PWM w/ FreeIPA

[Andrew Meyer]

I have pwm setup and i'm using the OpenLDAP profile.  Should I be using 'other' instead?

[Andrea Favero]

I use OpenLDAP even if my backend is freeIPA

Il gio 30 ago 2018, 22:05 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

I have pwm setup and i'm using the OpenLDAP profile.  Should I be using 'other' instead?

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/652539f3-a779-462c-be1a-7d44154c404a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Andrew Meyer]

Ok thanks for the input

Also, I'm having an issue w/ my config.  It won't read the test user account.  

I'm getting this in my logs.

Aug 30 15:06:19 pwm01 server: 2018-08-30T15:06:19Z, ERROR, cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error writing database cluster heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing cluster data: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'pwmresponseset' attribute of entry 'uid=pwmtest,cn=users,cn=accounts,dc=gatewayblend,dc=net'.

https://lists.fedorahosted.org/archives/list/freeip...@lists.fedorahosted.org/thread/NWK5BGHLCSS4MXY3KUAB24QUPLGTFUOP/

Andrew Meyer

Linux DevOps Engineer

GatewayBlend

314-260-4183

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CAMC_1b7p_rNWsN6-78iqpT0_cQYw-JZXDf61bZPc_9TuV360Vg%40mail.gmail.com.

[Andrea Favero]

I could be wrong but that account might need to have admin or smiliar priviliges, that is should be part of Admins group. Try adding it to that group and see what happens

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CA%2BabcpWCXseZ8dM%2BjXSP%2BfrPaS6T4UAW3Vn3G3Ch_ho0ktYEag%40mail.gmail.com.

[Andrew Meyer]

That did not work.  Did you have to do any of the changes described here?

https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a

On Thursday, August 30, 2018 at 3:21:04 PM UTC-5, Andrea Favero wrote:

I could be wrong but that account might need to have admin or smiliar priviliges, that is should be part of Admins group. Try adding it to that group and see what happens

Il gio 30 ago 2018, 22:12 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Ok thanks for the input

Also, I'm having an issue w/ my config.  It won't read the test user account.  

I'm getting this in my logs.

Aug 30 15:06:19 pwm01 server: 2018-08-30T15:06:19Z, ERROR, cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error writing database cluster heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing cluster data: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'pwmresponseset' attribute of entry 'uid=pwmtest,cn=users,cn=accounts,dc=gatewayblend,dc=net'.

https://lists.fedorahosted.org/archives/list/freeipa-us...@lists.fedorahosted.org/thread/NWK5BGHLCSS4MXY3KUAB24QUPLGTFUOP/

[Andrea Favero]

I did read that guide but I ignored it and did my own way. I never had to edit the ldap config that deeply. 

Il gio 30 ago 2018, 22:29 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

That did not work.  Did you have to do any of the changes described here?

https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a

On Thursday, August 30, 2018 at 3:21:04 PM UTC-5, Andrea Favero wrote:

I could be wrong but that account might need to have admin or smiliar priviliges, that is should be part of Admins group. Try adding it to that group and see what happens

Il gio 30 ago 2018, 22:12 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Ok thanks for the input

Also, I'm having an issue w/ my config.  It won't read the test user account.  

I'm getting this in my logs.

Aug 30 15:06:19 pwm01 server: 2018-08-30T15:06:19Z, ERROR, cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error writing database cluster heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing cluster data: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'pwmresponseset' attribute of entry 'uid=pwmtest,cn=users,cn=accounts,dc=gatewayblend,dc=net'.

https://lists.fedorahosted.org/archives/list/freeip...@lists.fedorahosted.org/thread/NWK5BGHLCSS4MXY3KUAB24QUPLGTFUOP/

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/d329dc0a-2485-415d-8b76-0184ff2570e4%40googlegroups.com.

[Andrew Meyer]

Would you mind sharing how you set it up?  

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CAMC_1b47%2Bp745zUBJBH7Y0%2BubEcBHBJ9LkW0TPNFtpDf74-jSQ%40mail.gmail.com.

[Andrew Meyer]

Specifically the LDAP settings.  Obviously removing your ORG info.

On Thursday, August 30, 2018 at 3:49:16 PM UTC-5, Andrew Meyer wrote:

Would you mind sharing how you set it up?  

On Thu, Aug 30, 2018, 15:47 Andrea Favero <fav...@gmail.com> wrote:

I did read that guide but I ignored it and did my own way. I never had to edit the ldap config that deeply. 

Il gio 30 ago 2018, 22:29 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

That did not work.  Did you have to do any of the changes described here?

https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a

On Thursday, August 30, 2018 at 3:21:04 PM UTC-5, Andrea Favero wrote:

I could be wrong but that account might need to have admin or smiliar priviliges, that is should be part of Admins group. Try adding it to that group and see what happens

Il gio 30 ago 2018, 22:12 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Ok thanks for the input

Also, I'm having an issue w/ my config.  It won't read the test user account.  

I'm getting this in my logs.

Aug 30 15:06:19 pwm01 server: 2018-08-30T15:06:19Z, ERROR, cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error writing database cluster heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing cluster data: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'pwmresponseset' attribute of entry 'uid=pwmtest,cn=users,cn=accounts,dc=gatewayblend,dc=net'.

https://lists.fedorahosted.org/archives/list/freeipa-us...@lists.fedorahosted.org/thread/NWK5BGHLCSS4MXY3KUAB24QUPLGTFUOP/

To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general+unsubscribe@googlegroups.com.

