[Wikimedia-l] WikiChallenge Ecoles d'Afrique won a prize

many) Florence ___ Wikimedia-l mailing list -- wikimedia-l@lists.wikimedia.org, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l Public archives at https://lists.wikimedi

[Freeipa-users] Re: Heathcheck error: expiring unused external CA

n check if everything went smoothly with "getcert list -i 20210406002321". The "status" field will transition to various states (see https://pagure.io/certmonger/blob/master/f/doc/design.txt) before it goes back to MONITORING. flo > > > Thanks! > > > > *

[Freeipa-users] Re: Heathcheck error: expiring unused external CA

Hi, On Mon, Sep 16, 2024 at 11:36 PM Dungan, Scott A. via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Running ipa-server version 4.9.13-12 on RHEL8 we are getting the following > error/warning with ipa-healthcheck: > > [ > > { > > "source": "ipahealthcheck.ds.nss_ssl", >

[Wikimania-l] Re: Wikimania

I badly need to tell you... what I have never told anyone... Le 13/09/2024 à 14:34, Wilson Oluoha a écrit : To tell you I'm sorry. On Fri, Sep 13, 2024 at 1:11 PM Thuvack N wrote: I must have called a thousand tims! On Fri, 13 Sept 2024, 14:05 Sherry A, wrote:

[Freeipa-users] Re: converting admin account to service account or disable its webui login.

Hi, On Fri, Sep 13, 2024 at 10:13 AM Tolgay Gul via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > > One of the regulators asked to disable the admin account, the idea being > that we cannot use a shared user account for any reason. But all the host > registrations use the a

[Freeipa-users] Re: FreeIPA nodes doesn't automatically replicated after continues shutdown

Hi, if the topologies contains 3 nodes, you need to make sure that the replication is not set with a single point of failure: each node needs to have a replication agreement with the 2 other nodes. Refer to https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/9/html/managing_replicati

[Freeipa-users] Re: ipaDomainResolutionOrder in SSSD not found in bind DN

Hi, On Wed, Sep 11, 2024 at 1:45 PM Daniel Paetzold via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I have setup FreeIPA to use a domain like clients.ipa.example.com > > When starting SSSD now, it tries to find th ipaDomainResolutionOrder in > > [(&(cn=ipaConfig)(objectClass=ip

[Freeipa-users] Re: CentOS 7.9, IPA version 4.6.8 named-pkcs11.service issues

Hi, what are the versions of ipa-server, bind-dyndb-ldap and bind? You may be hitting the same issue as discussed in https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/NC257TSJJXRQEKZNAXNYLPZOXNZFJCTL/ which was solved by dongrading the packages. flo On Thu,

[Freeipa-users] Re: Error upgrading to version 4.11.0

Hi, On Fri, Aug 30, 2024 at 11:59 AM Duarte Petiz via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Steps to reproduce: > > 1- Execute a docker-compose of freeipa with a clean volume (fresh install). > 2- Wait until it boots (after 2/3 minutes) everything is ok > >> [root@prod-us

[Freeipa-users] Re: time out for an external domain

Hi, On Thu, Aug 29, 2024 at 9:12 PM Ranbir via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On Thu, 2024-08-29 at 16:11 +0200, Florence Blanc-Renaud via FreeIPA- > users wrote: > > - does your Fedora 40 host have any hosts defined in its local > >

[Freeipa-users] Re: time out for an external domain

Hi, - does your Fedora 40 host have any hosts defined in its local /etc/hosts? - on your IDM servers, do you have any DNS forwarder setup? kinit admin ipa dnsconfig-show ipa dnsserver-show $HOSTNAME_OF_SERVER1 ipa dnsserver-show $HOSTNAME_OF_SERVER2 flo On Wed, Aug 28, 2024 at 9:32 PM Ranbir vi

[Wikimania-l] WikiAfrica Hour episode - 30th - 16 UTC : Wikimania 2025, 2026, etc.

"Wikimania as a collaboration of the Open" In this episode, we will discuss the largest meeting point of wikimedians – Wikimania. Wikimania 2024 was recently held in Katowice, Poland, and will in 2025 be held in Nairobi, Kenya, and in 2026 in Paris, France. The panel and guests are exploring i

[African Wikimedians] WikiAfrica Hour episode - 30th - 16 UTC : Wikimania 2025, 2026, etc.

