[Freeipa-users] Re: Replacing externally signed CA long before expiry

:59 PM, Steve Dainard via FreeIPA-users wrote: >> >>> Hi Flo, >>> >>> >>> On Tue, Dec 19, 2017 at 8:17 AM, Florence Blanc-Renaud >> <mailto:f...@redhat.com>> wrote: >>> >>> On 12/18/2017 08:54 PM, Steve Dainard via Fre

[Freeipa-users] Re: Replacing externally signed CA long before expiry

On Wed, Dec 20, 2017 at 12:53 AM, Florence Blanc-Renaud wrote: > On 12/19/2017 06:59 PM, Steve Dainard via FreeIPA-users wrote: > >> Hi Flo, >> >> >> On Tue, Dec 19, 2017 at 8:17 AM, Florence Blanc-Renaud > <mailto:f...@redhat.com>> wrote: >>

[Freeipa-users] Re: Replacing externally signed CA long before expiry

Hi Flo, On Tue, Dec 19, 2017 at 8:17 AM, Florence Blanc-Renaud wrote: > On 12/18/2017 08:54 PM, Steve Dainard via FreeIPA-users wrote: > >> Hello, >> >> Using freeipa 4.5. >> >> I've replaced an external root CA that had a very short key, and have >

[Freeipa-users] Replacing externally signed CA long before expiry

Hello, Using freeipa 4.5. I've replaced an external root CA that had a very short key, and have gone through the process of resigning the ipa intermediate-CA. I've used ipa-cacert-manage to generate a new csr and have signed it with my new external CA. The cert was successfully imported. I also

[Freeipa-users] Re: IPA cross-forest trust, retrieve additional ldap attributes for users

, Alexander Bokovoy wrote: > On ti, 24 loka 2017, Steve Dainard via FreeIPA-users wrote: > >> Hello, >> >> I'm running a cross-forest trust with RHEL 7 IPA (60 day trial), when I do >> an ldapsearch on the AD user against the IPA server I get very few >>

[Freeipa-users] Re: IPA CA allow CSR SAN names in external domains

That did it, thanks Fraser. On Fri, Oct 20, 2017 at 5:48 PM, Fraser Tweedale wrote: > On Fri, Oct 20, 2017 at 10:59:36AM -0700, Steve Dainard via FreeIPA-users > wrote: > > Hello > > > > I have a RHEL7 IPA server installed as a subordinate CA. I'd like to b

[Freeipa-users] IPA cross-forest trust, retrieve additional ldap attributes for users

Hello, I'm running a cross-forest trust with RHEL 7 IPA (60 day trial), when I do an ldapsearch on the AD user against the IPA server I get very few attributes. It seems like the sssd option 'ldap_user_extras_attrs' should fetch additional attributes but I can't seem to get any results. I'm also

[Freeipa-users] Re: cross-forest trust, client system cannot id AD users.

; /etc/group defines 'wheel' by default, but not 'employees'. > > > > Once we get IPA into production I'll pull the wheel group out of AD and > > keep it defined in IPA only. > > > > Thanks, > > Steve > > > > On Thu, Oct 19,

[Freeipa-users] IPA CA allow CSR SAN names in external domains

Hello I have a RHEL7 IPA server installed as a subordinate CA. I'd like to be able to add SAN's for a different dns domain than exists in the IPA realm. The dns for 'otherdomain.com' is handled by active directory which my IPA server has a cross-forest trust with. ie: host: client1.ipadomain.com

[Freeipa-users] Re: cross-forest trust, client system cannot id AD users.

efined in IPA only. Thanks, Steve On Thu, Oct 19, 2017 at 11:37 AM, Justin Stephenson via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On 10/19/2017 02:14 PM, Jakub Hrozek via FreeIPA-users wrote: > >> On Tue, Oct 17, 2017 at 02:21:07PM -0700, Steve Dainard v