To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/d329dc0a-2485-415d-8b76-0184ff2570e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.

To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general+unsubscribe@googlegroups.com.

[Andrea Favero]

Yes, I can give assistence but please wait for tomorrow since its 1am here. Thanks! 

Il gio 30 ago 2018, 23:02 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Specifically the LDAP settings.  Obviously removing your ORG info.

On Thursday, August 30, 2018 at 3:49:16 PM UTC-5, Andrew Meyer wrote:

Would you mind sharing how you set it up?  

On Thu, Aug 30, 2018, 15:47 Andrea Favero <fav...@gmail.com> wrote:

I did read that guide but I ignored it and did my own way. I never had to edit the ldap config that deeply. 

Il gio 30 ago 2018, 22:29 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

That did not work.  Did you have to do any of the changes described here?

https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a

On Thursday, August 30, 2018 at 3:21:04 PM UTC-5, Andrea Favero wrote:

I could be wrong but that account might need to have admin or smiliar priviliges, that is should be part of Admins group. Try adding it to that group and see what happens

Il gio 30 ago 2018, 22:12 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Ok thanks for the input

Also, I'm having an issue w/ my config.  It won't read the test user account.  

I'm getting this in my logs.

Aug 30 15:06:19 pwm01 server: 2018-08-30T15:06:19Z, ERROR, cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error writing database cluster heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing cluster data: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'pwmresponseset' attribute of entry 'uid=pwmtest,cn=users,cn=accounts,dc=gatewayblend,dc=net'.

https://lists.fedorahosted.org/archives/list/freeip...@lists.fedorahosted.org/thread/NWK5BGHLCSS4MXY3KUAB24QUPLGTFUOP/

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/d329dc0a-2485-415d-8b76-0184ff2570e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.

To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CAMC_1b47%2Bp745zUBJBH7Y0%2BubEcBHBJ9LkW0TPNFtpDf74-jSQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/4a55ff24-d776-4502-a17f-a0f940e6a955%40googlegroups.com.

[Andrew Meyer]

Sounds good.   Where are you located?

Andrew Meyer

Linux DevOps Engineer

GatewayBlend

314-260-4183

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CAMC_1b7qT-bCuhgETCHrFaZfrB6EMc4nLR8W6r_6dhobR5rG4A%40mail.gmail.com.

[Andrew Meyer]

Let me know when you have time.

On Thursday, August 30, 2018 at 5:50:03 PM UTC-5, Andrea Favero wrote:

Yes, I can give assistence but please wait for tomorrow since its 1am here. Thanks! 

Il gio 30 ago 2018, 23:02 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Specifically the LDAP settings.  Obviously removing your ORG info.

On Thursday, August 30, 2018 at 3:49:16 PM UTC-5, Andrew Meyer wrote:

Would you mind sharing how you set it up?  

On Thu, Aug 30, 2018, 15:47 Andrea Favero <fav...@gmail.com> wrote:

I did read that guide but I ignored it and did my own way. I never had to edit the ldap config that deeply. 

Il gio 30 ago 2018, 22:29 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

That did not work.  Did you have to do any of the changes described here?

https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a

On Thursday, August 30, 2018 at 3:21:04 PM UTC-5, Andrea Favero wrote:

I could be wrong but that account might need to have admin or smiliar priviliges, that is should be part of Admins group. Try adding it to that group and see what happens

Il gio 30 ago 2018, 22:12 Andrew Meyer <andrew...@gatewayblend.com> ha scritto:

Ok thanks for the input

Also, I'm having an issue w/ my config.  It won't read the test user account.  

I'm getting this in my logs.

Aug 30 15:06:19 pwm01 server: 2018-08-30T15:06:19Z, ERROR, cluster.ClusterMachine, 5093 ERROR_CLUSTER_SERVICE_ERROR (error writing database cluster heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing cluster data: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'pwmresponseset' attribute of entry 'uid=pwmtest,cn=users,cn=accounts,dc=gatewayblend,dc=net'.

https://lists.fedorahosted.org/archives/list/freeipa-us...@lists.fedorahosted.org/thread/NWK5BGHLCSS4MXY3KUAB24QUPLGTFUOP/

[Andrea Favero]

Hi Andrew,

I live in Italy. If you want we can talk via Skype for a faster troubleshooting or I could even give you access to my developement setup (both IPA and PWM). After that, you can update this thread once we've found out what the problem is. Please note that I'm not an expert or affiliated with those products in any way, I just love to help since the community has helped me a lot in the past.

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CA%2BabcpW6-YMrHV6i_fEQUE9FpvCmvY1Q1gr2kYizHxgKxxTE6A%40mail.gmail.com.

[Andrew Meyer]

I'm ok doing either way of helping.  

Andrew Meyer

Linux DevOps Engineer

GatewayBlend

314-260-4183

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CAMC_1b4k%3D6yUZrBhyH5qUDjyCq-JKu_8Vyug3gXLpMzNpHZR2A%40mail.gmail.com.

[Andrew Meyer]

I'm getting skype setup either way.

Andrew Meyer

Linux DevOps Engineer

GatewayBlend

314-260-4183

[Andrew Meyer]

And yes I know you are not an expert or affiliated with pwm.  I appreciate all the help.

Andrew Meyer

Linux DevOps Engineer

GatewayBlend

314-260-4183

[Andrea Favero]

Feel free to chat me whenever you like at the skype address faverock96

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CA%2BabcpUou4v7Ck%3DkygFb22GpkKXiXUmaqGZZiOe-fvpJQg5zzw%40mail.gmail.com.