[Freeipa-users] FreeIPA and Pulse Secure (Juniper SSLVPN)
CFMS Support
support at cfms.org.uk
Tue Jan 12 10:24:47 UTC 2016
Hi Alexander,
These are the entries from /var/log/dirsrv/slapd-<INSTANC>/access
[12/Jan/2016:10:22:13 +0000] conn=30642 fd=128 slot=128 connection from
172.19.6.16 to 172.20.3.6
[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[12/Jan/2016:10:22:13 +0000] conn=30642 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[12/Jan/2016:10:22:13 +0000] conn=30642 TLS1.2 128-bit AES-GCM
[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 BIND
dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk"
method=128 version=3
[12/Jan/2016:10:22:13 +0000] conn=30642 op=1 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=ldap,cn=sysaccounts,cn=etc,dc=identity,dc=cfms,dc=org,dc=uk"
[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 SRCH
base="cn=groups,cn=accounts,dc=identity,dc=cfms,dc=org,dc=uk" scope=2
filter="(cn=*)" attrs="memberOf"
[12/Jan/2016:10:22:13 +0000] conn=30642 op=2 RESULT err=0 tag=101
nentries=145 etime=0
[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 UNBIND
[12/Jan/2016:10:22:13 +0000] conn=30642 op=3 fd=128 closed - U1
This is where it's searching for a group that exists but it doesn't return
any result.
Kind Regards,
Josh Cullum
On Tue, Jan 12, 2016 at 10:14 AM Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> Hi Josh,
>
> On Tue, 12 Jan 2016, CFMS Support wrote:
> >Brilliant thanks. I still don't seem to be able to see any users, and
> >cannot sign in as a user from one of the groups that I can see.
> >
> >Do you have any ideas about groups, I'm only picking up 8 static groups
> >when Member Attribute is set to memberof (Filter is cn=<GROUPNAME> and DN
> >is cn=groups,cn=accounts)
> Show entries from /var/log/dirsrv/slapd-<INSTANC>/access that correspond
> in time and connection from the PSA IP addresses. They will tell us what
> exactly PSA tries to do.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160112/f0f54fee/attachment.htm>
More information about the Freeipa-users
mailing list