Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

D

dwatadventsol

1 Rookie

 • 

37 Posts

1414

June 27th, 2018 10:00

LDAP / FreeIPA / Red Hat Identity Manager integration

Sorry about the multi-post but I think I hit a length limit.

Whilst I can see there's lots of people trying to setup ldap auth to AD,  (I'm aware the AD directory type works just fine for some colleagues of mine).  There doesn't seem to be much in the way of setting this up with actual LDAP.

Links to people talking about Active Directory LDAP integration.

https://www.dell.com/community/Dell-OpenManage-Enterprise/Setting-up-LDAP-in-OpenManage-Enterprise/m-p/6069646

I don't have a working configuration, but hopefully this post will provide enough technical details that someone from the development team can replicate this issue.

Here is the settings I have (I've setup iDRACs to talk to FreeIPA / real LDAP so I'm pretty certain I know what I'm doing):

Screen Shot 2018-06-21 at 20.39.37.png

When I click the Test and enter valid credentials:

I get a successful response.

Screen Shot 2018-06-21 at 20.59.56.png

From there I click "Finish" then head to "Import Directory Users" (I see someone from Dell has said in one of the linked posts above this is incorrectly labelled and should be directory groups)

I then assign and import the group "ome_admins" as the "Administrator Role":

Screen Shot 2018-06-21 at 21.03.42.png

So far so good.

I logout as admin and then try to sign in user "dan" who is a member of that "ome_admins" group.  I get the same invalid credentials that most of you are seeing.

It’s a standard setup of FreeIPA, version: 4.5.0.

Here's a copy of the LDIF - https://pastebin.com/WmLyMJZA

Here's a copy of the LDAP Logs - https://pastebin.com/6T9Fpwy9

As you can see there’s an initial anonymous bind to look up my username “dan” requesting All attributes.
Then there’s a bind as my user using my full fn (pulled from the info in the previous search) which is also successful.

And then that’s the end of the log.  Nothing more.  Also no matter what settings I put into ldap server configuration pane for “Attribute of User Login”, “Attribute of Group Membership” or “Search Filter” none of them seem to be used.  Even when I put “bob” (which is obviously wrong) the FreeIPA / LDAP server reports the same searches being performed as above.

I’m guessing it’s not passing these through correctly to the ldap client.
If you’ve made it this far congrats, thanks for staying with me.  Hopefully this is enough information for someone at Dell to reproduce the issue.

dnewton_eb

1 Message

July 11th, 2018 07:00

Sorry I can't be of help but I am the same issues as well. I remember seeing before that AD/LDAP integration wasn't fully completed yet.

View More

View All

No Events found!

Top