Apple Open Directory is as follows:
cn=users,dc=host,dc=domain,dc=tld
cn=groups,dc=host,dc=domain,dc=tld
User records have the following object classes:
- person
- top
- organizationalPerson
- extensibleObject
- apple-user
- shadowAccount
- posixAccount
- inetOrgPerson
Group records have the fol
alled I can't just add the
certs. Either the uninstall needs to clean up the .csr or the
installer needs to not assume so much just from the existence of a
.csr
On Mon, Jan 24, 2011 at 1:55 PM, Rob Crittenden wrote:
> Jeff B wrote:
>>
>> I'm trying to do an ipa-server-
I'm trying to do an ipa-server-install with an --external-ca but after
it generates the .csr and I sign a .crt I can't run the followup
ips-server-install to import the certificate.
I don't think I'm supposed to run an --uninstall between the
--external-ca and the --external_cert_file installatio
On Mon, Jan 24, 2011 at 10:38 AM, Jeff B wrote:
> You are right. I changed:
>
> [ policy_match ]
> countryName = match
> stateOrProvinceName = match
> organizationName = match
> organizationalUnitName = optional
> commonName =
I'm not sure if this is a user error or a bug. I didn't see a way to
tell OpenSSL to not require that Country be in the CSR.
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'MYREALM.COM'
commonName
oot cause. The workaround is to
> crank up logging on mod-rewrite.
>
> Edit the file /etc/httpd/conf.d/ipa-rewrite.conf
>
> and change
> RewriteLogLevel 0
> to
> RewriteLogLevel 9
>
> For some reason, enabling logging hides the problem.
>
>
> On 01/11/2011 11
I don't know if this is a real bug or if I have a mis-configuration.
Any advice is appreciated.
I'm setting up a FreeIPA evaluation and I can't get the Web ui show
much of anything. It updates the top right to show the Username of
the user that I kinitted with but nothing else other than the logo