[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO
Rich Megginson
rmeggins at redhat.com
Fri Mar 6 17:21:33 UTC 2015
On 03/06/2015 09:39 AM, Herwono W Wijaya wrote:
> vCenter SSO works well with Univention LDAP.
Then set up a wireshark session to capture traffic between vCenter SSO
and Univention LDAP, then do the same with vCenter SSO and IPA. Then we
can compare the TCP traffic dumps.
>
> Here I want to make sure if FreeIPA can work with vCenter SSO, because
> I read it on this page:
> http://www.freeipa.org/page/HowTo/vsphere5_integration
>
> And thanks for the help and answer any questions from me.
> Have a nice day.
>
> On 3/6/15 11:23 PM, Rich Megginson wrote:
>> On 03/06/2015 09:13 AM, Gianluca Cecchi wrote:
>>> On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson <rmeggins at redhat.com
>>> <mailto:rmeggins at redhat.com>> wrote:
>>>
>>>>
>>>>
>>>> [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101
>>>> nentries=2 etime=0 notes=P
>>>> [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
>>>> [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1
>>>>
>>>> vCenter SSO error:
>>>> Error: Idm client exception: Control not found
>>>
>>> There's no error log debug level which will give us all of the
>>> controls received by the server or all of the controls sent back
>>> by the server. The TRACE level will give us some information.
>>>
>>>
>>>
>>> Could it be that the "Control not found" somehow related with "page
>>> results control" as described in
>>> https://bugzilla.redhat.com/show_bug.cgi?id=558099
>>
>> Could be.
>>>
>>> Is the "notes=P" in ipa logs a setting managed by the server or by
>>> the type of the query done by the client?
>>
>> Yes. It means the client is requesting a Simple Paged Search by
>> using that control.
>>
>>> In my past IPA 3.3.3 logs I didn't find it at the end of the log
>>> line with nentries...
>>
>> It has everything to do with the client. The server has supported
>> Simple Paged Search for a long time. Perhaps some newer version of
>> the client is requesting paged results?
>>
>>
>>> Just an attempt...
>>>
>>
>> One more thing - does vCenter work with another LDAP server, like
>> openldap or active directory? If so, try capturing a wireshark trace
>> of a successful search operation, then capture a wireshark trace of a
>> session using ipa, and we can compare them to see which controls the
>> working server is sending back that ipa is not.
>>
>>
>
> --
> Regards,
> Herwono W Wijaya
> https://linuxcoding.org | *VMware vExpert 2014, 2015
> <https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/f5c73537/attachment.htm>
More information about the Freeipa-users
mailing list