[Freeipa-users] AIX client integration
Alexander Bokovoy
abokovoy at redhat.com
Thu Mar 26 20:37:36 UTC 2015
On Thu, 26 Mar 2015, David Beck wrote:
>All,
>
>This for anyone using AIX clients with freeipa. I have the client up
>and running just fine (No KRB5, AIX Bug); however I cannot seem to get
If you mean inability to use GSSAPI authentication against LDAP, it is not
a bug in AIX. Rather, it is a bug in CyrusSASL which is fixed in
RHEL-6.6.z. We have plans to fix RHEL 7.x too but for your situation an
update is going to help.
https://rhn.redhat.com/errata/RHBA-2015-0721.html
>the client to load the groups attributes properly. The users primary
>group shows up in the groups attribute from lsuser but not any
>subsequent groups the user is a member of in IPA. In the outputs
>below, I do a lookup for IPA user 0016751and I would expect the groups=
>attirbute to match those that are listed in the "Member of Groups" from
>freeipa.
>
>I experiemented with the groups attribute and mapping to the memberOf
>ldap attribute in the IPAuser.map file but that hasn't changed the
>outcome. If anyone has any pointers or advice it would ge greatly
>appreciated!
Use /var/log/dirsrv/slapd-ABC-COM/access to find out a connection
corresponding to AIX operations around your lookups and show all lines
with the same conn=<number> element.
Ideally, it would help to get a network trace between AIX and IPA LDAP
server. Given that you are not using SASL GSSAPI and SSL, it should be
easy to see what exactly is requested by AIX and returned by IPA LDAP.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list