Experience with FreeIPA

[hofman...@gmail.com]

Hi there,

have anybody successfully experience with FreeIPA and PWM?

Which Versions do you use and how are the responses stored?


Best regards,
Henry

[darragh....@gmail.com]

Hi, we do this, and it worked, it's quite some work for someone new with LDAP, tomcat and FreeIPA, but they play nice together if you've time to integrate them well.

Some feature you have to leave out or allow PWM to manage this locally as it would break IPA,

FreeIPA, version: 4.1.3
PWM v1.7.1 b1232 (Release)

Darragh

[Henry Hofmann]

Hi,

Thanks for your response.

I User pwm v1.7 with Active Directory and IT works also well.

But we plan to integrate a new LDAP based on Ipa with pwm as self service portal.

Do you store the responses in a locally database on the pwm Server?

Thanks  and best regards,
Henry

[matt....@mosaic451.com]

Hi Darrangh, I was wondering what you found was best practice for the schema extensions. Would you mind sharing what you left out in order to make this work? I'm in the middle of setup and like others before me, the test user and data looks great; however my logins continue to fail.
I'm looking now at extending the schema to include the pwmUser but did you do this? I read another post that mentioned using the database as well as ldap but I can't say I'm familiar enough with the product (pwm) yet to leverage this.
Thanks for the post -

[Darragh Grealish]

Hi Matt

sorry for the delay, yes i've been using this with the internal db, mostly for password expire and recovery responses as they can be too large for LDAP. I do remember adding pwmUser to our LDAP 369 directory (backend on FreeIPA) without any problem. Remember there are two LDAP views for this, watch for the "compact" user view as that hides allot of the needs variables PWM needs.

later this month i'll have head deep in PWM again and possible can help better then.

Darragh

[Matt Wells]

Thanks for the reply, I was able to get the login and update of security questions working with the ou=accounts DN.  The only thing now working now is the password changes.  You mention the ou=compat.  When you get time to look ( and thank you for looking ) would you mind looking to see if you added that 2nd search dn for the possible password change.   

Again, thanks for looking at this.

--

Matt Wells
Chief Systems Architect
RHCA, RHCVA - #110-000-353
(702) 808-0424
matt....@mosaic451.com
 Las Vegas | Phoenix | Portland Mosaic451.com 
CONFIDENTIALITY NOTICE: This transmittal is a confidential communication or may otherwise be privileged. If you are not intended recipient, you are hereby notified that you have received this transmittal in error and that any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this communication in error, please notify this office, and immediately delete this message and all its attachments, if any.