On 08/12/2014 05:26 PM, Chris Whittle wrote:
Thanks Martin!
Thank you for the contribution! Really appreciated.
On Tue, Aug 12, 2014 at 9:50 AM, Martin Kosek <mko...@redhat.com <mailto:mko...@redhat.com>> wrote:Thank you! I liked this page to http://www.freeipa.org/page/HowTos#Authentication and also improved formatting of the page. I am not sure about the "role" section though, we do not use "role" objectclass, so Okta's search probably returns no results anyway. It may be better to keep that blank IMO. Martin On 08/12/2014 03:46 PM, Chris Whittle wrote: > http://www.freeipa.org/page/HowTo/Integrate_With_Okta > > > On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <d...@redhat.com <mailto:d...@redhat.com>> wrote: > >> On 08/08/2014 04:26 PM, Chris Whittle wrote: >> >> Hey Dimitri, What do you mean? Both of them gave me the same answer and >> it worked. >> >> >> Right, now you have the knowledge which is burred in a mail thread and >> would be hard to find for others that might want to follow your steps. >> I was hoping you would find some time to summarize your setup and >> experience and share with others via a HOWTO page on the FreeIPA site [1]. >> >> [1] http://www.freeipa.org/page/HowTos >> >> Thanks >> Dmitri >> >> >> On Aug 8, 2014 3:25 PM, "Dmitri Pal" <d...@redhat.com <mailto:d...@redhat.com>> wrote: >> >>> On 08/07/2014 02:21 PM, Chris Whittle wrote: >>> >>> Thanks guys that works! >>> >>> >>> >>> And what about HOWTO? ;-) >>> >>> >>> >>> >>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi <lyamani...@sesda3.com <mailto:lyamani...@sesda3.com>> >>> wrote: >>> >>>> On 08/07/2014 12:18 PM, Chris Whittle wrote: >>>> >>>> I'm currently working on a trial with OKTA and have installed their >>>> server agent with no issues. Now I'm trying to map FreeIPA attributes with >>>> OKTA's >>>> >>>> I'm getting no entries found, which leads me to think I'm missing >>>> something >>>> [image: Inline image 1] >>>> [image: Inline image 2] >>>> [image: Inline image 3] >>>> Thanks! >>>> >>>> >>>> The objectClass values look incorrect. Try posixAccount and posixGroup >>>> for users and groups. Roles are groupOfNames, but that’s a little less >>>> specific and will match non-role entries without a search base. >>>> >>>> You can easily look up raw entries to check your mappings with commands >>>> like these (the —all and —raw options are available for all *-show >>>> commands, afaik): >>>> >>>> ipa user-show --all --raw $USER_NAME >>>> ipa group-show --all --raw $GROUP >>>> ipa role-show --all --raw $ROLE >>>> >>>> Or pure ldaputils: >>>> >>>> ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' 'uid=$USER_NAME' >>>> >>>> >>>> >>>> -- >>>> ----- >>>> *question everything*learn something*answer nothing* >>>> ------------ >>>> Lucas Yamanishi >>>> ------------------ >>>> Systems Administrator, ADNET Systems, Inc. >>>> NASA Space and Earth Science Data Analysis (606.9) >>>> 7515 Mission Drive, Suite A100 >>>> Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB >>>> >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go To http://freeipa.org for more info on the project >>>> >>> >>> >>> >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IdM portfolio >>> Red Hat, Inc. >>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go To http://freeipa.org for more info on the project >>> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> > > >
-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
