Hi Florence,
Thank you for taking the time to respond.
We have a number of replicas in various campus locations around our region, and
our state and country is currently locked-down with COVID restrictions, and it
would take days to get to the replicas even without restrictions. We have had
iulian roman via FreeIPA-users wrote:
> I have added the full chain in /var/lib/ipa/certs but I do not know if that
> is the correct way.
Putting the chain in a random place is not going to work.
Try setting SSLCertificateChainFile to /etc/ipa/ca.crt in your Apache
config and restarting it.
Philipp Leusmann via FreeIPA-users wrote:
> Hi,
>
> I have just renewed freeipas externally signed CA certificate using
> 'ipa-cacert-manage renew --external-ca'
> Given the new CSR contains the same key elements as the previous one, I
> already had to ignore the duplicate while signing. Maybe
Hi Florence -
Thank you for your response. So to answer your question -
1) the directory does exist on the master
2) the cn=changelog5,cn=config entry is missing in the dse.ldif file.
Thanks.
Sinh
On June 1, 2021 at 9:25:53 AM, Florence Renaud (f...@redhat.com) wrote:
Hi,
the error
hi all,
some more info: i just saw similar error on other thread "healthcheck
complains about a removed replica"
i ran "pki securitydomain-host-find" and got
> Host ID: CA oldm1.domain 443
> Hostname: oldm1.domain
> Port: 80
> Secure Port: 443
> Domain Manager: TRUE
> Clone: FALSE
>
Hello Iulian,
Which version of ansible-freeipa are you using? IIRC, this issue has been
fixed in version 0.2.0.
Rafael
On Thu, May 27, 2021 at 6:28 AM iulian roman via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello everybody,
>
> I do not know if this is the right place
Hi,
the error looks similar to
https://bugzilla.redhat.com/show_bug.cgi?id=1590974
Most of the comments are private in this BZ because they refer to customer
deployments, but the issue can happen if cn=changelog5,cn=config is missing
on the master AND the changelog directory is present.
Can you
Hi,
the recommended way to uninstall a replica and reinstall it is described in
the doc:
1. Uninstall the replica (
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/Uninstalling_IPA_Servers)
with ipa server-del and
Kees Bakker via FreeIPA-users wrote:
> On 29-05-2021 10:21, Alexander Bokovoy wrote:
>> On pe, 28 touko 2021, Kees Bakker via FreeIPA-users wrote:
>>> On 28-05-2021 19:32, Kees Bakker via FreeIPA-users wrote:
On 28-05-2021 17:22, Kees Bakker via FreeIPA-users wrote:
> Hi,
>
>
On Fri, May 21, 2021, 08:54 Rob Crittenden wrote:
> Mark Potter via FreeIPA-users wrote:
> > Long story short, we had to redeploy part of our FreeIPA cluster. As far
> > as I know I followed all of the proper procedures and everything
> > seems to be working from the client side however we are
This is an old thread but I’m running into this issue and was wondering if
there was ever a resolution to this.
Tldr -
My master failed and was not able to start up due to the dse.ldif being a zero
byte file and the .bak file was unusable as well. Ended up using the startOK
file and that
hi all,
our ipa-healthcheck gives some seemingly odd output:
> Internal server error HTTPSConnectionPool(host='oldm2.domain', port=443): Max
> retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by
> NewConnectionError(' 0x7f32581cb748>: Failed to establish a new connection: [Errno
hi fraser,
thanks for the explanation of the source of this conflict. i manually
added the other member and removed the conflict.
stijn
On 6/1/21 11:33 AM, Fraser Tweedale wrote:
> On Mon, May 31, 2021 at 08:50:43PM +0200, Stijn De Weirdt via FreeIPA-users
> wrote:
>> hello all,
>>
>>
>> in
On Mon, May 31, 2021 at 08:50:43PM +0200, Stijn De Weirdt via FreeIPA-users
wrote:
> hello all,
>
>
> in our setup ipa-healthcheck reports an issue with a replication
> conflict on "dn: cn=Enterprise ACME Administrators,ou=groups,o=ipaca"
>
> the conflict and valid entry are almost identical:
14 matches
Mail list logo