On ke, 18 tammi 2023, John Smith via FreeIPA-users wrote:
HI Alexander, thanks so much for reponse.
right now I'm trying to turn on:
---
[global]
oidc_child_debug_level=10
---
I've changed the /etc/ipa/server.conf and looks like this right now:
Are you adding this to /etc/ipa/default.conf or /etc/ipa/server.conf?
# systemctl cat ipa-otpd@socket
# /usr/lib/systemd/system/ipa-otpd@.service
[Unit]
Description=ipa-otpd service
[Service]
Environment=LC_ALL=C.UTF-8
EnvironmentFile=/etc/ipa/default.conf
ExecStart=/usr/libexec/ipa/ipa-otpd $ldap_uri
StandardInput=socket
StandardOutput=socket
StandardError=syslog
It imports /etc/ipa/default.conf, so that's where you should be setting
the debug option.
---
[global]
host = ipa2.(mydomain)
basedn = dc=mydomain,dc=io
realm = mydomain
domain = mydomain
xmlrpc_uri = https://ipa2.mydomain.io/ipa/xml
ldap_uri = ldapi://%2Frun%2Fslapd-mydomain.socket
mode = production
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
oidc_child_debug_level = 10
debug = True
---
and still io don't see any oidc logs like it is described:
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support.html#troubleshooting-idp-integration
i'm executing
---
journalctl --follow /usr/libexec/ipa/ipa-otpd
---
and it is the same output as it was before (I already restarted the
service by ipactl restart and I even rebooted machine). In
/var/logs/messages also same output without oidc entries. Any idea why
is that?
BTW I updated sssd.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue