[Freeipa-users] Original java script I have been TRYING to modify to use the flatness that is IPA.

Michael Sean Conley Michael.Sean.Conley at raytheon.com
Tue Aug 16 13:49:57 UTC 2016 

So, I did a lot more research on our issue.

We fixed it - Miller time was had by all that wanted a good beer.

Did some ldap searches  - to get the specific binding user - we did this...

ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddf)' uid

And made sure to enter in the full connection.username and its associated
context. - Rob was exactly right!
but, we still got errors until we looked at the role (ahem: Roles) played
in the game.


So, the Roles were REALLY important in the script...

We created a role called admin, and added the user as the script REALLY
needs the user to be an admin - I dunno why, but the developers said so,
so....

we then did an ldap search on the role of admin....

ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=admin,cn=groups,cn=compat,dc=aba,dc=home,dc=com' 'cn=admin'

then entering those properties as below...

 <ext:property-placeholder />

  <jaas:config name="karaf" rank="1">
    <jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory

connection.username=uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com
      connection.password=iloveaba!
      connection.url=ldaps://aba-idam.aba.home.com:636
      user.base.dn=cn=users,cn=accounts,dc=aba,dc=home,dc=com
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=cn=groups,cn=compat,dc=aba,dc=home,dc=com
      role.name.attribute=cn
      role.filter=(member=uid=%u,cn=groups,cn=compat,dc=aba,dc=home,dc=com)
      role.search.subtree=true
      role.mapping=admin=group,admin,manager,viewer,webconsole
      authentication=simple
      ssl.protocol=SSL
      ssl.truststore=truststore
      ssl.algorithm=PKIX
    </jaas:module>
  </jaas:config>


Saved it, crossed our fingers and tried to log in to the docker object...

[admin at aba-desktop ~]$ ssh ddf at localhost -p 8101
Password authentication
Password:
 ____                  _          __  __ _
/ ___|  ___ _ ____   _(_) ___ ___|  \/  (_)_  __
\___ \ / _ \ '__\ \ / / |/ __/ _ \ |\/| | \ \/ /
 ___) |  __/ |   \ V /| | (_|  __/ |  | | |>  <
|____/ \___|_|    \_/ |_|\___\___|_|  |_|_/_/\_\

  Apache ServiceMix (7.0.0.M1)

Hit '<tab>' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown ServiceMix.

ddf at root>



BOOM!


Thank you Rob and Petr!!!!




Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/bd21e851/attachment.htm>

More information about the Freeipa-users mailing list