Hi List,
Using FreeIPA to provide authentication to vSphere which has been working great, but noticed that using the Compat scheme doesn’t yield the First Name and Email fields in vSphere. If I change the base DN for users and groups to the standard scheme cn=accounts then users can’t log in.
To date I’ve ignored this, but today figured it would be good to work out if there’s something I can do to modify the compat scheme so that OpenLDAP clients like vSphere that need to use the compat scheme can pull these fields.
Thanks, Djerk Geurts
Djerk Geurts via FreeIPA-users wrote:
Hi List,
Using FreeIPA to provide authentication to vSphere which has been working great, but noticed that using the Compat scheme doesn’t yield the First Name and Email fields in vSphere. If I change the base DN for users and groups to the standard scheme cn=accounts then users can’t log in.
To date I’ve ignored this, but today figured it would be good to work out if there’s something I can do to modify the compat scheme so that OpenLDAP clients like vSphere that need to use the compat scheme can pull these fields.
I assume you followed a guide line https://www.freeipa.org/page/HowTo/vsphere5_integration for the initial setup. You can use similar configuration to add more attributes.
I'll add that this isn't OpenLDAP-specific, it's more a difference in the objectclasses used to represent membership.
rob
Using FreeIPA to provide authentication to vSphere which has been working great, but noticed that using the Compat scheme doesn’t yield the First Name and Email fields in vSphere. If I change the base DN for users and groups to the standard scheme cn=accounts then users can’t log in.
To date I’ve ignored this, but today figured it would be good to work out if there’s something I can do to modify the compat scheme so that OpenLDAP clients like vSphere that need to use the compat scheme can pull these fields.
I assume you followed a guide line https://www.freeipa.org/page/HowTo/vsphere5_integration for the initial setup. You can use similar configuration to add more attributes.
Yes, that’s the one I used.
I'll add that this isn't OpenLDAP-specific, it's more a difference in the objectclasses used to represent membership.
rob
I guess I’ll need to work out what objectclasses vSphere needs and how to check the compat scheme?
Thanks, Djerk
freeipa-users@lists.fedorahosted.org