Using FreeIPA to provide authentication to vSphere which has been working great, but noticed that using the Compat scheme doesn’t yield the First Name and Email fields in vSphere. If I change the base DN for users and groups to the standard scheme cn=accounts then users can’t log in.
To date I’ve ignored this, but today figured it would be good to work out if there’s something I can do to modify the compat scheme so that OpenLDAP clients like vSphere that need to use the compat scheme can pull these fields.
I assume you followed a guide line https://www.freeipa.org/page/HowTo/vsphere5_integration for the initial setup. You can use similar configuration to add more attributes.
Yes, that’s the one I used.
I'll add that this isn't OpenLDAP-specific, it's more a difference in the objectclasses used to represent membership.
rob
I guess I’ll need to work out what objectclasses vSphere needs and how to check the compat scheme?
Thanks, Djerk