On 03/04/2015 09:43 AM, re...@hushmail.com wrote:
> Hi,I've read the thread from Nov and checked out
> http://www.freeipa.org/page/HowTo/vsphere5_integration however i'm
> still having trouble getting vpshere to use freeipa as an identity
> I've set the base DN for users and groups, the connection url and
> username and password and my vadmin account connects correctly however
> when i try to log in as a user (whom i've assigned permissions to) i
> get an authentication error that states it may be caused by a
> malfunctioning identity source.
> Also I have modified my ldap schema as directed in the howto however
> (and i'm pretty sure this is the root of my problem) I notice that
> when I do an ldapsearch for a group which i've assigned administrator
> permissions it does not have the 'uniqueMember' attribute. The
> ldapmodify command seemed to run correctly without any complaints.
> Also i'm running freeipa 4.1.
> Watching the ldap traffic between the two boxes show that vcenter is
> binding successfully however when it does a search request with the
> following filter;"Filter:
> returns no results.
> Does anyone have any suggestions?
Given that this HOWTO does not use the vanilla Schema Compatibility settings
(FreeIPA Compat Tree by default uses posixGroup objectclass and memberUid
attribute for user membership), I would check if the groups really have the
right objectclass and uniqueMember generated:
# ldapsearch -D "VSPHERE_DN" -x -w "$VSPHERE_DN_PASSWORD" -b
I expect there will be some problem preventing the LDAP search to succeed. Then
we would know where to look next.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project