<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div style="font-family: Arimo,sans-serif;"
      class="markdown-here-wrapper" data-md-url="Thunderbird">
      <p style="margin: 1.2em 0px ! important;">On 08/07/2014 12:18 PM,
        Chris Whittle wrote:</p>
      <p style="margin: 1.2em 0px ! important;"></p>
      <div class="markdown-here-exclude">
        <p></p>
        <blockquote
cite="mid:CANyEwjSYYGPwOjbodhgKcjhqM=xKaJYNmuTFVd+y-Oj0r=tj0A@mail.gmail.com"
          type="cite">
          <div dir="ltr">I'm currently working on a trial with OKTA and
            have installed their server agent with no issues.  Now I'm
            trying to map FreeIPA attributes with OKTA's 
            <div><br>
            </div>
            <div>I'm getting no entries found, which leads me to think
              I'm missing something</div>
            <div><img src="cid:part1.04000706.05040909@sesda3.com"
                alt="Inline image 1" height="314" width="454"><br>
            </div>
            <div><img src="cid:part2.07060300.04090808@sesda3.com"
                alt="Inline image 2" height="307" width="454"><br>
            </div>
            <div><img src="cid:part3.08080104.06010407@sesda3.com"
                alt="Inline image 3" height="313" width="454"><br>
            </div>
            <div>Thanks!</div>
          </div>
          <br>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <br>
        </blockquote>
        <p></p>
      </div>
      <p style="margin: 1.2em 0px ! important;"></p>
      <p style="margin: 1.2em 0px ! important;">The objectClass values
        look incorrect. Try <code style="font-size: 0.85em;
          font-family: Inconsolata,Droid Sans Mono,DejaVu Sans
          Mono,Consolas,Monaco,monospace;margin: 0px 0.15em; padding:
          0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234,
          234, 234); background-color: rgb(248, 248, 248);
          border-radius: 3px; display: inline;">posixAccount</code> and
        <code style="font-size: 0.85em; font-family: Inconsolata,Droid
          Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;margin:
          0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border:
          1px solid rgb(234, 234, 234); background-color: rgb(248, 248,
          248); border-radius: 3px; display: inline;">posixGroup</code>
        for users and groups. Roles are <code style="font-size: 0.85em;
          font-family: Inconsolata,Droid Sans Mono,DejaVu Sans
          Mono,Consolas,Monaco,monospace;margin: 0px 0.15em; padding:
          0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234,
          234, 234); background-color: rgb(248, 248, 248);
          border-radius: 3px; display: inline;">groupOfNames</code>, but
        that’s a little less specific and will match non-role entries
        without a search base.</p>
      <p style="margin: 1.2em 0px ! important;">You can easily look up
        raw entries to check your mappings with commands like these (the
        —all and —raw options are available for all *-show commands,
        afaik):</p>
      <pre style="font-size: 0.85em; font-family: Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;font-size: 1em; line-height: 1.2em;margin: 1.2em 0px;"><code style="font-size: 0.85em; font-family: Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;white-space: pre; overflow: auto; border-radius: 3px; border: 1px solid rgb(204, 204, 204); padding: 0.5em 0.7em; display: block ! important;display: block; padding: 0.5em; background: none repeat scroll 0% 0% rgb(35, 36, 31);color: rgb(248, 248, 242);">ipa user-show --all --raw $USER_NAME