"Wikimania as a collaboration of the Open" In this episode, we will discuss the largest meeting point of wikimedians – Wikimania. Wikimania 2024 was recently held in Katowice, Poland, and will in 2025 be held in Nairobi, Kenya, and in 2026 in Paris, France. The panel and guests are exploring i

[African Wikimedians] Job: traducteur ou traductrice. Date limite 10 septembre

ésitez pas à faire suivre :) -- _*Florence Devouard*_ UTC+2 Skype: florence.devouard | Twitter: anthere Wikimedia <https://meta.wikimedia.org/wiki/User:Anthere> | LinkedIn <https://www.linkedin.com/in/devouard/> | Website <https://www.devouard.org/> Hear my name <https

[Freeipa-users] Re: Unknown ca error preventing a variety of operations

Hi, On Mon, Aug 26, 2024 at 9:13 PM Toma Morris via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Thanks, Rob, > > ipa-cacert-manage list succeeds, with ~13 lines of output that look like > they're probably enumeration of certs. pki client init && pki ca cert find > succeeds and

[Offline-l] Re: Annual report

Hello everyone Just a friendly reminder... if you guys had activities in the past 12 months regarding offline... or want to mention future activities/goals for next year... https://meta.wikimedia.org/wiki/Offline_Projects/Reports/June_2024 Thanks Florence Le 13/07/2024 à 00:51, Florence

[Freeipa-users] Re: sidgen_task fails with SID conflict

Hi, On Fri, Aug 16, 2024 at 2:38 PM Jan Wagner via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Thanks for the quick reply! > I need to migrate a old ipa instance/domain (lets name it > ipa_old.example.com) to an new IPA instance/domain (lets name it > ipa_new.example.com) > > L

[Freeipa-users] Re: Authentication problem after kb5040430 update on microsoft radius server 2019 when using freeipa client

Hi On Thu, Aug 8, 2024 at 4:00 PM Onur Erdem Türkmen via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > After updating kb5040430 on radius server we faced authetication problem > via freeipa client. When we uninstall this update the stituation was fixed. > Our FreeIPA server is ru

[Freeipa-users] Re: sidgen_task fails with SID conflict

Hi, On Fri, Aug 16, 2024 at 9:39 AM jan wagner via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hey! > > Have similar issue. > Can you give more details? Similar how? What is not working? > Is it ok, to change the RIDs for DOMAIN_id_range_legacy? Even if they > previously star

[Freeipa-users] Re: LDAP System User permissions

Hi, On Tue, Aug 13, 2024 at 1:15 PM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > > On 13.08.24 11:35, Ronald Wimmer via FreeIPA-users wrote: > > > > > > On 13.08.24 11:17, Ronald Wimmer via FreeIPA-users wrote: > >> > >> > >> On 13.08.24 10:20, Ronald Wimmer

[Freeipa-users] Re: Authenticate users with yubikeys without importing the certificate in IPA does not work.

Hi, On Tue, Aug 6, 2024 at 10:56 PM Theodor Vallier via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, > > I'm trying to allow authentication using Yubikeys on clients without > importing user's certificates in idM. > I use an external PKI that signs everything, so I have t

[Freeipa-users] Re: `ipa-acme-manager --enable` command failed on master replica

Hi, On Mon, Jul 22, 2024 at 4:33 PM Rob Crittenden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Vadim Dobroskokin via FreeIPA-users wrote: > > Rob Crittenden wrote: > > The final line should read "INFO: ACME engine started" > > > > Yes, this line is in the log > > ``` > > 2

[Freeipa-users] Re: How does RBAC work?

Hi, On Fri, Jul 19, 2024 at 4:53 PM Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: > > > >> On 18 Jul 2024, at 22:15, Rob Crittenden wrote: > >> > >> Francis Augusto Medeiros-Logeay wrote: > >> > >> > >> > >> I am a bit lost here. Shouldn’t adding these privileges be enough to > >> cr

[Freeipa-users] Re: SID woes when trying to add a replica on Alma 9 freeipa

Hi, On Wed, Jul 31, 2024 at 12:20 PM Thomas Boroske via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello dear FreeIPA experts, > > I am currently in the process of trying to migrate a system consisting of > two ipa masters ipa1,ipa2 (no ca, no dns, no pkinit) running on CentOS

[Freeipa-users] Re: ipa: ERROR: Cannot find specified domain or server name

Hi, The ipa trust-add command expects a domain name, not a server name. Is adtest1.ad.test.example.com a server or a domain? You can check the DNS requirements in this doc: https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/9/html/installing_trust_between_idm_and_ad/configuring-dns

[Freeipa-users] Re: sidgen_task fails with SID conflict

Hi, your range configuration looks good to me. The first range covers posix ids from 944'200'000 to 944'400'000 and RIDs from 1'000 to 201'000 / secondary RIDs from 100'000'000 to 100'200'000. The legacy range covers posix ids from 1000 to 2000 and RIDs from 302'000 to 303'000 / secondary RIDs f

[Offline-l] Re: IIAB available at the Wikipedia Store

Congratulations ! I'd love one at Wikimania (or two). I can pay for them of course. Flo Le 25/07/2024 à 14:49, James Heilman a écrit : Sure can bring a bunch to Wikimania. Do you think 10 will be sufficient? J Sent from Gmail Mobile On Thu, Jul 25, 2024 at 06:13 Samuel Klein wrote:

[Offline-l] Annual report

Yes ! It is that time of the year again ! And much to my surprise... I discovered that the page already existed because Stephane created it 9 months ago :) So there it is... https://meta.wikimedia.org/wiki/Offline_Projects/Reports/June_2024 Your turn * This being said... following

[Freeipa-users] Re: Thunderbird v. 115 with FreeIPA LDAP address book

Hi, On Wed, Jul 10, 2024 at 9:02 AM Antonello Ledda via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi > We're trying to set up the Thunderbird address book to get user data from > FreeIPA LDAP service, > but we cannot get the email address of the users, we've tried with Base D

[Offline-l] Re: Movement charter ratification vote

Hello Reminder about the ongoing poll. Cast your position now :) Le 07/07/2024 à 03:19, Samuel Klein a écrit : Thanks all for the comments so far. I've found limited discussions online, but see those ongoing at the Kurier

[Freeipa-users] Re: Unable to access LDAP server - ipa-server-install

Hi, On Thu, Jul 4, 2024 at 12:04 AM M B via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > https://www.freeipa.org/page/Quick_Start_Guide > " > The rule about /etc/hosts is that the fully-qualified name must come > first. It should look like: > 10.0.0.1 server.ipa.test serve

[Freeipa-users] Re: Really old (expired) certificates showing up in ipa service-find and in the web ui

Hi, On Thu, Jul 4, 2024 at 10:18 AM Thomas Boroske via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Dear Mailing List, > > we are running a freeipa installation using two ipa master servers. > Neither the dns feature nor the CA feature are being used. > VERSION: 4.6.8, API_VERSI

[Offline-l] Re: Movement charter ratification process

You managed to sell the Charter so well Sj ;) On another note... to comment on Stephane's below... I also feel that the only real pressuring need that led to the work on this charter is decision over funding - about collecting the money (eg; having the right to fundraise), about spending the m

[Offline-l] Re: Movement charter ratification process

Nevertheless want to insist on the fact I am not sold. So if others feel unconfortable, prefer for us to abstain or vote against... I am totally fine with that. Said differently... count me rather in the "undecided - depends on the hour of the day" Flo Le 02/07/2024 à 00:47

[Offline-l] Re: Movement charter ratification process

I am going to try to put things into perspective. I do like any of the two options. I am not fan of the proposition. For all the reasons already mentionned. I also think that if it were adopted, it would take several years before getting implemented, and it would certainly be amended. I see a l

[Freeipa-users] Re: replica in DMZ with trust-agent

Hi, On Fri, Jun 28, 2024 at 4:58 PM slek kus via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > After some more searching, I see that the client contacts the AD domain > controller, asking for AAA record, then connects to the AD forest > controller, which is _not_ reachable due to

[Wikimedia-l] Re: Board requirements

in place. Why not considering getting out of the confort zone then ? Flo (1) https://foundation.wikimedia.org/w/index.php?title=Bylaws&oldid=620#ARTICLE_III:_MEMBERSHIP Le 28/06/2024 à 20:30, Florence Devouard a écrit : Greetings I can not wait to see how history of "current days&q

[Wikimedia-l] Re: Board requirements

Greetings I can not wait to see how history of "current days" related to the "Wikimedia Summit, last modifications to the Wikimedia Movement Charter proposition, and voting period" will be dealt with in 18 years in the future. It promises to be stimulating. In any cases, interesting "return

