<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 08/12/2014 05:26 PM, Chris Whittle
wrote:<br>
</div>
<blockquote
cite="mid:CANyEwjRy4V8FG0kv24A_SiEvmqKWb9s7pCUJaXaTfB4c9dc+Og@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks Martin! <br>
</div>
</blockquote>
<br>
Thank you for the contribution!<br>
Really appreciated.<br>
<br>
<blockquote
cite="mid:CANyEwjRy4V8FG0kv24A_SiEvmqKWb9s7pCUJaXaTfB4c9dc+Og@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Aug 12, 2014 at 9:50 AM, Martin
Kosek <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Thank you!
I liked this page to<br>
<a moz-do-not-send="true"
href="http://www.freeipa.org/page/HowTos#Authentication"
target="_blank">http://www.freeipa.org/page/HowTos#Authentication</a><br>
and also improved formatting of the page. I am not sure
about the "role"<br>
section though, we do not use "role" objectclass, so Okta's
search probably<br>
returns no results anyway. It may be better to keep that
blank IMO.<br>
<span class="HOEnZb"><font color="#888888"><br>
Martin<br>
</font></span>
<div class="HOEnZb">
<div class="h5"><br>
On 08/12/2014 03:46 PM, Chris Whittle wrote:<br>
> <a moz-do-not-send="true"
href="http://www.freeipa.org/page/HowTo/Integrate_With_Okta"
target="_blank">http://www.freeipa.org/page/HowTo/Integrate_With_Okta</a><br>
><br>
><br>
> On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <<a
moz-do-not-send="true" href="mailto:dpal@redhat.com">dpal@redhat.com</a>>
wrote:<br>
><br>
>> On 08/08/2014 04:26 PM, Chris Whittle wrote:<br>
>><br>
>> Hey Dimitri, What do you mean? Both of them
gave me the same answer and<br>
>> it worked.<br>
>><br>
>><br>
>> Right, now you have the knowledge which is
burred in a mail thread and<br>
>> would be hard to find for others that might
want to follow your steps.<br>
>> I was hoping you would find some time to
summarize your setup and<br>
>> experience and share with others via a HOWTO
page on the FreeIPA site [1].<br>
>><br>
>> [1] <a moz-do-not-send="true"
href="http://www.freeipa.org/page/HowTos"
target="_blank">http://www.freeipa.org/page/HowTos</a><br>
>><br>
>> Thanks<br>
>> Dmitri<br>
>><br>
>><br>
>> On Aug 8, 2014 3:25 PM, "Dmitri Pal" <<a
moz-do-not-send="true" href="mailto:dpal@redhat.com">dpal@redhat.com</a>>
wrote:<br>
>><br>
>>> On 08/07/2014 02:21 PM, Chris Whittle
wrote:<br>
>>><br>
>>> Thanks guys that works!<br>
>>><br>
>>><br>
>>><br>
>>> And what about HOWTO? ;-)<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas
Yamanishi <<a moz-do-not-send="true"
href="mailto:lyamanishi@sesda3.com">lyamanishi@sesda3.com</a>><br>
>>> wrote:<br>
>>><br>
>>>> On 08/07/2014 12:18 PM, Chris Whittle
wrote:<br>
>>>><br>
>>>> I'm currently working on a trial with
OKTA and have installed their<br>
>>>> server agent with no issues. Now I'm
trying to map FreeIPA attributes with<br>
>>>> OKTA's<br>
>>>><br>
>>>> I'm getting no entries found, which
leads me to think I'm missing<br>
>>>> something<br>
>>>> [image: Inline image 1]<br>
>>>> [image: Inline image 2]<br>
>>>> [image: Inline image 3]<br>
>>>> Thanks!<br>
>>>><br>
>>>><br>
>>>> The objectClass values look
incorrect. Try posixAccount and posixGroup<br>
>>>> for users and groups. Roles are
groupOfNames, but that’s a little less<br>
>>>> specific and will match non-role
entries without a search base.<br>
>>>><br>
>>>> You can easily look up raw entries to
check your mappings with commands<br>
>>>> like these (the —all and —raw options
are available for all *-show<br>
>>>> commands, afaik):<br>
>>>><br>
>>>> ipa user-show --all --raw $USER_NAME<br>
>>>> ipa group-show --all --raw $GROUP<br>
>>>> ipa role-show --all --raw $ROLE<br>
>>>><br>
>>>> Or pure ldaputils:<br>
>>>><br>
>>>> ldapsearch -LLL -YGSSAPI -b
'cn=users,cn=accounts,dc=example,dc=com'
'uid=$USER_NAME'<br>
>>>><br>
>>>> <br>
>>>><br>
>>>> --<br>
>>>> -----<br>
>>>> *question everything*learn
something*answer nothing*<br>
>>>> ------------<br>
>>>> Lucas Yamanishi<br>
>>>> ------------------<br>
>>>> Systems Administrator, ADNET Systems,
Inc.<br>
>>>> NASA Space and Earth Science Data
Analysis (606.9)<br>
>>>> 7515 Mission Drive, Suite A100<br>
>>>> Lanham, MD 20706 * 301-352-4646 *
0xD354B2CB<br>
>>>><br>
>>>><br>
>>>> --<br>
>>>> Manage your subscription for the
Freeipa-users mailing list:<br>
>>>> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
>>>> Go To <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
>>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> --<br>
>>> Thank you,<br>
>>> Dmitri Pal<br>
>>><br>
>>> Sr. Engineering Manager IdM portfolio<br>
>>> Red Hat, Inc.<br>
>>><br>
>>><br>
>>> --<br>
>>> Manage your subscription for the
Freeipa-users mailing list:<br>
>>> <a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
>>> Go To <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
>>><br>
>><br>
>><br>
>> --<br>
>> Thank you,<br>
>> Dmitri Pal<br>
>><br>
>> Sr. Engineering Manager IdM portfolio<br>
>> Red Hat, Inc.<br>
>><br>
>><br>
><br>
><br>
><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>