<div dir="ltr">Not exactly "solved" but I'll call it that, since there is no way to change the login attribute.<div><br></div><div>I've requested this feature, but I requested it through support and I'm sure it will die in a queue somewhere.</div> <div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 6, 2013 at 6:25 AM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"><div> On 11/05/2013 02:51 PM, KodaK wrote: <blockquote type="cite"> <div dir="ltr">If I use the whole connection string: <div><br> </div> <div>uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com<br> </div> <div><br> </div> <div>I can authenticate.</div> </div> </blockquote> <br></div> Does this count as SOLVED?<br> If so can you please reply with the SOLVED in the subject?<br> <br> <blockquote type="cite"><div><div> <div class="gmail_extra"> <br> <br> <div class="gmail_quote">On Tue, Nov 5, 2013 at 1:40 PM, KodaK <span dir="ltr"><<a href="mailto:sakodak@gmail.com" target="_blank">sakodak@gmail.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div dir="ltr">I'm attempting to get HP ILO authenticating against IPA again. <div><br> </div> <div>I've configured the user context in ILO as:</div> <div><br> </div> <div>cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com<br> </div> <div><br> </div> <div>When ILO tries to connect, it sends the string:</div> <div><br> </div> <div>CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com<br> </div> <div><br> </div> <div>Which, of course, doesn't exist. IPA uses uid=<username>, but as far as I can tell I can't tell ILO to use a different username attribute. It doesn't even look like it's trying to use a username attribute.</div> <div><br> </div> <div>I've tried to force it to look for uid=jebalicki by using "uid=jebalicki" in the login field, but that fails too. The errors in the errors log look like this:</div> <div><br> </div> <div><br> </div> <div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "jebalicki": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "jebalicki": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "jebalicki": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "jebalicki": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "jebalicki": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "jebalicki": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "uid=jebalicki": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "uid=jebalicki": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "uid=jebalicki": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "uid=jebalicki": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "uid=jebalicki": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "uid=jebalicki": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line 645]: Failed to retrieve entry "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> <div>[05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line 421]: Failed to retrieve entry "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32</div> </div> <div><br> </div> <div>And the access log looks like this:</div> <div><br> </div> <div> <div>[05/Nov/2013:13:32:06 -0600] conn=214941 fd=438 slot=438 SSL connection from 10.200.10.192 to 10.200.16.170</div> <div>[05/Nov/2013:13:32:06 -0600] conn=214941 SSL 256-bit AES</div> <div>[05/Nov/2013:13:32:06 -0600] conn=214941 op=0 BIND dn="uid=jebalicki" method=128 version=2</div> <div>[05/Nov/2013:13:32:06 -0600] conn=214941 op=0 RESULT err=32 tag=97 nentries=0 etime=0</div> <div>[05/Nov/2013:13:32:06 -0600] conn=214941 op=1 BIND dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com" method=128 version=2</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214941 op=1 RESULT err=32 tag=97 nentries=0 etime=1</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214941 op=2 UNBIND</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214941 op=2 fd=438 closed - U1</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214942 fd=439 slot=439 SSL connection from 10.200.10.192 to 10.200.16.170</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214942 SSL 256-bit AES</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214942 op=0 BIND dn="uid=jebalicki" method=128 version=2</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214942 op=0 RESULT err=32 tag=97 nentries=0 etime=0</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214942 op=1 UNBIND</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214942 op=1 fd=439 closed - U1</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214943 fd=438 slot=438 SSL connection from 10.200.10.192 to 10.200.16.170</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214943 SSL 256-bit AES</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214943 op=0 BIND dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com" method=128 version=2</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214943 op=0 RESULT err=32 tag=97 nentries=0 etime=0</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214943 op=1 UNBIND</div> <div>[05/Nov/2013:13:32:07 -0600] conn=214943 op=1 fd=438 closed - U1</div> </div> <div><br> </div> <div>Is there any way to force things on the IPA side? Can I automatically attach on the necessary components to the provided username?<br> </div> <div><br> </div> </div> </blockquote> </div> <br> <br clear="all"> <div><br> </div> -- <br> The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 </div> <br> <fieldset></fieldset> <br> </div></div><pre>_______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre><span><font color="#888888"> </font></span></blockquote><span><font color="#888888"> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </font></span></div> <br>_______________________________________________<br> Freeipa-users mailing list<br> <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 </div></div>