Scott Serr via FreeIPA-users wrote:
> A few months ago, using IPA 4.8.7, I imported users and groups from
> OpenLDAP:
>
> ipa -v migrate-ds --with-compat \
> --bind-dn="cn=Manager,dc=example,dc=com" \
> --user-container="ou=People,dc=example,dc=com" \
> --user-objectclass="posixAccount" \
>
A few months ago, using IPA 4.8.7, I imported users and groups from
OpenLDAP:
ipa -v migrate-ds --with-compat \
--bind-dn="cn=Manager,dc=example,dc=com" \
--user-container="ou=People,dc=example,dc=com" \
--user-objectclass="posixAccount" \
--group-container="ou=Group,dc=example,dc=com" \
Hi Flo -
Thank you for the instructions. Everything is back to normal and I was
able to bring up a new replica in the process after the steps were done.
Sinh
On June 2, 2021 at 12:46:22 AM, Florence Renaud (f...@redhat.com) wrote:
Hi,
thanks for the confirmation. In this case, you can fix
Long time freeipa users have faced a certain 'fragility' freeipa has
inherited, mostly as a result of freeipa being the 'band director' over
a number of distinct subsystems maintained by various groups across the
world.
This or that 'little upgrade' in a seemingly small sub-part of freeipa
Jan Bundesmann via FreeIPA-users wrote:
> Hi, thanks for your answer,
>
> That seems in line with not being able to communicate with the CA:
> ```
> [root@ldap2 requests]# ipa cert-show 1
> ipa: ERROR: cannot connect to
> 'https://ldap1:443/ca/agent/ca/displayBySerial':
>
Hi, thanks for your answer,
That seems in line with not being able to communicate with the CA:
```
[root@ldap2 requests]# ipa cert-show 1
ipa: ERROR: cannot connect to 'https://ldap1:443/ca/agent/ca/displayBySerial':
(SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as expired.
Hi, thanks for your answer,
That seems in line with not being able to communicate with the CA:
```
[root@ldap2 requests]# ipa cert-show 1
ipa: ERROR: cannot connect to 'https://ldap1:443/ca/agent/ca/displayBySerial':
(SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as expired.
Jan Bundesmann via FreeIPA-users wrote:
> Hi there,
>
> I need some suggestions for a certificate related problem.
> The setup has 2 servers, let's call them ldap1 and ldap2 with ldap1 being the
> primary system with the CA.
> The certificates were to expire on june 15.
> I checked on june 1st
Hi there,
I need some suggestions for a certificate related problem.
The setup has 2 servers, let's call them ldap1 and ldap2 with ldap1 being the
primary system with the CA.
The certificates were to expire on june 15.
I checked on june 1st and on ldap1 certmonger had renewed all certificates,
Hi,
thanks for the confirmation. In this case, you can fix the issue with the
following procedure:
To fix the master that was missing the "cn=changelog5,cn=config" entry
follow these steps:
[1] Remove the directory /var/lib/dirsrv/slapd-XXX/cldb
[2] Use ldapmodify and add this entry
dn:
10 matches
Mail list logo