[Freeipa-users] Re: FreeIPA on CentOS 7 fails with latest bind packages

Hi, On Wed, Jun 19, 2024 at 3:32 AM Jeremy Utley via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello Everyone! > > We have a pair of IPA servers running under CentOS 7 (I know, EOL is > approaching, and we are working on migrating!). When we applied the latest > patches thi

[Freeipa-users] Re: I am unable to install freeIPA server by dnf in Redhat Linux 8.1

Hi, On Wed, Jun 19, 2024 at 3:27 AM veck zuo via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > => I am trying to deploy a freeIPA server in VM. Following the steps from > https://www.freeipa.org/page/Quick_Start_Guide . I am unable to install > the package by dnf . > > VM: > [roo

[Freeipa-users] Re: Strange users search limit appeared

Hi, On Wed, Jun 12, 2024 at 3:35 PM Anton PalkoBrosov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I make some synchronization features with freeipa. For this i need to > fetch users from LDAP db. > By default search limit is 2000 users both in GUI and API. > So i made modof

[Freeipa-users] Re: ipa-server upgrades not possible on RHEL 9 - samba-client-libs outdated

On Tue, Jun 11, 2024 at 2:54 PM Florence Blanc-Renaud wrote: > > > On Tue, Jun 11, 2024 at 10:53 AM Sam Morris via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hi folks. On a RHEL 9 system I'm getting: >> >> # dnf upgra

[Freeipa-users] Re: ipa-server upgrades not possible on RHEL 9 - samba-client-libs outdated

On Tue, Jun 11, 2024 at 10:53 AM Sam Morris via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi folks. On a RHEL 9 system I'm getting: > > # dnf upgrade > > > Updating Subscription Management repositories. > > > > Last metadata expiration check: 3:01:24 ago on Tue Jun 11 05:37:06

[Freeipa-users] Re: Remove bad replica nodes from list

p here, freeIPA giving me a hard time. I am not able to remove bad > replicas. I have tried all possible options and google + chatGPT whatever I > can do but none helping. is there any way I can remove bad replicas from my > freeIPA? > > On Thu, May 16, 2024 at 11:00 AM Satish Pate

[Freeipa-users] Re: update clients dns records

Hi, the DNS zone must also be configured to allow dynamic DNS updates, please check Configuring the DNS Zone to Allow Dynamic Updates

Re: [connect-wg] [Connect-WG] Connect WG Chairs: Call for nominations

Dear friends of the Connect-WG, Thanks for your comments. So here are going to be our 3 new Connect WG chairs, starting RIPE 89: - Will van Gulik - Stavros Konstantaras, and - Paul Hoogsteder We will announce this during our Connect-WG session on Thursday. Kind regards, Florence, Will and

[Freeipa-users] Re: 502 Server Error: Proxy Error when creating CA replica on RockyLinux 8.9

Hi, On Thu, May 16, 2024 at 4:42 AM Satish Patel via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Folks, > > I have Master freeIPA running on CentOS 7 and now trying to migrate it to > RockyLinux 8.9 (because centos7 is EOL). > > When I am running # ipa-replica-install --setup

[Freeipa-users] Re: Remove bad replica nodes from list

Hi, On Thu, May 16, 2024 at 4:05 AM Satish Patel via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Folks, > > I am trying to build some replicas and somehow they failed but because > they are half baked they are stuck in master nodes and not letting me > remove them. I have tried

[connect-wg] Agenda for the Connect-WG, RIPE 88

, Stavros Konstantaras, AMS-IX 5 Strengthening the business case for routing security, Andrei Robachevsky, Global Cyber Alliance 6 PeeringDB update, Paul Hoogsteder, PeeringDB 7 Euro-IX panel, Bijal Sanghani, Euro-IX 8 Closure Kind regards, Florence, Remco and Will Connect-WG co-chairs -- Florence

Re: [connect-wg] [Connect-WG] Connect WG Chairs: Call for nominations

Hello everyone, Following this last e-mail, we have received further nominations from: - Stavros Konstantaras, and - Paul Hoogsteder So together with Will van Gulik, we now have 3 nominees for the Connect WG chairs. I will let you discuss. Florence, Will and Remco Connect WG chairs On Mon

[Freeipa-users] Re: Is it possible to migrate otp-token from freeipa server to another ipa-server?

Hi, On Tue, May 7, 2024 at 4:33 AM Heo Paul via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > There are 2 freeipa servers and the servers are not connected. > In the condition, I need to migrate otp-token data from one to another. > But when I tried to use migrate-ds tool to migr

Re: [connect-wg] [Connect-WG] Connect WG Chairs: Call for nominations

Dear all, Moving on with step 2 of this process, here is the nomination received so far: Will van Gulik. Feel free to share your thoughts. The other Connect WG chairs, Remco van Mook and Florence Lavroff, will finish their term and step down after RIPE 88. Kind regards, Florence, Will and

[Freeipa-users] Re: Questions about replica

Hi, On Mon, May 6, 2024 at 8:57 AM Dmitry Krasov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello. > just installed replica (ipa2.dom.loc), it seems works fine. > > But how enrolled clients will know about this replica, if primary server > will be down? > If you installed

[Offline-l] Re: Notes from the WM Summit

Thank you so much dear Sj for your active participation during the summit and for the report/feedback provided to the group ! I finally took the time this evening to read again, in full, all documents, all discussion pages. I equally feel uneasy about the proposition. The version proposed las

[Freeipa-users] Re: Login failed due to an unknown reason

Hi, On Thu, May 2, 2024 at 5:12 PM Damola Azeez via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello All, > > I attempted to login to the freeipa Gui to administer a user and i found > out i wasn't able to login with any of the freeipa users. checking further, > i saw that the

[Freeipa-users] Re: LDAP conflicts after yum update on Almalinux 8.9

Hi, in your first message, the output of $ dsconf -D "cn=Directory Manager" ldap://$(hostname) repl-conflict list-glue "dc=noc,dc=net" mentions: dn: cn=sg1-replica.noc.net,cn=masters,cn=ipa,cn=etc,dc=noc,dc=net *nsds5replconflict: deletedEntryHasChildren* It means that the replication tried to de

[Freeipa-users] Re: Not possible to delete ID views from Default Trust View if user is no longer present in AD

Hi, On Mon, Apr 22, 2024 at 12:58 PM LHEUREUX Bernard via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, > > > > I’m trying to delete some anchors on Default Trust View on a FreeIPA with > trust to an AD and, I always get the message “…@... user not found » > > Effectively

[Freeipa-users] Re: LDAP conflicts after yum update on Almalinux 8.9

Hi, On Tue, Apr 23, 2024 at 9:53 AM Lee Csk via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > After performing a usual Yum update's on multiple IPA servers (not at the > same time, one server reportedly started hanging), we started observing > "LDAP Conflicts" in multiple IPA rep

[Freeipa-users] Re: pki-tomcat won't start + expired certificates

Hi, On Fri, Apr 19, 2024 at 6:20 PM Basile Pinsard via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi! > > Here is the output of ipa-cert-fix on the original instance: > > ``` > > The following certificates will be renewed: > > Dogtag sslserver certificate: > Subject: CN=ipa.

[connect-wg] RIPE 87 Connect WG minutes

Dear all, Please find below the minutes of the Connect WG session at RIPE 87, to be approved during the next session at RIPE 88 : https://www.ripe.net/community/wg/active-wg/connect/minutes/connect-working-group-minutes-ripe-87/ Thanks, Kind regards, Florence, Remco and Will Connect-WG co

[connect-wg] [Connect-WG] Connect WG Chairs: Call for nominations

ommunity/wg/active-wg/connect/>. Thanks, Kind regards, Florence, WIll and Remco Connect WG chairs -- Florence Lavroff / lavr...@google.com / +31 6 11 01 55 80 Infrastructure Acquisition and Interconnect / Google EMEA ___ connect-wg mailing list c

[Freeipa-users] Re: IPA Replica can't authenticate users

Hi, On Mon, Apr 15, 2024 at 10:10 AM John Doe wrote: > > > Den mån 15 apr. 2024 kl 09:35 skrev Florence Blanc-Renaud >: > >> Hi, >> >> On Mon, Apr 15, 2024 at 9:03 AM John Doe via FreeIPA-users < >> freeipa-users@lists.fedorahosted.org> wrote:

[Freeipa-users] Re: pki-tomcat won't start + expired certificates

Hi, On Mon, Apr 15, 2024 at 6:22 PM Basile Pinsard via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Bonjour Florence, > Thanks for your help. > > I am using the docker image `freeipa/freeipa-server:fedora-34-4.9.6`, I > guess the dependencies are correct a

[Wikimedia-l] Re: Recognition of Wikimedia Community User Group Niger

Toutes mes félicitations également. C'est une réjouissance. Anthere Le 07/04/2024 à 16:46, Affiliations Committee a écrit : Hi everyone! I'm very happy to announce that the Affiliations Committee has recognized [1] Wikimedia Community User Group Niger [2] as a Wikimedia User Group. The grou

[Wikimedia-l] Re: Recognition of Wikimedia Community User Group Botswana

Excellent news Candy and team members :)  Flo Le 03/04/2024 à 23:11, Shaba 50 a écrit : Dear Jeffrey, I am thrilled to hear about the recognition of the Wikimedia Community User Group Botswana as a Wikimedia User Group. This is a significant milestone for the Wikimedia community in Botswana

[connect-wg] Call for presentations - RIPE 88

during the session, so that we can secure a slot for you? Thanks, Kind regards, Florence, Remco and Will Connect-WG co-chairs -- Florence Lavroff / lavr...@google.com / +31 6 11 01 55 80 Infrastructure Acquisition and Interconnect / Google EMEA ___ connect

[Freeipa-users] Re: pki-tomcat won't start + expired certificates

Hi, On Fri, Apr 12, 2024 at 10:52 PM Basile Pinsard via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi freeipa experts. > > I have been using freeipa for the past 5 years running in a docker > container, no replicas. > currently on VERSION: 4.9.6, API_VERSION: 2.245 > > I have

[Freeipa-users] Re: IPA Replica can't authenticate users

Hi, On Mon, Apr 15, 2024 at 9:03 AM John Doe via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I'm playing around with IPA trying to figure out how to set it up to be > redundant. The problem is that the IPA Replica isn't able to authenticate > AD users if IPA Master is down. > M

[Publicpolicy] Webinar "WIPO Guide to Generative AI and Intellectual Property" 16th of April at 1200 GMT+2

lang=EN <https://www.wipo.int/publications/en/details.jsp?id=4713&plang=EN> Facilitated by Matt Hervey, global AI policy expert Florence ___ Publicpolicy mailing list -- publicpolicy@lists.wikimedia.org To unsubscribe send an email to p

[Freeipa-users] Re: Cannot retrieve CRL from new EL9 IPA replica

Hi, On Thu, Apr 11, 2024 at 6:02 PM Orion Poplawski wrote: > On 4/11/24 09:03, Florence Blanc-Renaud wrote: > > Hi, > > > > On Thu, Apr 11, 2024 at 12:34 AM Orion Poplawski via FreeIPA-users > > > <mailto:freeipa-users@lists.fedorahosted.org>> wrote:

[Freeipa-users] Re: Cannot retrieve CRL from new EL9 IPA replica

Hi, On Thu, Apr 11, 2024 at 12:34 AM Orion Poplawski via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I've just added an EL9 IPA replica into our domain. I seems to generally > be > working fine, but trying to download the MasterCRL.bin fails: > > ==> /var/log/httpd/access_log

[Freeipa-users] Re: CA Subsystem certificate

On Wed, Apr 3, 2024 at 5:24 AM Travis West via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > Hi, > > > > On Tue, Apr 2, 2024 at 8:50 PM Travis West via FreeIPA-users < > > freeipa-users(a)lists.fedorahosted.org> wrote: > > > > As Rob wrote, it's not a problem that getcert list,

[Freeipa-users] Re: CA Subsystem certificate

Hi, On Tue, Apr 2, 2024 at 8:50 PM Travis West via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Okay, I've generated new certs that don't have the extra space. Once > those were imported to the NSS DB I also updated the CS.cfg with the new > cert and certreq vaules for OCSP, Au

[List admins] Re: what about the admins of a list

Looks great to me ! Thanks Amir Flo Le 26/03/2024 à 19:45, Amir Sarabadani a écrit : Hi, As I told Ciell, we usually give a grace period and if no one is responding after a while, a superadmin adds more admin to that list. I will do that for the case of gendergap soon Florence Devouard

[List admins] what about the admins of a list

? Best regards Florence ___ Listadmins mailing list -- listadmins@lists.wikimedia.org To unsubscribe send an email to listadmins-le...@lists.wikimedia.org To request technical changes for a specific list, please instead create a task in Phabricator

[Offline-l] Wikimedia Tech Safari : recordings and documentation

Promoting someone else initiatives here... which might be of interest to you From Joris Darlington     We're thrilled to announce that all recorded sessions from the Wikimedia Tech Safari Program are now uploaded to the program's schedule and documentation pages!     Thank you for your patie

