,cn=accounts,dc=server,dc=local
>> Domain name: server.local
>> Base DN for groups: cn=groups,cn=accounts,dc=server,dc=local
>> Primary server url: ldap://identity.server.local:389
>> Username: uid=admin,cn=users,cn=accounts,dc=server,dc=local
>> Password: ******
>>
>> *FreeIPA users and groups for vCenter with Administrator permission:*
>> User: herwono (SERVER.LOCAL\herwono)
>> Group: ssogroups (SERVER.LOCAL\ssogroups)
>>
>>
>> On 3/6/15 3:37 PM, Gianluca Cecchi wrote:
>>> On Fri, Mar 6, 2015 at 8:34 AM, Martin Kosek <mkosek at redhat.com
>>> <mailto:mkosek at redhat.com>> wrote:
>>>
>>>     On 03/06/2015 04:38 AM, Herwono W Wijaya wrote:
>>>
>>>         Problems with FreeIPA 4.1.3 for vCenter 5.5u2b SSO, only the 
>>> admin
>>>         user can be
>>>         used and always get an error for other users.
>>>
>>>
>>>     You mean admin user from vCenter, not admin user from FreeIPA, 
>>> right?
>>>
>>>     Did you follow this HOWTO:
>>>     http://www.freeipa.org/page/HowTo/vsphere5_integration
>>>
>>>     Note that the vSphere integration topic is being discussed this 
>>> week,
>>>     CCing also Gialunca (author of the HOWTO), he may have some 
>>> ideas where
>>>     the problem is too.
>>>
>>>     Martin
>>>
>>>
>>>
>>> The logs that let us know the kind of queries generated b vSPhere 
>>> are in
>>> /var/log/dirsrv/slapd-REALM-NAME/
>>> (at least for 3.3.3)
>>>
>>> Also, searching through my e-mails I found one direct contact using 
>>> vSphere
>>> 5.5 and that was doing some tests with VMware support connected to 
>>> his systems.
>>> It seems they found out that it almost all worked correctly when using
>>> accounts instead of compat BUT
>>> you can't log in.
>>>
>>> An action was the to add objectclass=groupOfUniqueNames to a single 
>>> test
>>> group and they were able to login
>>>
>>> I asked more information about his setup if still in place and to 
>>> eventually
>>> share with others.
>>>
>>> Stay tuned...
>>>
>>> Gianluca
>>
>> -- 
>> Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert 
>> 2014, 2015
>> <https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 
>>
>>
>

-- 
Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert 
2014, 2015 
<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/f7ec8b63/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: error.png
Type: image/png
Size: 352533 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/f7ec8b63/attachment.png>

More information about the Freeipa-users mailing list