Thanks Martin!
On Tue, Aug 12, 2014 at 9:50 AM, Martin Kosek <mko...@redhat.com> wrote: > Thank you! I liked this page to > http://www.freeipa.org/page/HowTos#Authentication > and also improved formatting of the page. I am not sure about the "role" > section though, we do not use "role" objectclass, so Okta's search probably > returns no results anyway. It may be better to keep that blank IMO. > > Martin > > On 08/12/2014 03:46 PM, Chris Whittle wrote: > > http://www.freeipa.org/page/HowTo/Integrate_With_Okta > > > > > > On Sat, Aug 9, 2014 at 11:31 PM, Dmitri Pal <d...@redhat.com> wrote: > > > >> On 08/08/2014 04:26 PM, Chris Whittle wrote: > >> > >> Hey Dimitri, What do you mean? Both of them gave me the same answer and > >> it worked. > >> > >> > >> Right, now you have the knowledge which is burred in a mail thread and > >> would be hard to find for others that might want to follow your steps. > >> I was hoping you would find some time to summarize your setup and > >> experience and share with others via a HOWTO page on the FreeIPA site > [1]. > >> > >> [1] http://www.freeipa.org/page/HowTos > >> > >> Thanks > >> Dmitri > >> > >> > >> On Aug 8, 2014 3:25 PM, "Dmitri Pal" <d...@redhat.com> wrote: > >> > >>> On 08/07/2014 02:21 PM, Chris Whittle wrote: > >>> > >>> Thanks guys that works! > >>> > >>> > >>> > >>> And what about HOWTO? ;-) > >>> > >>> > >>> > >>> > >>> On Thu, Aug 7, 2014 at 12:22 PM, Lucas Yamanishi < > lyamani...@sesda3.com> > >>> wrote: > >>> > >>>> On 08/07/2014 12:18 PM, Chris Whittle wrote: > >>>> > >>>> I'm currently working on a trial with OKTA and have installed their > >>>> server agent with no issues. Now I'm trying to map FreeIPA > attributes with > >>>> OKTA's > >>>> > >>>> I'm getting no entries found, which leads me to think I'm missing > >>>> something > >>>> [image: Inline image 1] > >>>> [image: Inline image 2] > >>>> [image: Inline image 3] > >>>> Thanks! > >>>> > >>>> > >>>> The objectClass values look incorrect. Try posixAccount and > posixGroup > >>>> for users and groups. Roles are groupOfNames, but that’s a little less > >>>> specific and will match non-role entries without a search base. > >>>> > >>>> You can easily look up raw entries to check your mappings with > commands > >>>> like these (the —all and —raw options are available for all *-show > >>>> commands, afaik): > >>>> > >>>> ipa user-show --all --raw $USER_NAME > >>>> ipa group-show --all --raw $GROUP > >>>> ipa role-show --all --raw $ROLE > >>>> > >>>> Or pure ldaputils: > >>>> > >>>> ldapsearch -LLL -YGSSAPI -b 'cn=users,cn=accounts,dc=example,dc=com' > 'uid=$USER_NAME' > >>>> > >>>> > >>>> > >>>> -- > >>>> ----- > >>>> *question everything*learn something*answer nothing* > >>>> ------------ > >>>> Lucas Yamanishi > >>>> ------------------ > >>>> Systems Administrator, ADNET Systems, Inc. > >>>> NASA Space and Earth Science Data Analysis (606.9) > >>>> 7515 Mission Drive, Suite A100 > >>>> Lanham, MD 20706 * 301-352-4646 * 0xD354B2CB > >>>> > >>>> > >>>> -- > >>>> Manage your subscription for the Freeipa-users mailing list: > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>>> Go To http://freeipa.org for more info on the project > >>>> > >>> > >>> > >>> > >>> > >>> > >>> -- > >>> Thank you, > >>> Dmitri Pal > >>> > >>> Sr. Engineering Manager IdM portfolio > >>> Red Hat, Inc. > >>> > >>> > >>> -- > >>> Manage your subscription for the Freeipa-users mailing list: > >>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>> Go To http://freeipa.org for more info on the project > >>> > >> > >> > >> -- > >> Thank you, > >> Dmitri Pal > >> > >> Sr. Engineering Manager IdM portfolio > >> Red Hat, Inc. > >> > >> > > > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project