[Offline-l] Re: Fwd: Feedback invited on proposed requirements for affiliates & user groups recognition changes

outrageous I would say, though I am not sure we tick the “offline engagement” box in the way they meant 😊 *De :*Florence Devouard *Envoyé :* samedi, 10 février 2024 01:45 *À :* Using Wikimedia projects and MediaWiki offline *Objet :* [Offline-l] Fwd: Feedback invited on proposed requirements

[Freeipa-users] Re: ipa-setup-ca

Hi, you can download freeipa-healthcheck and run ipa-healthcheck command on the master/replica, it would help you identify any inconsistency in the configuration. Otherwise, we need more info to help you. It looks like the LDAP server certificate on the master *ldap01*.app.uaap.maxar.com has been

[Freeipa-users] Re: Using ipa-ca-install on a replica

> On 20 Mar 2024, at 16:38, Ian Kumlien wrote: > > On Wed, Mar 20, 2024 at 3:52 PM Ian Kumlien wrote: >> >>> On Wed, Mar 20, 2024 at 11:21 AM Florence Blanc-Renaud >>> wrote: >>> >>> Hi, >>> >>> On Wed, Mar 20, 2024

[Wikimedia-l] ISA Tool and Women Rights Month : improve the images description in [[category:Women in Art]]

Dear friends A few days ago, in a diff article (1), we told you the story on how we improved the ISA Tool (2) during a co-organized Hackathon (3). Key outome is... we are happy to announce that a new version of the ISA Tool is now available on toolforge for you to use. Whilst the tool would

[Commons-l] ISA Tool and Women Rights Month : improve the images description in [[category:Women in Art]]

Dear friends A few days ago, in a diff article (1), we told you the story on how we improved the ISA Tool (2) during a co-organized Hackathon (3). Key outome is... we are happy to announce that a new version of the ISA Tool is now available on toolforge for you to use. Whilst the tool would

[African Wikimedians] ISA Tool and Women Rights Month : improve the images description in [[category:Women in Art]]

Dear friends A few days ago, in a diff article (1), we told you the story on how we improved the ISA Tool (2) during a co-organized Hackathon (3). Key outome is... we are happy to announce that a new version of the ISA Tool is now available on toolforge for you to use. Whilst the tool would

[Freeipa-users] Re: Using ipa-ca-install on a replica

Hi, On Mon, Mar 18, 2024 at 3:38 PM Ian Kumlien wrote: > On Thu, Mar 14, 2024 at 7:36 PM Florence Blanc-Renaud > wrote: > > > > Hi, > > > > On Thu, Mar 14, 2024 at 8:55 AM Ian Kumlien > wrote: > >> > >> On Wed, Mar 13, 2024 at 1:58 PM Ian K

[Freeipa-users] Re: Failed FreeIPA replica installation

Hi, On Thu, Mar 14, 2024 at 9:50 PM D S via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I added more log info below and also applied this solution to generate > SIDs https://access.redhat.com/solutions/7052703 > Still unable to login via web UI and every ipa command fails. > Di

[Freeipa-users] Re: Using ipa-ca-install on a replica

Hi, On Thu, Mar 14, 2024 at 8:55 AM Ian Kumlien wrote: > On Wed, Mar 13, 2024 at 1:58 PM Ian Kumlien wrote: > > > > On Wed, Mar 13, 2024 at 11:39 AM Florence Blanc-Renaud > wrote: > > > > > > Hi, > > > > > > On Wed, Mar 13, 2024 at 10:06

[Freeipa-users] Re: ipa-setup-ca

Hi, On Thu, Mar 14, 2024 at 1:10 PM Omar Pagan via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Found this in the logs: > > INFO: Server certificate: CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar > Technologies Inc,L=Herndon,ST=Virginia,C=US > WARNING: UNTRUSTED ISSUER encountered

[Freeipa-users] Re: ipa-setup-ca

Hi, On Thu, Mar 14, 2024 at 1:43 AM Omar Pagan via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hey guys, > I finished installing two replicas of my master. Both installations of > the replicas completed successfully, but when I try to run the ipa-setup-ca > it is having some i

