[Freeipa-users] Original java script I have been TRYING to modify to use the flatness that is IPA.
Michael Sean Conley
Michael.Sean.Conley at raytheon.com
Tue Aug 16 13:49:57 UTC 2016
So, I did a lot more research on our issue.
We fixed it - Miller time was had by all that wanted a good beer.
Did some ldap searches - to get the specific binding user - we did this...
ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddf)' uid
And made sure to enter in the full connection.username and its associated
context. - Rob was exactly right!
but, we still got errors until we looked at the role (ahem: Roles) played
in the game.
So, the Roles were REALLY important in the script...
We created a role called admin, and added the user as the script REALLY
needs the user to be an admin - I dunno why, but the developers said so,
so....
we then did an ldap search on the role of admin....
ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=admin,cn=groups,cn=compat,dc=aba,dc=home,dc=com' 'cn=admin'
then entering those properties as below...
<ext:property-placeholder />
<jaas:config name="karaf" rank="1">
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com
connection.password=iloveaba!
connection.url=ldaps://aba-idam.aba.home.com:636
user.base.dn=cn=users,cn=accounts,dc=aba,dc=home,dc=com
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=cn=groups,cn=compat,dc=aba,dc=home,dc=com
role.name.attribute=cn
role.filter=(member=uid=%u,cn=groups,cn=compat,dc=aba,dc=home,dc=com)
role.search.subtree=true
role.mapping=admin=group,admin,manager,viewer,webconsole
authentication=simple
ssl.protocol=SSL
ssl.truststore=truststore
ssl.algorithm=PKIX
</jaas:module>
</jaas:config>
Saved it, crossed our fingers and tried to log in to the docker object...
[admin at aba-desktop ~]$ ssh ddf at localhost -p 8101
Password authentication
Password:
____ _ __ __ _
/ ___| ___ _ ____ _(_) ___ ___| \/ (_)_ __
\___ \ / _ \ '__\ \ / / |/ __/ _ \ |\/| | \ \/ /
___) | __/ | \ V /| | (_| __/ | | | |> <
|____/ \___|_| \_/ |_|\___\___|_| |_|_/_/\_\
Apache ServiceMix (7.0.0.M1)
Hit '<tab>' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown ServiceMix.
ddf at root>
BOOM!
Thank you Rob and Petr!!!!
Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/bd21e851/attachment.htm>
More information about the Freeipa-users
mailing list