Not exactly "solved" but I'll call it that, since there is no way to change the login attribute.
I've requested this feature, but I requested it through support and I'm sure it will die in a queue somewhere. On Wed, Nov 6, 2013 at 6:25 AM, Dmitri Pal <[email protected]> wrote: > On 11/05/2013 02:51 PM, KodaK wrote: > > If I use the whole connection string: > > uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com > > I can authenticate. > > > Does this count as SOLVED? > If so can you please reply with the SOLVED in the subject? > > > > On Tue, Nov 5, 2013 at 1:40 PM, KodaK <[email protected]> wrote: > >> I'm attempting to get HP ILO authenticating against IPA again. >> >> I've configured the user context in ILO as: >> >> cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com >> >> When ILO tries to connect, it sends the string: >> >> CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com >> >> Which, of course, doesn't exist. IPA uses uid=<username>, but as far >> as I can tell I can't tell ILO to use a different username attribute. It >> doesn't even look like it's trying to use a username attribute. >> >> I've tried to force it to look for uid=jebalicki by using >> "uid=jebalicki" in the login field, but that fails too. The errors in the >> errors log look like this: >> >> >> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, >> line 645]: Failed to retrieve entry "jebalicki": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry "jebalicki": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry >> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry >> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry "jebalicki": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry "jebalicki": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry >> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry >> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry "jebalicki": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry "jebalicki": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry >> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry >> "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry "uid=jebalicki": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry "uid=jebalicki": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry >> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry >> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry "uid=jebalicki": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry "uid=jebalicki": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry >> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry >> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry "uid=jebalicki": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry "uid=jebalicki": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line >> 645]: Failed to retrieve entry >> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, >> line 421]: Failed to retrieve entry >> "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 >> >> And the access log looks like this: >> >> [05/Nov/2013:13:32:06 -0600] conn=214941 fd=438 slot=438 SSL connection >> from 10.200.10.192 to 10.200.16.170 >> [05/Nov/2013:13:32:06 -0600] conn=214941 SSL 256-bit AES >> [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 BIND dn="uid=jebalicki" >> method=128 version=2 >> [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 RESULT err=32 tag=97 >> nentries=0 etime=0 >> [05/Nov/2013:13:32:06 -0600] conn=214941 op=1 BIND >> dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com" >> method=128 version=2 >> [05/Nov/2013:13:32:07 -0600] conn=214941 op=1 RESULT err=32 tag=97 >> nentries=0 etime=1 >> [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 UNBIND >> [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 fd=438 closed - U1 >> [05/Nov/2013:13:32:07 -0600] conn=214942 fd=439 slot=439 SSL connection >> from 10.200.10.192 to 10.200.16.170 >> [05/Nov/2013:13:32:07 -0600] conn=214942 SSL 256-bit AES >> [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 BIND dn="uid=jebalicki" >> method=128 version=2 >> [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 RESULT err=32 tag=97 >> nentries=0 etime=0 >> [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 UNBIND >> [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 fd=439 closed - U1 >> [05/Nov/2013:13:32:07 -0600] conn=214943 fd=438 slot=438 SSL connection >> from 10.200.10.192 to 10.200.16.170 >> [05/Nov/2013:13:32:07 -0600] conn=214943 SSL 256-bit AES >> [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 BIND >> dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com" >> method=128 version=2 >> [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 RESULT err=32 tag=97 >> nentries=0 etime=0 >> [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 UNBIND >> [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 fd=438 closed - U1 >> >> Is there any way to force things on the IPA side? Can I automatically >> attach on the necessary components to the provided username? >> >> > > > -- > The government is going to read our mail anyway, might as well make it > tough for them. GPG Public key ID: B6A1A7C6 > > > _______________________________________________ > Freeipa-users mailing > [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