[Freeipa-users] Re: Using ipa-ca-install on a replica

Hi, On Wed, Mar 13, 2024 at 10:06 AM Ian Kumlien wrote: > On Tue, Mar 12, 2024 at 10:36 PM Florence Blanc-Renaud > wrote: > > > > Hi, > > > > On Tue, Mar 12, 2024 at 12:54 PM Ian Kumlien via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote:

[Freeipa-users] Re: Using ipa-ca-install on a replica

Hi, On Tue, Mar 12, 2024 at 12:54 PM Ian Kumlien via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > > So i have spent quite some time trying to get out of the swamp that is > centos stream 8 and back to something with a actual upgrade path, > fedora =) > > Everything works e

[Freeipa-users] Re: pki-tomcatd not starting

Hi, On Tue, Mar 12, 2024 at 1:49 PM Omar Pagan via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > [root @ ldap01] > $ openssl x509 -noout -text -in /var/lib/ipa/certs/httpd.crt | grep Not > Not Before: Jan 12 15:30:18 2024 GMT > Not After : Jan 11 15:30:18

[Freeipa-users] Re: pki-tomcatd not starting

Hi, in your first email you pasted the output of getcert list, and it's reporting only 7 certificates. It's likely that your server is using certmonger for the pkinit cert, the 5 certs for PKI and the RA cert, meaning that the HTTP and LDAP server certificates are externally signed and not tracked

[Wikimedia-l] Re: Dagbani Wikimedians User Group 2023 Annual Report

Abdul-Rasheed... I am so impressed by the quality of your annual report... and generally by the excellent maintenance of your UG pages on meta... it is not so frequent and it pleases me as I like it when things are clear and neatly organized. So I wanted to really underline my appreciation to

[Wikimedia-l] About the Gender Gap portal on meta

Hello friends The opportunity of Women Rights Month lead me to remind everyone of the existence of the Gender Gap portal on meta. You may find there * knowledge, research, data, reports about the gender gap to better grasp the context * Learn about the different groups active in this space a

[Wikimedia-l] Wiki Africa Hour - Celebrate WikiWomen at 16:00 UTC. Today's the Day!

For your general information. Happening today at 16h UTC Florence Message transféré Sujet : [African Wikimedians] Today's the Day! Wiki Africa Hour - Celebrate WikiWomen at 16:00 UTC. Date : Fri, 8 Mar 2024 11:02:40 +0100 De :Afek Ben Chahed Répondre à : Ma

[Freeipa-users] Re: ipa-replica-install fails during initial replication

Hi, On Fri, Feb 23, 2024 at 2:49 PM Markus Rexhepi-Lindberg via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi, > > You are right, sorry for the confusion. I have performed a new > `ipa-replica-install` and you can find the logs for the master and replica > in these links: > >

[Freeipa-users] Re: FreeIPA - access restriction

Hi, On Mon, Feb 26, 2024 at 5:03 PM Zdravko Nikolaev via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello everyone, > > I've looked up old threads and tried to find some applicable solution but > I'm kind of stuck so any advice would be appreciated. > > I'm trying to deploy a

[Freeipa-users] Re: ipa-replica-install fails during initial replication

Hi, On Fri, Feb 23, 2024 at 12:38 PM Markus Rexhepi-Lindberg via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi Florence, > > From what I can see it is setup correctly on both the master(s) and > replica. > I now understand the confusion: the logs pro

[Freeipa-users] Re: ipa-replica-install fails during initial replication

Hi Markus, On Mon, Feb 19, 2024 at 9:07 AM Markus Rexhepi-Lindberg via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi Florence, > > Thanks for looking into this I appreciate it very much! > > > ``` > master# ldapsearch -xLLL -o ldif-wrap=no -D &

[Freeipa-users] Re: Error during enrolling

Hi, On Thu, Feb 22, 2024 at 10:42 AM Dmitry Krasov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > probably it's because more high encrypt level in Centos. How to make it > lower? > Can you try with (on the client): update-crypto-policies --set DEFAULT:AD-SUPPORT-LEGACY reboot

[Freeipa-users] Re: Error during enrolling

Hi, what is the version of your server? I am asking because of the log: 2024-02-20T09:59:52Z DEBUG args=['/usr/sbin/ipa-join', '-s', 'ipa.dom.loc', '-b', 'dc=dom,dc=loc', '-h', 'centos9.dom.loc', '-k', '/etc/krb5.keytab'] 2024-02-20T09:59:53Z DEBUG Process finished, return code=0 2024-02-20T09:59:

  1   2   3   4   5   6   7   8   9   10   >