[Freeipa-users] Re: Fwd: [389-users] How to invalidate local cache after user changed their password

On Wed, Feb 27, 2019 at 03:28:08PM -0500, Mark Reynolds via FreeIPA-users wrote: > Forwarding to freeipa-users who have more knowledge on SSSD > > > > Forwarded Message > Subject: [389-users] How to invalidate local cache after user changed > their > password > Date:

[Freeipa-users] Re: Can not find slapi-plugin.h file in FreeIPA 4.6.4 install

This is the output of yum provides "*/slapi-plugin.h" == Repo: rhel-7-server-optional-rpms Matched from: Filename: /usr/include/dirsrv/slapi-plugin.h 389-ds-base-devel-1.3.1.6-26.el7_0.x86_64 : Development libraries for 389

[Freeipa-users] Re: Can not find slapi-plugin.h file in FreeIPA 4.6.4 install

Hi, On Thu, Feb 28, 2019 at 12:27 AM Elena Fedorov via FreeIPA-users wrote: > > > Hello, > It's puzzling but the file required to be included in any custom plugin, > slapi-plugin.h, is nowhere to be found in the FreeIPA 4.6.4 install, > API_VERSION: 2.229 > > The documentation refers to this

[Freeipa-users] Can not find slapi-plugin.h file in FreeIPA 4.6.4 install

Hello, It's puzzling but the file required to be included in any custom plugin, slapi-plugin.h, is nowhere to be found in the FreeIPA 4.6.4 install, API_VERSION: 2.229 The documentation refers to this file being either in: /usr/lib64/dirsrv/plugins/slapi-plugin.h. or in

[Freeipa-users] Re: [389-users] How to invalidate local cache after user changed their password

you might want to take a look at the man page for sss_cache We use this sss_cache occationally to flush such problems. - grant This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended

[Freeipa-users] ipa service vault - cannot find

Hi, Sorry, I am probably missing something very basic in the way how the vault should work for services... So my task is simple: let's say I want to store a secret for a script. That is, the script must be able to retrieve it in an unattended way. The script is running on a Linux server

[Freeipa-users] Re: Ca signed very for non-IPA client

Answered my own question. When I removed the "-BEGIN CERTIFICATE REQUEST-" and corresponding end lines, then we got a new error which we can easily run to ground since it's just a hostname format mismatch (short vs FQDN). Bret Wortman Founder, Damascus Products, LLC 855-644-2783

[Freeipa-users] Re: Ca signed very for non-IPA client

Well, groovy except that we still can't issue certs against non-IPA systems due to the same "TypeError: Incorrect padding" message in /var/log/httpd/error_log as before. I was able to issue a cert to a client system, so is this likely a problem with how the CSR is being created on ESXi? Bret

[Freeipa-users] Re: Ca signed very for non-IPA client

Rob, I can run "ipa help" on 2 of the 3; the 3rd yields this: # ipa help ipa: ERROR: No valid Negotiate header in server response Through some additional digging & log mining this morning, I figured out that something went tango uniform in our NTP configuration, so two of the servers were

[Freeipa-users] Re: OTP via LDAP auth time sync

Dear Rob, All, Just to be clear, we have indeed tracked this down to another issue, and the OTP/LDAP timing is fine. I imagine you already knew this, but this is confirmed to _not_ be an issue. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics