[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Rich Megginson rmeggins at redhat.com
Fri Mar 6 17:21:33 UTC 2015 

On 03/06/2015 09:39 AM, Herwono W Wijaya wrote:
> vCenter SSO works well with Univention LDAP.

Then set up a wireshark session to capture traffic between vCenter SSO 
and Univention LDAP, then do the same with vCenter SSO and IPA. Then we 
can compare the TCP traffic dumps.

>
> Here I want to make sure if FreeIPA can work with vCenter SSO, because 
> I read it on this page: 
> http://www.freeipa.org/page/HowTo/vsphere5_integration
>
> And thanks for the help and answer any questions from me.
> Have a nice day.
>
> On 3/6/15 11:23 PM, Rich Megginson wrote:
>> On 03/06/2015 09:13 AM, Gianluca Cecchi wrote:
>>> On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson <rmeggins at redhat.com 
>>> <mailto:rmeggins at redhat.com>> wrote:
>>>
>>>>
>>>>
>>>>     [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101
>>>>     nentries=2 etime=0 notes=P
>>>>     [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
>>>>     [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1
>>>>
>>>>     vCenter SSO error:
>>>>     Error: Idm client exception: Control not found
>>>
>>>     There's no error log debug level which will give us all of the
>>>     controls received by the server or all of the controls sent back
>>>     by the server.  The TRACE level will give us some information.
>>>
>>>
>>>
>>> Could it be that the "Control not found" somehow related with "page 
>>> results control" as described in
>>> https://bugzilla.redhat.com/show_bug.cgi?id=558099
>>
>> Could be.
>>>
>>> Is the "notes=P" in ipa logs a setting managed by the server or by 
>>> the type of the query done by the client?
>>
>> Yes.  It means the client is requesting a Simple Paged Search by 
>> using that control.
>>
>>> In my past IPA 3.3.3 logs I didn't find it at the end of the log 
>>> line with nentries...
>>
>> It has everything to do with the client.  The server has supported 
>> Simple Paged Search for a long time.  Perhaps some newer version of 
>> the client is requesting paged results?
>>
>>
>>> Just an attempt...
>>>
>>
>> One more thing - does vCenter work with another LDAP server, like 
>> openldap or active directory?  If so, try capturing a wireshark trace 
>> of a successful search operation, then capture a wireshark trace of a 
>> session using ipa, and we can compare them to see which controls the 
>> working server is sending back that ipa is not.
>>
>>
>
> -- 
> Regards,
> Herwono W Wijaya
> https://linuxcoding.org | *VMware vExpert 2014, 2015 
> <https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/f5c73537/attachment.htm>

More information about the Freeipa-users mailing list