On 03/06/2015 09:39 AM, Herwono W Wijaya wrote:
vCenter SSO works well with Univention LDAP.
Then set up a wireshark session to capture traffic between vCenter SSO
and Univention LDAP, then do the same with vCenter SSO and IPA. Then we
can compare the TCP traffic dumps.
Here I want to make sure if FreeIPA can work with vCenter SSO, because
I read it on this page:
And thanks for the help and answer any questions from me.
Have a nice day.
On 3/6/15 11:23 PM, Rich Megginson wrote:
On 03/06/2015 09:13 AM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 4:40 PM, Rich Megginson <rmegg...@redhat.com
[06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101
nentries=2 etime=0 notes=P
[06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
[06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1
vCenter SSO error:
Error: Idm client exception: Control not found
There's no error log debug level which will give us all of the
controls received by the server or all of the controls sent back
by the server. The TRACE level will give us some information.
Could it be that the "Control not found" somehow related with "page
results control" as described in
Is the "notes=P" in ipa logs a setting managed by the server or by
the type of the query done by the client?
Yes. It means the client is requesting a Simple Paged Search by
using that control.
In my past IPA 3.3.3 logs I didn't find it at the end of the log
line with nentries...
It has everything to do with the client. The server has supported
Simple Paged Search for a long time. Perhaps some newer version of
the client is requesting paged results?
Just an attempt...
One more thing - does vCenter work with another LDAP server, like
openldap or active directory? If so, try capturing a wireshark trace
of a successful search operation, then capture a wireshark trace of a
session using ipa, and we can compare them to see which controls the
working server is sending back that ipa is not.
Herwono W Wijaya
https://linuxcoding.org | *VMware vExpert 2014, 2015
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project