[Freeipa-users] FreeIPA and vSphere
Alexander Bokovoy
abokovoy at redhat.com
Wed Dec 14 16:24:31 UTC 2016
On ke, 14 joulu 2016, Serhii Honchar wrote:
>Hello,
>
>trying to get vSphere authenticate users using FreeIPA.
>I've made scheme changes as recommended in howto
>http://www.freeipa.org/page/HowTo/vsphere5_integration.
>But then faced following issue:
>Vsphere using "pagedResultsControl" and sets it's criticality to "True" on
>all it's requests to LDAP server:
>---
>Lightweight Directory Access Protocol
> LDAPMessage searchRequest(2) "cn=users,cn=compat,dc=XXX,dc=XXX"
>wholeSubtree
> messageID: 2
> protocolOp: searchRequest (3)
> [Response In: 17]
> * controls: 1 item *
>* Control *
>* controlType: 1.2.840.113556.1.4.319 (pagedResultsControl) *
>* criticality: True *
>* SearchControlValue *
>* size: 100 *
>* cookie: <MISSING> *
>---
>
>When requesting from "cn=accounts" subtree things go ok, and reply also
>contain "pagedResultsControl" block:
>---
>Lightweight Directory Access Protocol
> LDAPMessage searchResDone(2) success [1 result]
> messageID: 2
> protocolOp: searchResDone (5)
> searchResDone
> resultCode: success (0)
> matchedDN:
> errorMessage:
> [Response To: 15]
> [Time: 0.065699000 seconds]
> * controls: 1 item*
>* Control*
>* controlType: 1.2.840.113556.1.4.319 (pagedResultsControl)*
>* SearchControlValue*
>* size: 0*
>* cookie: <MISSING>*
>---
>and vSphere accepts the results of such queries without any problem, except
>the fact that there are no some required attributes in objects in this
>subtree.
>
>But on same requests to "cn=compat" subtree (where all required attributes
>added) something goest wrong, and replies doesn't contain
>"pagedResultsControl" block (the result set itself is identical, absence of
>controls block is only difference) :
That's correct because slapi-nis plugin does not support paged results
control for the virtual subtree.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list