[Freeipa-users] User info lookup via LDAP with Jabber +FreeIPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all So I have started testing more of the end user experience of FreeIPA with my integration docs of different services over the weekend and when I logged in as an IPA test user to Jabber, I noticed that the user details are not being populated. Article is here: https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships As an admin, these details probably seem pretty trivial and unneeded, but as an end user, this could be useful. Otherwise those fields wouldn't be in the client at all really. I used Empathy on Fedora 18 as the connecting client as it is an authenticated IPA workstation. Does anyone have any ideas/suggestions/experience on pulling those user attributes from IPA into the jabber client? Screenshot attached. Thanks all Dale -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRF48/AAoJEAJsWS61tB+q/88QAJ65I8U2nsInKBW8G8Mn241E M54fUYrhUdJm9o5PW0mgQePDsaOWYPlww8ccB7Z7k00guG3WQ0nmNuaUsSTSfd63 LBCBYTBECs9fJhU9TbQkdUlXFjGtnJmhWazuXUHOwDUAK5yFsIZxgFtLQQd9F38j TNZd87sGbrJZ4/+O4ocXWBQlzE9PcrplkXMk0pCsnbeQpzhdLUMfgnhwpK0Pfnyp dabSDdQE0HYFYFqOq7rn8W2OC9IgUk1pknapSHyqyAjIkDeh/dQem6p6CgZyrqx/ GNcf1P75UnYT6PvxQXfxQeGzLBxunQClKS+7KsxwhhsQGIMCVX0cH/1/3xzZuPjS x1PAgBSPXg7CKchoW7tmdY7S9CZ8qAuwXEzDI+++XzzPl39OXuWWL6PQk8kWVnq+ M0IGQyk2Xzrvkgr6BEOsUeQHNbfOPDQGjjjvJnUu2VLXqSeS0d2JluaFQmf7mm/P 40HvJxL7R0wkdqjOgkd+I4GbbEOtiTJyH3gPf6EKSyu423jHTpbed8GOLRX6Cq6j knhUvLXgOJQEntR1iNcs7o7e1XCpOP06J1mEknLTcnApMszPcHjDDX+3/Z6CDalP LXHe9OZglgD28xmBm4pBaLQN1q5DoXGxRExOO+BylVIn3ZkTn7A1RCkKHNIJgTxF NWk492cJ/Y99HPAd5vAi =Eiki -END PGP SIGNATURE- attachment: Jabber+IPA.png Jabber+IPA.png.sig Description: PGP signature ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Python Client
On 02/09/2013 11:53 AM, John Dennis wrote: On 02/08/2013 05:29 PM, It Meme wrote: Hi: Scenario: 1) User is created via LDAP call to IPA (i.e.the 389 Directory Server) The above user will not have IPA-specific attributes. Can we use the Python Library, or CLI, to modify the account to IPA-ize it? You're really better off using the IPA API directly rather than trying to bypass it. Why? Because we implement additional logic inside the commands. If you could achieve everything IPA does by just modifying an LDAP server there wouldn't be a need for IPA. A good example of this is group membership, some of that logic is handled directly by a plugin to the 389 DS, but a large part of it is implemented in the IPA commands that manage users and groups. You really don't want to bypass it. You have a number of options on how to call the IPA commands: 1) the ipa command line client 2) sending the command formatted in JSON to the server 3) sending the command formatted in XML-RPC to the server 4) calling the command from your own python code 5) using the web GUI It's really not hard to call the IPA command line client from a program, typically this is done via a system command of which there are a number of variants. The following thread has a discussion of how to invoke one of our commands from Python code, this particular email response from Martin shows how it can be done in in about half a dozen lines of code. https://www.redhat.com/archives/freeipa-users/2012-June/msg00334.html What I'm not understanding why you're avoiding using the commands we provide. If you're not familiar with how to call another program/process we can help you or just google it. Or is the problem your existing management system does not provide you with any hooks to execute code when an action occurs. But from everything you've said so far you imply it does provide such hooks. Perhaps if you could be more specific we could be more helpful. It seems that the management system in question can insert an entry into LDAP but can't do the generic hook. I bet this is the issue here. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] User info lookup via LDAP with Jabber +FreeIPA
On 02/10/2013 07:15 AM, Dale Macartney wrote: Hi all So I have started testing more of the end user experience of FreeIPA with my integration docs of different services over the weekend and when I logged in as an IPA test user to Jabber, I noticed that the user details are not being populated. Article is here: https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships As an admin, these details probably seem pretty trivial and unneeded, but as an end user, this could be useful. Otherwise those fields wouldn't be in the client at all really. I used Empathy on Fedora 18 as the connecting client as it is an authenticated IPA workstation. Does anyone have any ideas/suggestions/experience on pulling those user attributes from IPA into the jabber client? Screenshot attached. Thanks all Dale Would be nice to understand which attributes are expected for those. I do not think we keep a birthday in IPA. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] User info lookup via LDAP with Jabber +FreeIPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/10/2013 04:39 PM, Dmitri Pal wrote: On 02/10/2013 07:15 AM, Dale Macartney wrote: Hi all So I have started testing more of the end user experience of FreeIPA with my integration docs of different services over the weekend and when I logged in as an IPA test user to Jabber, I noticed that the user details are not being populated. Article is here: https://www.dalemacartney.com/2012/07/05/configuring-ejabberd-to-authenticate-freeipa-users-using-ldap-group-memberships As an admin, these details probably seem pretty trivial and unneeded, but as an end user, this could be useful. Otherwise those fields wouldn't be in the client at all really. I used Empathy on Fedora 18 as the connecting client as it is an authenticated IPA workstation. Does anyone have any ideas/suggestions/experience on pulling those user attributes from IPA into the jabber client? Screenshot attached. Thanks all Dale Would be nice to understand which attributes are expected for those. I do not think we keep a birthday in IPA. I did have a chuckle when I noticed that one. - From what i've been reading its just an additional section I need in the ejabberd config.. There seems support for display photos as well. Might have to pick that one up as well when I have a free moment. I'll keep the list informed on progress. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRF88kAAoJEAJsWS61tB+qWxgQALhwUOEjZS2cN0NPpdh4WXEJ Ouo41EAgAsQt4HYM6m74g/sp0hYpMwexwIDGFHydfoKtUSokHzKwOknOMubAqvOr QGbtuBfg3u95kb7bMkE7mhAhCC1U67g6fsYwYIQZ5/Dm+RfQxP2QxRdggPAG63cD ECIxLJVydf0PiI+pWp5lEHGYtxc4mLpgnJeEbd+UKUcBss+lY0ftyvMmvMeuxPip NMW62xHws0iGbldHcQPYCztfcyPoxaZXNjFknPcASf7H3gAUE9kjb8XVcVf8QN+Y HHDywahqWxFvT0+LxB8EKWLdcOsCcj0Inb9TWJuBhh+n7GKwlNI73JUlrbNThkys LysMiRoID32huHV5WDbvRJW+wOzCW8LoFQHvSao5GV1WMMPquayblNRgTIr0Vuwz HezzSFghG4r/pXl2Q9jawcOvVky3M/D03EdknrgIPSsQCKsSnb9/aQER2Q4v2Olq PMpH4hiCIH1tUH16KG6HOfcDCksxhZTd4OXn3GGc55A+u0tcM0ev9amvFkmUfHV/ up4TtSphQH3IZq4JKrs14u2QaGBm6+jT8pKU4+tVYD80nlCAd0YAjEu7RejKQPH9 3P6rbWqXkYrSA03f3VU7/DgE/f2RXhuSKBAOOQtmC+KJOdv0gpSN/xMYaQxfIV8s rygkO+Cmw0AyKNPRilvL =Ya55 -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] The htaccess login pop-up window appears but login never succeeds
On 02/10/2013 12:30 PM, Rajnesh Kumar Siwal wrote: Hi All, As I try to login into the IPA through https, it displays me a popup window to login. But login fails through it every time. I don't understand why this popup window is for. Screenshot of pop-up window attached. In the next screen, I login through Form-Based authentication and that works fine. Why does this POP-up window appears and why my login fails everytime (I try to login through admin user) Please suggest Thanks in advance. Which version of IPA do you use? Did you follow the instructions on how to import IPA cert into your browser? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] The htaccess login pop-up window appears but login never succeeds
Versions: OS: CentOS 6.3 IPA: 2.2 On Sun, Feb 10, 2013 at 5:30 PM, Rajnesh Kumar Siwal rajnesh.si...@gmail.com wrote: Hi All, As I try to login into the IPA through https, it displays me a popup window to login. But login fails through it every time. I don't understand why this popup window is for. Screenshot of pop-up window attached. In the next screen, I login through Form-Based authentication and that works fine. Why does this POP-up window appears and why my login fails everytime (I try to login through admin user) Please suggest Thanks in advance. -- Regards, Rajnesh Kumar Siwal -- Regards, Rajnesh Kumar Siwal ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] The htaccess login pop-up window appears but login never succeeds
Did you follow the instructions on how to import IPA cert into your browser ? Not yet. Will following the instructions test that part also and will let you know. But I need to understand what this htaccess page is trying to do. On Mon, Feb 11, 2013 at 4:10 AM, Rajnesh Kumar Siwal rajnesh.si...@gmail.com wrote: Versions: OS: CentOS 6.3 IPA: 2.2 On Sun, Feb 10, 2013 at 5:30 PM, Rajnesh Kumar Siwal rajnesh.si...@gmail.com wrote: Hi All, As I try to login into the IPA through https, it displays me a popup window to login. But login fails through it every time. I don't understand why this popup window is for. Screenshot of pop-up window attached. In the next screen, I login through Form-Based authentication and that works fine. Why does this POP-up window appears and why my login fails everytime (I try to login through admin user) Please suggest Thanks in advance. -- Regards, Rajnesh Kumar Siwal -- Regards, Rajnesh Kumar Siwal -- Regards, Rajnesh Kumar Siwal ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users