On 8/3/21 6:34 AM, Sam Morris via FreeIPA-users wrote:
But is it possible to completely disable port 389 if we don't want
any client to ever try non-SSL connections?
That will block communication between IPA servers, and from clients to servers.
Just for completeness, setting nsslapd-port to
On Wed, Aug 04, 2021 at 04:30:56PM -0400, Rob Crittenden via FreeIPA-users
wrote:
> Dominik Vogt via FreeIPA-users wrote:
> > For our setup on RHEL8.1, the password hashing algorithm needs to
> > be changed:
> >
> > 1. Run ipa-server-install with -a and -p options.
> > 2. Use ldapmodify to
Dominik Vogt via FreeIPA-users wrote:
> For our setup on RHEL8.1, the password hashing algorithm needs to
> be changed:
>
> 1. Run ipa-server-install with -a and -p options.
> 2. Use ldapmodify to change passwordStorageScheme.
>
> Now, the "admin" user's password needs to be rehashed with the
On 04-08-2021 22:25, Rob Crittenden wrote:
Kees Bakker via FreeIPA-users wrote:
Did I somehow raise logger level of ipaserver.dnssec.syncrepl ?
I can't remember I did.
If these DEBUG messages are harmless I like to be able to switch them off.
It was changed with freeIPA 4.9.0. It is
To close the loop in case anyone comes across this in the future, the
user in question was created directly via LDAP and was missing some
requirements.
We recommend creating users in staging instead and then activating them
to ensure they have expected attributes and objectclasses.
rob
Tiemen
Kees Bakker via FreeIPA-users wrote:
> Did I somehow raise logger level of ipaserver.dnssec.syncrepl ?
> I can't remember I did.
>
> If these DEBUG messages are harmless I like to be able to switch them off.
It was changed with freeIPA 4.9.0. It is hardcoded:
standard_logging_setup(debug=True)
Thank you for your reply, Fraser, it confirms my suspicions.
I have already contacted the vendor, hopefully they can assist.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
On Wed, Aug 04, 2021 at 07:41:11AM -, Nerd Invert via FreeIPA-users wrote:
> I have a piece of equipment with a web interface, for which I
> would like to generate a certificate. The web interface supports
> generating a CSR, but it's not possible to customize very much,
> and this gives
I have a piece of equipment with a web interface, for which I would like to
generate a certificate. The web interface supports generating a CSR, but it's
not possible to customize very much, and this gives problems when trying to
feed the CSR into FreeIPA.
The relevant parts of the CSR look
