I have a vcenter appliance and freeipa running in my environment. There are no windows machines at all, nor will there be. I have setup vca to authenticate via LDAP to IPA and this works PER USER. the issue im having is even when defining the groups context, i can not see any groups, and the freeipa users lack SSO capabilities.
At work, we have vcenter 5.5 with a server 2k12 DC and the domain users have sso and groups work.
Can anyone shed any light? there is a previous question @ VMware vCenter/ESXi with FreeIPA instead of Active Directory?
where this is discussed but the "answer" isn't helpful at all. the final comment on the page does describe my particular issue precisely though.
"There are no windows machines at all, nor will there be..."
That's fine, but don't be surprised when things don't work the way you expect them to. The path of least-resistance for directory integration with VMware is Active Directory. I've never seen references to FreeIPA actually being supported for vSphere SSO. Sorry my answers have not been helpful, but I don't think there's any reasonable expectation that this combination should work.
To my knowledge, VMware only SSO supports Active Directory, OpenLDAP and NIS.
Would attaching your FreeIPA users to vsphere.local groups be an acceptable work around? Use the vsphere.local groups for permissions within vCSA.
At least I think this will work. Our OpenLDAP doesn't match VMware's chosen schema so I wasn't able to test this out fully yet.