If I use the whole connection string: uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com
I can authenticate. On Tue, Nov 5, 2013 at 1:40 PM, KodaK <sako...@gmail.com> wrote: > I'm attempting to get HP ILO authenticating against IPA again. > > I've configured the user context in ILO as: > > cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com > > When ILO tries to connect, it sends the string: > > CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com > > Which, of course, doesn't exist. IPA uses uid=<username>, but as far as I > can tell I can't tell ILO to use a different username attribute. It > doesn't even look like it's trying to use a username attribute. > > I've tried to force it to look for uid=jebalicki by using "uid=jebalicki" > in the login field, but that fails too. The errors in the errors log look > like this: > > > [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry "jebalicki": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry "jebalicki": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry > "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry > "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry "jebalicki": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry "jebalicki": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry > "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry > "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry "jebalicki": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry "jebalicki": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry > "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:22:05 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry > "CN=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry "uid=jebalicki": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry "uid=jebalicki": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry > "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry > "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry "uid=jebalicki": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry "uid=jebalicki": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry > "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry > "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry "uid=jebalicki": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry "uid=jebalicki": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_preop - [file ipa_lockout.c, line > 645]: Failed to retrieve entry > "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > [05/Nov/2013:13:27:39 -0600] ipalockout_postop - [file ipa_lockout.c, line > 421]: Failed to retrieve entry > "CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com": 32 > > And the access log looks like this: > > [05/Nov/2013:13:32:06 -0600] conn=214941 fd=438 slot=438 SSL connection > from 10.200.10.192 to 10.200.16.170 > [05/Nov/2013:13:32:06 -0600] conn=214941 SSL 256-bit AES > [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 BIND dn="uid=jebalicki" > method=128 version=2 > [05/Nov/2013:13:32:06 -0600] conn=214941 op=0 RESULT err=32 tag=97 > nentries=0 etime=0 > [05/Nov/2013:13:32:06 -0600] conn=214941 op=1 BIND > dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com" > method=128 version=2 > [05/Nov/2013:13:32:07 -0600] conn=214941 op=1 RESULT err=32 tag=97 > nentries=0 etime=1 > [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 UNBIND > [05/Nov/2013:13:32:07 -0600] conn=214941 op=2 fd=438 closed - U1 > [05/Nov/2013:13:32:07 -0600] conn=214942 fd=439 slot=439 SSL connection > from 10.200.10.192 to 10.200.16.170 > [05/Nov/2013:13:32:07 -0600] conn=214942 SSL 256-bit AES > [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 BIND dn="uid=jebalicki" > method=128 version=2 > [05/Nov/2013:13:32:07 -0600] conn=214942 op=0 RESULT err=32 tag=97 > nentries=0 etime=0 > [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 UNBIND > [05/Nov/2013:13:32:07 -0600] conn=214942 op=1 fd=439 closed - U1 > [05/Nov/2013:13:32:07 -0600] conn=214943 fd=438 slot=438 SSL connection > from 10.200.10.192 to 10.200.16.170 > [05/Nov/2013:13:32:07 -0600] conn=214943 SSL 256-bit AES > [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 BIND > dn="CN=uid=jebalicki,cn=users,cn=accounts,dc=unix,dc=magellanhealth,dc=com" > method=128 version=2 > [05/Nov/2013:13:32:07 -0600] conn=214943 op=0 RESULT err=32 tag=97 > nentries=0 etime=0 > [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 UNBIND > [05/Nov/2013:13:32:07 -0600] conn=214943 op=1 fd=438 closed - U1 > > Is there any way to force things on the IPA side? Can I automatically > attach on the necessary components to the provided username? > > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users