<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/08/2014 04:26 PM, Chris Whittle
wrote:<br>
</div>
<blockquote
cite="mid:CANyEwjRydOh3rdudLqL3Je+rCC5Fvpqh7j0kkT3PsR8J_oCBgg@mail.gmail.com"
type="cite">
<p dir="ltr">Hey Dimitri, What do you mean? Both of them gave me
the same answer and it worked. </p>
</blockquote>
<br>
Right, now you have the knowledge which is burred in a mail thread
and would be hard to find for others that might want to follow your
steps.<br>
I was hoping you would find some time to summarize your setup and
experience and share with others via a HOWTO page on the FreeIPA
site [1].<br>
<br>
[1] <a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/HowTos">http://www.freeipa.org/page/HowTos</a><br>
<br>
Thanks<br>
Dmitri<br>
<br>
<blockquote
cite="mid:CANyEwjRydOh3rdudLqL3Je+rCC5Fvpqh7j0kkT3PsR8J_oCBgg@mail.gmail.com"
type="cite">
<div class="gmail_quote">On Aug 8, 2014 3:25 PM, "Dmitri Pal" <<a
moz-do-not-send="true" href="mailto:dpal@redhat.com">dpal@redhat.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>On 08/07/2014 02:21 PM, Chris Whittle wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks guys that works!</div>
</blockquote>
<br>
<br>
And what about HOWTO? ;-)<br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Aug 7, 2014 at 12:22
PM, Lucas Yamanishi <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:lyamanishi@sesda3.com"
target="_blank">lyamanishi@sesda3.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div style="font-family:Arimo,sans-serif">
<div>
<div>
<p style="margin:1.2em 0px!important">On
08/07/2014 12:18 PM, Chris Whittle wrote:</p>
<div>
<blockquote type="cite">
<div dir="ltr">I'm currently working on
a trial with OKTA and have installed
their server agent with no issues.
Now I'm trying to map FreeIPA
attributes with OKTA's
<div><br>
</div>
<div>I'm getting no entries found,
which leads me to think I'm missing
something</div>
<div><img
src="cid:part3.09070607.07070207@redhat.com"
alt="Inline image 1" height="314"
width="454"><br>
</div>
<div><img
src="cid:part4.00040306.08040203@redhat.com"
alt="Inline image 2" height="307"
width="454"><br>
</div>
<div><img
src="cid:part5.03030509.09040904@redhat.com"
alt="Inline image 3" height="313"
width="454"><br>
</div>
<div>Thanks!</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
</div>
</div>
<p style="margin:1.2em 0px!important">The
objectClass values look incorrect. Try <code
style="font-size:0.85em;font-family:Inconsolata,Droid
Sans Mono,DejaVu Sans
Mono,Consolas,Monaco,monospace;margin:0px
0.15em;padding:0px
0.3em;white-space:pre-wrap;border:1px solid
rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">posixAccount</code>
and <code
style="font-size:0.85em;font-family:Inconsolata,Droid
Sans Mono,DejaVu Sans
Mono,Consolas,Monaco,monospace;margin:0px
0.15em;padding:0px
0.3em;white-space:pre-wrap;border:1px solid
rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">posixGroup</code>
for users and groups. Roles are <code
style="font-size:0.85em;font-family:Inconsolata,Droid
Sans Mono,DejaVu Sans
Mono,Consolas,Monaco,monospace;margin:0px
0.15em;padding:0px
0.3em;white-space:pre-wrap;border:1px solid
rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline">groupOfNames</code>,
but that’s a little less specific and will
match non-role entries without a search base.</p>
<p style="margin:1.2em 0px!important">You can
easily look up raw entries to check your
mappings with commands like these (the —all
and —raw options are available for all *-show
commands, afaik):</p>
<pre style="font-size:0.85em;font-family:Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline;white-space:pre-wrap;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important;display:block;padding:0.5em;background:none repeat scroll 0% 0% rgb(35,36,31);color:rgb(248,248,242)">ipa user-show --all --raw $USER_NAME
ipa group-show --all --raw $GROUP
ipa role-show --all --raw $ROLE
</code></pre>
<p style="margin:1.2em 0px!important">Or pure
ldaputils:</p>
<pre style="font-size:0.85em;font-family:Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Inconsolata,Droid Sans Mono,DejaVu Sans Mono,Consolas,Monaco,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);background-color:rgb(248,248,248);border-radius:3px;display:inline;white-space:pre-wrap;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important;display:block;padding:0.5em;background:none repeat scroll 0% 0% rgb(35,36,31);color:rgb(248,248,242)"> ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME'
</code></pre>
<div
title="MDH:PGRpdiBjbGFzcz0ibW96LWNpdGUtcHJlZml4Ij5PbiAwOC8wNy8yMDE0IDEyOjE4IFBNLCBDaHJpcyBXaGl0dGxlIHdyb3RlOjxicj48L2Rpdj48YmxvY2txdW90ZSBjaXRlPSJtaWQ6Q0FOeUV3alNZ
WUdQd09qYm9kaGdLY2pocU09eEthSllObXVURlZkK3ktT2owcj10ajBBQG1haWwuZ21haWwuY29t
IiB0eXBlPSJjaXRlIj48ZGl2IGRpcj0ibHRyIj5JJ20gY3VycmVudGx5IHdvcmtpbmcgb24gYSB0
cmlhbCB3aXRoIE9LVEEgYW5kIGhhdmUgaW5zdGFsbGVkIHRoZWlyIHNlcnZlciBhZ2VudCB3aXRo
IG5vIGlzc3Vlcy4gJm5ic3A7Tm93IEknbSB0cnlpbmcgdG8gbWFwIEZyZWVJUEEgYXR0cmlidXRl
cyB3aXRoIE9LVEEncyZuYnNwOzxkaXY+PGJyPjwvZGl2PjxkaXY+SSdtIGdldHRpbmcgbm8gZW50
cmllcyBmb3VuZCwgd2hpY2ggbGVhZHMgbWUgdG8gdGhpbmsgSSdtIG1pc3Npbmcgc29tZXRoaW5n
PC9kaXY+CjxkaXY+PGltZyBzcmM9ImltYXA6Ly9seWFtYW5pc2hpQGltYXAuc2VzZGEzLmNvbTo5
OTMvZmV0Y2glM0VVSUQlM0UvRHJhZnRzJTNFODczNDc/aGVhZGVyPXF1b3RlYm9keSZhbXA7cGFy
dD0xLjImYW1wO2ZpbGVuYW1lPWltYWdlLnBuZyIgYWx0PSJJbmxpbmUgaW1hZ2UgMSIgaGVpZ2h0
PSIzMTQiIHdpZHRoPSI0NTQiPjxicj48L2Rpdj48ZGl2PjxpbWcgc3JjPSJpbWFwOi8vbHlhbWFu
aXNoaUBpbWFwLnNlc2RhMy5jb206OTkzL2ZldGNoJTNFVUlEJTNFL0RyYWZ0cyUzRTg3MzQ3P2hl
YWRlcj1xdW90ZWJvZHkmYW1wO3BhcnQ9MS4zJmFtcDtmaWxlbmFtZT1pbWFnZS5wbmciIGFsdD0i
SW5saW5lIGltYWdlIDIiIGhlaWdodD0iMzA3IiB3aWR0aD0iNDU0Ij48YnI+PC9kaXY+PGRpdj48
aW1nIHNyYz0iaW1hcDovL2x5YW1hbmlzaGlAaW1hcC5zZXNkYTMuY29tOjk5My9mZXRjaCUzRVVJ
RCUzRS9EcmFmdHMlM0U4NzM0Nz9oZWFkZXI9cXVvdGVib2R5JmFtcDtwYXJ0PTEuNCZhbXA7Zmls
ZW5hbWU9aW1hZ2UucG5nIiBhbHQ9IklubGluZSBpbWFnZSAzIiBoZWlnaHQ9IjMxMyIgd2lkdGg9
IjQ1NCI+PGJyPgo8L2Rpdj48ZGl2PlRoYW5rcyE8L2Rpdj48L2Rpdj4KCjxicj48ZmllbGRzZXQg
Y2xhc3M9Im1pbWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxkc2V0Pjxicj4KCjwvYmxvY2txdW90
ZT5UaGUgb2JqZWN0Q2xhc3MgdmFsdWVzIGxvb2sgaW5jb3JyZWN0LsKgIFRyeSBgcG9zaXhBY2Nv
dW50YCBhbmQgYHBvc2l4R3JvdXBgIGZvciB1c2VycyBhbmQgZ3JvdXBzLsKgIFJvbGVzIGFyZSBg
Z3JvdXBPZk5hbWVzYCwgYnV0IHRoYXQncyBhIGxpdHRsZSBsZXNzIHNwZWNpZmljIGFuZCB3aWxs
IG1hdGNoIG5vbi1yb2xlIGVudHJpZXMgd2l0aG91dCBhIHNlYXJjaCBiYXNlLjxicj48YnI+WW91
IGNhbiBlYXNpbHkgbG9vayB1cCByYXcgZW50cmllcyB0byBjaGVjayB5b3VyIG1hcHBpbmdzIHdp
dGggY29tbWFuZHMgbGlrZSB0aGVzZSAodGhlIC0tYWxsIGFuZCAtLXJhdyBvcHRpb25zIGFyZSBh
dmFpbGFibGUgZm9yIGFsbCAqLXNob3cgY29tbWFuZHMsIGFmYWlrKTo8YnI+PGJyPmBgYDxicj5p
cGEgdXNlci1zaG93IC0tYWxsIC0tcmF3ICRVU0VSX05BTUU8YnI+aXBhIGdyb3VwLXNob3cgLS1h
bGzCoCAtLXJhdyAkR1JPVVA8YnI+aXBhIHJvbGUtc2hvdyAtLWFsbCAtLXJhdyAkUk9MRTxicj5g
YGA8YnI+PGJyPk9yIHB1cmUgbGRhcHV0aWxzOjxicj48YnI+YGBgPGJyPgpsZGFwc2VhcmNoIC1M
TEwgLVlHU1NBUEkgLWIgJ2NuPXVzZXJzLGNuPWFjY291bnRzLGRjPWV4YW1wbGUsZGM9Y29tJyAn
dWlkPSRVU0VSX05BTUUnPGJyPmBgYDxicj48YnI+Cg=="
style="min-height:0;font-size:0em;padding:0;margin:0"></div>
</div>
<pre cols="72">--
-----
*question everything*learn something*answer nothing*
------------
Lucas Yamanishi
------------------
Systems Administrator, ADNET Systems, Inc.
NASA Space and Earth Science Data Analysis (606.9)
7515 Mission Drive, Suite A100
Lanham, MD 20706 * <a moz-do-not-send="true" href="tel:301-352-4646" value="+13013524646" target="_blank">301-352-4646</a> * 0xD354B2CB</pre>
</div>
<br>
--<br>
Manage your subscription for the Freeipa-users
mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true" href="http://freeipa.org"
target="_blank">http://freeipa.org</a> for more info on the
project<br>
</blockquote>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>