Hello all, I'm trying to get IPA auth on Katello to work properly, however the infopipe is unable to access the right information without additional configuration. With these changes I got the infopipe to work, but then user logins started to fail due to invalid user errors.
I've added the following to the domain/xxx section on the katello server [domain/XXX] ldap_user_extra_attrs=email:mail, lastname:sn, firstname:givenname [ifp] allowed_uids=apache, root user_attributes=+email, +firstname, +lastname And on the ipa server: [nss] user_attributes=+mail, +sn, +givenname [domain/XXX] ldap_user_extra_attrs=mail, sn, givenname However, the suggested change on the IPA server (from the satellite installation guide) results in user lookup failures on client systems (not exclusive to the katello host) # id user@TRUSTED.DOMAIN<mailto:user@TRUSTED.DOMAIN> id: user@TRUSTED.DOMAIN: no such user SSSD logs do reveal a hint about whats going on: [filtered for brevity, modified for privacy] (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(|(krbPrincipalName=user@TRUSTED.DOMAIN)(mail=user@TRUSTED.DOMAIN)(krbPrincipalName=user\\@TRUSTED.DOMAIN@IPA.DOMAIN))(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=linux,dc=infra,dc=local]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [mail] (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [get_extra_attrs] (0x4000): Extra attribute [mail]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [get_extra_attrs] (0x4000): Extra attribute [mail]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [get_extra_attrs] (0x4000): Extra attribute [mail]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [get_extra_attrs] (0x4000): Extra attribute [mail]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [is_email_from_domain] (0x4000): Email [sander.lambrec...@kpn.com] is not from domain [TRUSTED.DOMAIN]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [is_email_from_domain] (0x4000): Email [sander.lambrec...@kpn.com] is not from domain [TRUSTED.DOMAIN]. (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [Attribute or value exists](20)[attribute 'mail': value #1 on 'name=user@TRUSTED.DOMAIN,cn=users,cn=TRUSTED.DOMAIN,cn=sysdb' provided more than once] (Wed Feb 22 11:51:20 2017) [sssd[be[IPA.DOMAIN]]] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [Attribute or value exists](20)[attribute 'mail': value #1 on 'name=user@TRUSTED.DOMAIN,cn=users,cn=TRUSTED.DOMAIN,cn=sysdb' provided more than once] Am I running into a bug or have I misconfigured this somewhere? Met vriendelijke groet, Wouter Hummelink Technical Consultant - Enterprise Webhosting T: +31-6-12882447 E: wouter.hummel...@kpn.com<mailto:wouter.hummel...@kpn.com>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project