Re: [Freeipa-users] vcenter 5.5 and freeipa 3 authentication
2014-11-04 21:02 skrev Rob Crittenden: richard wrote: We are trying to configure vcenter 5.5 to authenticate against freeipa instead of AD. Its working for single users, we can update passwd in freeipa and they can authenticate aganinst vcenter. But we are not able to get the groups to work as we want, we cant even see them on the vcenter side. Has any one configured vcenter to authenticate against freeipa, with booth users and groups working? // Richard How are you configuring it, using the Open LDAP option? According to http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2064977 the group scheme used by IPA is not supported. They require the objectclass groupOfUniqueNames and uniqueMember. It should be possible to add configuration to IPA to enable this via the slapi-nis (schema compat) plugin. See this, https://git.fedorahosted.org/cgit/slapi-nis.git/plain/doc/sch-getting-started.txt rob Im configuring it with the OpenLdap option. I will check the slapi-nis plugin, and see if i can get it to work. Thanks for the tip. // Richard -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] vcenter 5.5 and freeipa 3 authentication
richard wrote: > We are trying to configure vcenter 5.5 to authenticate against freeipa > instead of AD. > Its working for single users, we can update passwd in freeipa and they > can authenticate aganinst vcenter. > But we are not able to get the groups to work as we want, we cant even > see them on the vcenter side. > > > Has any one configured vcenter to authenticate against freeipa, with > booth users and groups working? > > // Richard > How are you configuring it, using the Open LDAP option? According to http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2064977 the group scheme used by IPA is not supported. They require the objectclass groupOfUniqueNames and uniqueMember. It should be possible to add configuration to IPA to enable this via the slapi-nis (schema compat) plugin. See this, https://git.fedorahosted.org/cgit/slapi-nis.git/plain/doc/sch-getting-started.txt rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
[Freeipa-users] vcenter 5.5 and freeipa 3 authentication
We are trying to configure vcenter 5.5 to authenticate against freeipa instead of AD. Its working for single users, we can update passwd in freeipa and they can authenticate aganinst vcenter. But we are not able to get the groups to work as we want, we cant even see them on the vcenter side. Has any one configured vcenter to authenticate against freeipa, with booth users and groups working? // Richard -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project