[Freeipa-users] qradar UBA to IPA

Michael Plemmons michael.plemmons at crosschx.com
Mon May 8 20:52:22 UTC 2017 

Your listing of the filter seems incorrect unless that is a copy paste
problem.  You probably want cn=users,cn=accounts, $Suffix.  The filter
listed above shows user,cn=accounts,$Suffix.  I am not familiar with Qradar
but does it need just the uid of the user or does it need the full DN of
the user?




*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614.427.2411
mike.plemmons at crosschx.com
www.crosschx.com

On Mon, May 8, 2017 at 4:47 PM, Sean Hogan <schogan at us.ibm.com> wrote:

> Thanks Michael,
>
> Yes sir, the qradar box is able to hit the ipa server on 389 and 636 with
> success via telnet.
>
>
>
> Sean Hogan
>
>
>
>
>
>
>
> [image: Inactive hide details for Michael Plemmons ---05/08/2017 01:21:17
> PM--->From the server running Qradar can you ping the IPA ser]Michael
> Plemmons ---05/08/2017 01:21:17 PM--->From the server running Qradar can
> you ping the IPA server? Are you able to telnet to port 389 or
>
> From: Michael Plemmons <michael.plemmons at crosschx.com>
> To: freeipa-users <freeipa-users at redhat.com>
> Date: 05/08/2017 01:21 PM
> Subject: Re: [Freeipa-users] qradar UBA to IPA
> Sent by: freeipa-users-bounces at redhat.com
> ------------------------------
>
>
>
> From the server running Qradar can you ping the IPA server?  Are you able
> to telnet to port 389 or 636 of the IPA server.  The error says it can't
> contact the LDAP server which usually means you have not gotten to the
> point of authentication yet.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
> 614.427.2411
> *mike.plemmons at crosschx.com* <mike.plemmons at crosschx.com>
> *www.crosschx.com* <http://www.crosschx.com/>
>
> On Mon, May 8, 2017 at 3:31 PM, Sean Hogan <*schogan at us.ibm.com*
> <schogan at us.ibm.com>> wrote:
>
>    Hello IPA,
>
>    I am trying to set up User Behavioral analytics from Qradar to IPA.
>    Having some issues with it after we got 389 and 636 open between the nets.
>
>    Qradar Console is not in IPA and on differ net although we do have
>    comms on 389 and 636 now
>    ipa-server-3.0.0-50.el6.1.x86_64
>
>
>    I set up an account in IPA with no HBACS or anything and just gave it
>    a IPA role to read data which we use in the below config.
>    Getting
>    [image:
>    file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1CFC0CDDB6F2F123.jpg]
>
>    URL I have them using ldaps://*IPofIPAserver.example.com*
>    <http://ipofipaserver.example.com/>
>    BaseDN dc=example,dc=local
>    filter users,cn=accounts,$Suffix
>    attributes are left default
>    username is the user i made in ipa
>    pw is the pw I made in ipa
>
>
>    [image:
>    file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1B778A1810D34E76.jpg]
>
>    Has anyone attempted this or have any sample configs to play with or
>    see anything I am doing incorrect?
>
>
>
>
>    Sean Hogan
>
>
>
>
>
>
>
>    --
>    Manage your subscription for the Freeipa-users mailing list:
> *https://www.redhat.com/mailman/listinfo/freeipa-users*
>    <https://www.redhat.com/mailman/listinfo/freeipa-users>
>    Go to *http://freeipa.org* <http://freeipa.org/> for more info on the
>    project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/e997d3aa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C022296.jpg
Type: image/jpeg
Size: 2728 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/e997d3aa/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/e997d3aa/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C340608.jpg
Type: image/jpeg
Size: 16331 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/e997d3aa/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C741579.jpg
Type: image/jpeg
Size: 27085 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/e997d3aa/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1C350018.gif
Type: image/gif
Size: 1650 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170508/e997d3aa/attachment-0001.gif>

More information about the Freeipa-users mailing list