[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO
Rich Megginson
rmeggins at redhat.com
Fri Mar 6 16:23:50 UTC 2015
On 03/06/2015 09:13 AM, Gianluca Cecchi wrote:
> On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
>>
>>
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101
>> nentries=2 etime=0 notes=P
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1
>>
>> vCenter SSO error:
>> Error: Idm client exception: Control not found
>
> There's no error log debug level which will give us all of the
> controls received by the server or all of the controls sent back
> by the server. The TRACE level will give us some information.
>
>
>
> Could it be that the "Control not found" somehow related with "page
> results control" as described in
> https://bugzilla.redhat.com/show_bug.cgi?id=558099
Could be.
>
> Is the "notes=P" in ipa logs a setting managed by the server or by the
> type of the query done by the client?
Yes. It means the client is requesting a Simple Paged Search by using
that control.
> In my past IPA 3.3.3 logs I didn't find it at the end of the log line
> with nentries...
It has everything to do with the client. The server has supported
Simple Paged Search for a long time. Perhaps some newer version of the
client is requesting paged results?
> Just an attempt...
>
One more thing - does vCenter work with another LDAP server, like
openldap or active directory? If so, try capturing a wireshark trace of
a successful search operation, then capture a wireshark trace of a
session using ipa, and we can compare them to see which controls the
working server is sending back that ipa is not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/bca0d761/attachment.htm>
More information about the Freeipa-users
mailing list