Your listing of the filter seems incorrect unless that is a copy paste problem. You probably want cn=users,cn=accounts, $Suffix. The filter listed above shows user,cn=accounts,$Suffix. I am not familiar with Qradar but does it need just the uid of the user or does it need the full DN of the user?
*Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Mon, May 8, 2017 at 4:47 PM, Sean Hogan <scho...@us.ibm.com> wrote: > Thanks Michael, > > Yes sir, the qradar box is able to hit the ipa server on 389 and 636 with > success via telnet. > > > > Sean Hogan > > > > > > > > [image: Inactive hide details for Michael Plemmons ---05/08/2017 01:21:17 > PM--->From the server running Qradar can you ping the IPA ser]Michael > Plemmons ---05/08/2017 01:21:17 PM--->From the server running Qradar can > you ping the IPA server? Are you able to telnet to port 389 or > > From: Michael Plemmons <michael.plemm...@crosschx.com> > To: freeipa-users <freeipa-users@redhat.com> > Date: 05/08/2017 01:21 PM > Subject: Re: [Freeipa-users] qradar UBA to IPA > Sent by: freeipa-users-boun...@redhat.com > ------------------------------ > > > > From the server running Qradar can you ping the IPA server? Are you able > to telnet to port 389 or 636 of the IPA server. The error says it can't > contact the LDAP server which usually means you have not gotten to the > point of authentication yet. > > > > > *Mike Plemmons | Senior DevOps Engineer | CROSSCHX* > 614.427.2411 > *mike.plemm...@crosschx.com* <mike.plemm...@crosschx.com> > *www.crosschx.com* <http://www.crosschx.com/> > > On Mon, May 8, 2017 at 3:31 PM, Sean Hogan <*scho...@us.ibm.com* > <scho...@us.ibm.com>> wrote: > > Hello IPA, > > I am trying to set up User Behavioral analytics from Qradar to IPA. > Having some issues with it after we got 389 and 636 open between the nets. > > Qradar Console is not in IPA and on differ net although we do have > comms on 389 and 636 now > ipa-server-3.0.0-50.el6.1.x86_64 > > > I set up an account in IPA with no HBACS or anything and just gave it > a IPA role to read data which we use in the below config. > Getting > [image: > > file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1CFC0CDDB6F2F123.jpg] > > URL I have them using ldaps://*IPofIPAserver.example.com* > <http://ipofipaserver.example.com/> > BaseDN dc=example,dc=local > filter users,cn=accounts,$Suffix > attributes are left default > username is the user i made in ipa > pw is the pw I made in ipa > > > [image: > > file:///home/schogan/Documents/SametimeTranscripts/[multi-way]/20170508-100730%7BJUSTIN%20L.%20BAUMAN's%20group%20chat%7D/IMAGE$1B778A1810D34E76.jpg] > > Has anyone attempted this or have any sample configs to play with or > see anything I am doing incorrect? > > > > > Sean Hogan > > > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > *https://www.redhat.com/mailman/listinfo/freeipa-users* > <https://www.redhat.com/mailman/listinfo/freeipa-users> > Go to *http://freeipa.org* <http://freeipa.org/> for more info on the > project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
