[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Herwono W Wijaya root at linuxcoding.org
Fri Mar 6 16:39:38 UTC 2015 

vCenter SSO works well with Univention LDAP.

Here I want to make sure if FreeIPA can work with vCenter SSO, because I 
read it on this page: http://www.freeipa.org/page/HowTo/vsphere5_integration

And thanks for the help and answer any questions from me.
Have a nice day.

On 3/6/15 11:23 PM, Rich Megginson wrote:
> On 03/06/2015 09:13 AM, Gianluca Cecchi wrote:
>> On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson <rmeggins at redhat.com 
>> <mailto:rmeggins at redhat.com>> wrote:
>>
>>>
>>>
>>>     [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101
>>>     nentries=2 etime=0 notes=P
>>>     [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
>>>     [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1
>>>
>>>     vCenter SSO error:
>>>     Error: Idm client exception: Control not found
>>
>>     There's no error log debug level which will give us all of the
>>     controls received by the server or all of the controls sent back
>>     by the server.  The TRACE level will give us some information.
>>
>>
>>
>> Could it be that the "Control not found" somehow related with "page 
>> results control" as described in
>> https://bugzilla.redhat.com/show_bug.cgi?id=558099
>
> Could be.
>>
>> Is the "notes=P" in ipa logs a setting managed by the server or by 
>> the type of the query done by the client?
>
> Yes.  It means the client is requesting a Simple Paged Search by using 
> that control.
>
>> In my past IPA 3.3.3 logs I didn't find it at the end of the log line 
>> with nentries...
>
> It has everything to do with the client.  The server has supported 
> Simple Paged Search for a long time.  Perhaps some newer version of 
> the client is requesting paged results?
>
>
>> Just an attempt...
>>
>
> One more thing - does vCenter work with another LDAP server, like 
> openldap or active directory?  If so, try capturing a wireshark trace 
> of a successful search operation, then capture a wireshark trace of a 
> session using ipa, and we can compare them to see which controls the 
> working server is sending back that ipa is not.
>
>

-- 
Regards,
Herwono W Wijaya
https://linuxcoding.org | *VMware vExpert 2014, 2015 
<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/b3aa2faa/attachment.htm>

More information about the Freeipa-users mailing list