ipa group-show --all  --raw $GROUP
ipa role-show --all --raw $ROLE
</code></pre>
      <p style="margin: 1.2em 0px ! important;">Or pure ldaputils:</p>
      <pre style="font-size: 0.85em; font-family: Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;font-size: 1em; line-height: 1.2em;margin: 1.2em 0px;"><code style="font-size: 0.85em; font-family: Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;white-space: pre; overflow: auto; border-radius: 3px; border: 1px solid rgb(204, 204, 204); padding: 0.5em 0.7em; display: block ! important;display: block; padding: 0.5em; background: none repeat scroll 0% 0% rgb(35, 36, 31);color: rgb(248, 248, 242);"> ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME'
</code></pre>
      <div
title="MDH:PGRpdiBjbGFzcz0ibW96LWNpdGUtcHJlZml4Ij5PbiAwOC8wNy8yMDE0IDEyOjE4IFBNLCBDaHJpcyBXaGl0dGxlIHdyb3RlOjxicj48L2Rpdj48YmxvY2txdW90ZSBjaXRlPSJtaWQ6Q0FOeUV3alNZ
WUdQd09qYm9kaGdLY2pocU09eEthSllObXVURlZkK3ktT2owcj10ajBBQG1haWwuZ21haWwuY29t
IiB0eXBlPSJjaXRlIj48ZGl2IGRpcj0ibHRyIj5JJ20gY3VycmVudGx5IHdvcmtpbmcgb24gYSB0
cmlhbCB3aXRoIE9LVEEgYW5kIGhhdmUgaW5zdGFsbGVkIHRoZWlyIHNlcnZlciBhZ2VudCB3aXRo
IG5vIGlzc3Vlcy4gJm5ic3A7Tm93IEknbSB0cnlpbmcgdG8gbWFwIEZyZWVJUEEgYXR0cmlidXRl
cyB3aXRoIE9LVEEncyZuYnNwOzxkaXY+PGJyPjwvZGl2PjxkaXY+SSdtIGdldHRpbmcgbm8gZW50
cmllcyBmb3VuZCwgd2hpY2ggbGVhZHMgbWUgdG8gdGhpbmsgSSdtIG1pc3Npbmcgc29tZXRoaW5n
PC9kaXY+CjxkaXY+PGltZyBzcmM9ImltYXA6Ly9seWFtYW5pc2hpQGltYXAuc2VzZGEzLmNvbTo5
OTMvZmV0Y2glM0VVSUQlM0UvRHJhZnRzJTNFODczNDc/aGVhZGVyPXF1b3RlYm9keSZhbXA7cGFy
dD0xLjImYW1wO2ZpbGVuYW1lPWltYWdlLnBuZyIgYWx0PSJJbmxpbmUgaW1hZ2UgMSIgaGVpZ2h0
PSIzMTQiIHdpZHRoPSI0NTQiPjxicj48L2Rpdj48ZGl2PjxpbWcgc3JjPSJpbWFwOi8vbHlhbWFu
aXNoaUBpbWFwLnNlc2RhMy5jb206OTkzL2ZldGNoJTNFVUlEJTNFL0RyYWZ0cyUzRTg3MzQ3P2hl
YWRlcj1xdW90ZWJvZHkmYW1wO3BhcnQ9MS4zJmFtcDtmaWxlbmFtZT1pbWFnZS5wbmciIGFsdD0i
SW5saW5lIGltYWdlIDIiIGhlaWdodD0iMzA3IiB3aWR0aD0iNDU0Ij48YnI+PC9kaXY+PGRpdj48
aW1nIHNyYz0iaW1hcDovL2x5YW1hbmlzaGlAaW1hcC5zZXNkYTMuY29tOjk5My9mZXRjaCUzRVVJ
RCUzRS9EcmFmdHMlM0U4NzM0Nz9oZWFkZXI9cXVvdGVib2R5JmFtcDtwYXJ0PTEuNCZhbXA7Zmls
ZW5hbWU9aW1hZ2UucG5nIiBhbHQ9IklubGluZSBpbWFnZSAzIiBoZWlnaHQ9IjMxMyIgd2lkdGg9
IjQ1NCI+PGJyPgo8L2Rpdj48ZGl2PlRoYW5rcyE8L2Rpdj48L2Rpdj4KCjxicj48ZmllbGRzZXQg
Y2xhc3M9Im1pbWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxkc2V0Pjxicj4KCjwvYmxvY2txdW90
ZT5UaGUgb2JqZWN0Q2xhc3MgdmFsdWVzIGxvb2sgaW5jb3JyZWN0LsKgIFRyeSBgcG9zaXhBY2Nv
dW50YCBhbmQgYHBvc2l4R3JvdXBgIGZvciB1c2VycyBhbmQgZ3JvdXBzLsKgIFJvbGVzIGFyZSBg
Z3JvdXBPZk5hbWVzYCwgYnV0IHRoYXQncyBhIGxpdHRsZSBsZXNzIHNwZWNpZmljIGFuZCB3aWxs
IG1hdGNoIG5vbi1yb2xlIGVudHJpZXMgd2l0aG91dCBhIHNlYXJjaCBiYXNlLjxicj48YnI+WW91
IGNhbiBlYXNpbHkgbG9vayB1cCByYXcgZW50cmllcyB0byBjaGVjayB5b3VyIG1hcHBpbmdzIHdp
dGggY29tbWFuZHMgbGlrZSB0aGVzZSAodGhlIC0tYWxsIGFuZCAtLXJhdyBvcHRpb25zIGFyZSBh
dmFpbGFibGUgZm9yIGFsbCAqLXNob3cgY29tbWFuZHMsIGFmYWlrKTo8YnI+PGJyPmBgYDxicj5p
cGEgdXNlci1zaG93IC0tYWxsIC0tcmF3ICRVU0VSX05BTUU8YnI+aXBhIGdyb3VwLXNob3cgLS1h
bGzCoCAtLXJhdyAkR1JPVVA8YnI+aXBhIHJvbGUtc2hvdyAtLWFsbCAtLXJhdyAkUk9MRTxicj5g
YGA8YnI+PGJyPk9yIHB1cmUgbGRhcHV0aWxzOjxicj48YnI+YGBgPGJyPgpsZGFwc2VhcmNoIC1M
TEwgLVlHU1NBUEkgLWIgJ2NuPXVzZXJzLGNuPWFjY291bnRzLGRjPWV4YW1wbGUsZGM9Y29tJyAn
        dWlkPSRVU0VSX05BTUUnPGJyPmBgYDxicj48YnI+Cg=="
        style="height:0;font-size:0em;padding:0;margin:0;">​</div>
    </div>
    <pre class="moz-signature markdown-here-signature" cols="72">--  
-----
*question everything*learn something*answer nothing*
------------
Lucas Yamanishi
------------------
Systems Administrator, ADNET Systems, Inc.
NASA Space and Earth Science Data Analysis (606.9)
7515 Mission Drive, Suite A100
Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB</pre>
  </body>
</html>