hello world via FreeIPA-users wrote: > Rob Crittenden wrote: >> hello world via FreeIPA-users wrote: >>> Hello All >>> I am trying to connect between VMware vCenter Server and FreeIPA. so >>> FreeIPA will become as Identity source for vCenter Server Version 7.x >>> I am using FreeIPA version 4.11.0 which equipped with 389 Directory Server >>> version 2.4.5 >>> Based on the following official KB from VMware: >>> https://knowledge.broadcom.com/external/article/316480/openldap-schemas-supp... >>> The OpenLDAP schema is RFC4519 compliant. >>> All users have an objectClass of inetOrgPerson. >>> All groups have an objectClass of groupOfUniqueNames. >>> All groups have a group membership attribute of uniqueMember. >>> All users and group objects have entryUUID configured (The objects have a >>> unique GUID and should not be changing) >>> I created user that vCenter Server will be using in order to create the >>> connection between vCenter Server and FreeIPA ( 389 Directory Server ) >>> The user is: vcenter-user >>> [root@freeipa-01 ~]# ipa user-show vcenter-user >>> User login: vcenter-user >>> First name: vcenter >>> Last name: user >>> Home directory: /home/vcenter-user >>> Login shell: /bin/sh >>> Principal name: [email protected] >>> Principal alias: [email protected] >>> Email address: [email protected] >>> UID: 1695800005 >>> GID: 1695800005 >>> Account disabled: False >>> Password: True >>> Member of groups: ipausers, ssogroups >>> Kerberos keys available: True >>> # ldapsearch -D "cn=Directory Manager" -y >>> /root/Directory-Manager-Password.txt -p 389 -h usa.internal.com -b >>> "dc=usa,dc=internal,dc=com" >>> "(&(objectclass=groupofnames)(member=uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com))" >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <dc=usa,dc=internal,dc=com> with scope subtree >>> # filter: >>> (&(objectclass=groupofnames)(member=uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com)) >>> # requesting: ALL >>> # >>> # ipausers, groups, accounts, usa.internal.com >>> dn: cn=ipausers,cn=groups,cn=accounts,dc=usa,dc=internal,dc=com >>> objectClass: top >>> objectClass: groupofnames >>> objectClass: nestedgroup >>> objectClass: ipausergroup >>> objectClass: ipaobject >>> description: Default group for all users >>> cn: ipausers >>> ipaUniqueID: e4984308-5a82-11ef-ad10-005056b17439 >>> member: uid=john,cn=users,cn=accounts,dc=usa,dc=internal,dc=com >>> member: uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com >>> # ssogroups, groups, accounts, usa.internal.com >>> dn: cn=ssogroups,cn=groups,cn=accounts,dc=usa,dc=internal,dc=com >>> cn: ssogroups >>> description: vCenter full access groups >>> objectClass: top >>> objectClass: groupofnames >>> objectClass: nestedgroup >>> objectClass: ipausergroup >>> objectClass: ipaobject >>> objectClass: posixgroup >>> objectClass: ipantgroupattrs >>> ipaUniqueID: 0d6af93c-5b3d-11ef-afed-005056b17439 >>> gidNumber: 1695800003 >>> ipaNTSecurityIdentifier: S-1-5-21-1714751759-817553993-2692665272-1003 >>> member: uid=john,cn=users,cn=accounts,dc=usa,dc=internal,dc=com >>> member: uid=vcenter-user,cn=users,cn=accounts,dc=usa,dc=internal,dc=com >>> # search result >>> search: 2 >>> result: 0 Success >>> # numResponses: 3 >>> # numEntries: 2 >>> can you assist me with this ? >>> Can you tell me what is missing on my configuration ? >>> See this post from a few years ago: >> https://lists.fedoraproject.org/archives/list/[email protected]... >> I'm not aware that anything has changed since then. >> There have been other posts on this as well but unfortunately search is >> currently disabled on the freeipa-users list archive so finding them is >> tedious. >> rob > > > How to Implement what described on following URL: > https://www.freeipa.org/page/V4/Data_transformation ? > it is stated on this URL: "the admin should configure filter transformation > plugin" > > but from the article is not explained how to install filter transformation > plugin into FreeIPA ? >
That is a design that was never implemented. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
