Hello All I am trying to connect between VMware vCenter Server and FreeIPA. so FreeIPA will become as Identity source for vCenter Server Version 7.x I am using FreeIPA version 4.11.0 which equipped with 389 Directory Server version 2.4.5
Based on the following official KB from VMware: https://knowledge.broadcom.com/external/article/316480/openldap-schemas-supported-in-vmware-vce.html The OpenLDAP schema is RFC4519 compliant. All users have an objectClass of inetOrgPerson. All groups have an objectClass of groupOfUniqueNames. All groups have a group membership attribute of uniqueMember. All users and group objects have entryUUID configured (The objects have a unique GUID and should not be changing) I created user that vCenter Server will be using in order to create the connection between vCenter Server and FreeIPA ( 389 Directory Server ) The user is: vcenter-user [root@freeipa-01 ~]# ipa user-show vcenter-user User login: vcenter-user First name: vcenter Last name: user Home directory: /home/vcenter-user Login shell: /bin/sh Principal name: [email protected] Principal alias: [email protected] Email address: [email protected] UID: 1695800005 GID: 1695800005 Account disabled: False Password: True Member of groups: ipausers, ssogroups Kerberos keys available: True # ldapsearch -D "cn=Directory Manager" -y /root/Directory-Manager-Password.txt -p 389 -h usa.internal.com -b "dc=usa,dc=internal,dc=com" "(&(objectclass=groupofnames)(member=uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com))" # extended LDIF # # LDAPv3 # base <dc=usa,dc=internal,dc=com> with scope subtree # filter: (&(objectclass=groupofnames)(member=uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com)) # requesting: ALL # # ipausers, groups, accounts, usa.internal.com dn: cn=ipausers,cn=groups,cn=accounts,dc=usa,dc=internal,dc=com objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject description: Default group for all users cn: ipausers ipaUniqueID: e4984308-5a82-11ef-ad10-005056b17439 member: uid=john,cn=users,cn=accounts,dc=usa,dc=internal,dc=com member: uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com # ssogroups, groups, accounts, usa.internal.com dn: cn=ssogroups,cn=groups,cn=accounts,dc=usa,dc=internal,dc=com cn: ssogroups description: vCenter full access groups objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject objectClass: posixgroup objectClass: ipantgroupattrs ipaUniqueID: 0d6af93c-5b3d-11ef-afed-005056b17439 gidNumber: 1695800003 ipaNTSecurityIdentifier: S-1-5-21-1714751759-817553993-2692665272-1003 member: uid=john,cn=users,cn=accounts,dc=usa,dc=internal,dc=com member: uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 can you assist me with this ? Can you tell me what is missing on my configuration ? -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
