Hello All,
Do someone know i must configure my IPA server + the VCenter VSCA to authenticate in LDAP ?
I found several demo, but nothing run.
Thanks you in advance.
Regard Mr Karim Bourenane
Karim Bourenane via FreeIPA-users wrote:
Hello All,
Do someone know i must configure my IPA server + the VCenter VSCA to authenticate in LDAP ?
I found several demo, but nothing run.
There are known issues with integrating with VCenter 6.x. IPA doesn't provide entryUUID or uniqueMember.
A user on IRC is investigating the design at https://www.freeipa.org/page/V4/Data_transformation to provide this.
rob
Thanks you Rob for your quick reply
I will study the answer.
Bien à vous
Mr Karim Bourenane +33686464439 +32493866354
Le lun. 5 août 2019 à 16:59, Rob Crittenden rcritten@redhat.com a écrit :
Karim Bourenane via FreeIPA-users wrote:
Hello All,
Do someone know i must configure my IPA server + the VCenter VSCA to authenticate in LDAP ?
I found several demo, but nothing run.
There are known issues with integrating with VCenter 6.x. IPA doesn't provide entryUUID or uniqueMember.
A user on IRC is investigating the design at https://www.freeipa.org/page/V4/Data_transformation to provide this.
rob
Hello Rob, All team
If i undestand well, and for easy and simple modification i can : Create a Group + add a user (in normal way) as member + ipa group-mod --addattr ..... (by command line) as uniqueMember and in vCenter i get the Ldap Group + the Bind user, right ?
In my IPA configuration, i have already the ObjectClass : groupOfUniqueNames
vSphere don't want to authenticate the user. Do you have any idea, please ?
Bien à vous
Mr Karim Bourenane
Le lun. 5 août 2019 à 16:59, Rob Crittenden rcritten@redhat.com a écrit :
Karim Bourenane via FreeIPA-users wrote:
Hello All,
Do someone know i must configure my IPA server + the VCenter VSCA to authenticate in LDAP ?
I found several demo, but nothing run.
There are known issues with integrating with VCenter 6.x. IPA doesn't provide entryUUID or uniqueMember.
A user on IRC is investigating the design at https://www.freeipa.org/page/V4/Data_transformation to provide this.
rob
On ti, 06 elo 2019, Karim Bourenane via FreeIPA-users wrote:
Hello Rob, All team
If i undestand well, and for easy and simple modification i can : Create a Group + add a user (in normal way) as member + ipa group-mod --addattr ..... (by command line) as uniqueMember and in vCenter i get the Ldap Group + the Bind user, right ?
No.
vCenter is not supported.
I would really suggest you to raise a case with vCenter vendor to make them aware you want it to integrate properly with RHEL IdM. With very limited configuration functionality vCenter exposes, it is not possible to integrate without emulating its behavior on the server side. This emulation requires a lot of development on the server side, as covered by the wiki page provided by Rob.
From FreeIPA point of view, if vCenter configurability could be improved, it would help many other LDAP-based products, not just FreeIPA.
In my IPA configuration, i have already the ObjectClass : groupOfUniqueNames
vSphere don't want to authenticate the user. Do you have any idea, please ?
Bien à vous
Mr Karim Bourenane
Le lun. 5 août 2019 à 16:59, Rob Crittenden rcritten@redhat.com a écrit :
Karim Bourenane via FreeIPA-users wrote:
Hello All,
Do someone know i must configure my IPA server + the VCenter VSCA to authenticate in LDAP ?
I found several demo, but nothing run.
There are known issues with integrating with VCenter 6.x. IPA doesn't provide entryUUID or uniqueMember.
A user on IRC is investigating the design at https://www.freeipa.org/page/V4/Data_transformation to provide this.
rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thank you Alexander,
The case has been opened to the vendor.
I come back if he have correct solution.
Regard
Bien à vous
Mr Karim Bourenane +33686464439 +32493866354
Le mar. 6 août 2019 à 15:10, Alexander Bokovoy abokovoy@redhat.com a écrit :
On ti, 06 elo 2019, Karim Bourenane via FreeIPA-users wrote:
Hello Rob, All team
If i undestand well, and for easy and simple modification i can : Create a Group + add a user (in normal way) as member + ipa group-mod --addattr ..... (by command line) as uniqueMember and in vCenter i get the Ldap Group + the Bind user, right ?
No.
vCenter is not supported.
I would really suggest you to raise a case with vCenter vendor to make them aware you want it to integrate properly with RHEL IdM. With very limited configuration functionality vCenter exposes, it is not possible to integrate without emulating its behavior on the server side. This emulation requires a lot of development on the server side, as covered by the wiki page provided by Rob.
From FreeIPA point of view, if vCenter configurability could be improved, it would help many other LDAP-based products, not just FreeIPA.
In my IPA configuration, i have already the ObjectClass : groupOfUniqueNames
vSphere don't want to authenticate the user. Do you have any idea, please ?
Bien à vous
Mr Karim Bourenane
Le lun. 5 août 2019 à 16:59, Rob Crittenden rcritten@redhat.com a
écrit :
Karim Bourenane via FreeIPA-users wrote:
Hello All,
Do someone know i must configure my IPA server + the VCenter VSCA to authenticate in LDAP ?
I found several demo, but nothing run.
There are known issues with integrating with VCenter 6.x. IPA doesn't provide entryUUID or uniqueMember.
A user on IRC is investigating the design at https://www.freeipa.org/page/V4/Data_transformation to provide this.
rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
-- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
freeipa-users@lists.fedorahosted.org
-
Alexander Bokovoy -
Karim Bourenane -
Rob Crittenden