[Freeipa-users] Re: freeIPA 4.10.1 - Oauth2.0 with Azure AD

Wed, 18 Jan 2023 09:01:07 -0800 

On ke, 18 tammi 2023, John Smith via FreeIPA-users wrote:

HI Alexander, thanks so much for reponse.

right now I'm trying to turn on:

---
[global]
oidc_child_debug_level=10
---

I've changed the /etc/ipa/server.conf and looks like this right now:


Are you adding this to /etc/ipa/default.conf or /etc/ipa/server.conf?

# systemctl cat ipa-otpd@socket
# /usr/lib/systemd/system/ipa-otpd@.service
[Unit]
Description=ipa-otpd service

[Service]
Environment=LC_ALL=C.UTF-8
EnvironmentFile=/etc/ipa/default.conf
ExecStart=/usr/libexec/ipa/ipa-otpd $ldap_uri
StandardInput=socket
StandardOutput=socket
StandardError=syslog

It imports /etc/ipa/default.conf, so that's where you should be setting
the debug option.



---
[global]
host = ipa2.(mydomain)
basedn = dc=mydomain,dc=io
realm = mydomain
domain = mydomain
xmlrpc_uri = https://ipa2.mydomain.io/ipa/xml
ldap_uri = ldapi://%2Frun%2Fslapd-mydomain.socket
mode = production
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
oidc_child_debug_level = 10
debug = True
---

and still io don't see any oidc logs like it is described: 
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html#troubleshooting-idp-integration

i'm executing

---
journalctl --follow /usr/libexec/ipa/ipa-otpd
---

and it is the same output as it was before (I already restarted the
service by ipactl restart and I even rebooted machine). In
/var/logs/messages also same output without oidc entries. Any idea why
is that?

BTW I updated sssd.



--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to