On ke, 18 tammi 2023, John Smith via FreeIPA-users wrote:
HI Alexander, thanks so much for reponse.
right now I'm trying to turn on:
---
[global]
oidc_child_debug_level=10
---
I've changed the /etc/ipa/server.conf and looks like this right now:
Are you adding this to /etc/ipa/default.conf or /etc/ipa/server.conf?
# systemctl cat ipa-otpd@socket
# /usr/lib/systemd/system/ipa-otpd@.service
[Unit]
Description=ipa-otpd service
[Service]
Environment=LC_ALL=C.UTF-8
EnvironmentFile=/etc/ipa/default.conf
ExecStart=/usr/libexec/ipa/ipa-otpd $ldap_uri
StandardInput=socket
StandardOutput=socket
StandardError=syslog
It imports /etc/ipa/default.conf, so that's where you should be setting
the debug option.
---
[global]
host = ipa2.(mydomain)
basedn = dc=mydomain,dc=io
realm = mydomain
domain = mydomain
xmlrpc_uri =
https://ipa2.mydomain.io/ipa/xml
ldap_uri = ldapi://%2Frun%2Fslapd-mydomain.socket
mode = production
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
oidc_child_debug_level = 10
debug = True
---
and still io don't see any oidc logs like it is described:
https://freeipa.readthedocs.io/en/latest/workshop/12-external-idp-support...
i'm executing
---
journalctl --follow /usr/libexec/ipa/ipa-otpd
---
and it is the same output as it was before (I already restarted the
service by ipactl restart and I even rebooted machine). In
/var/logs/messages also same output without oidc entries. Any idea why
is that?
BTW I updated sssd.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland