On 31/03/2022 13:40, Florence Blanc-Renaud wrote:
Hi,
The command /ipa dns-update-system-records/ can be used to
add the missing records. If you'd rather add them
manually, the command can be run with the /--dry-run/
option and will display the expected records but will not
perform any upd
Hi,
The command *ipa dns-update-system-records* can be used to add the missing
records. If you'd rather add them manually, the command can be run with the
*--dry-run* option and will display the expected records but will not
perform any update.
flo
On Thu, Mar 31, 2022 at 2:26 PM Rob Crittenden
lejeczek via FreeIPA-users wrote:
> Hi guys.
>
> What is 'ipa-ca' for and what should it point to?
> Also, should IPA change that record ever?
>
> Reason I ask - from the docs as I understand - it should point to all CA
> servers in the domain, but it not happening.
It is a generic name for the
On Mon, 02 Sep 2019, Dmitry Perets via FreeIPA-users wrote:
Certificates are issued from IPA CA with the OCSP responder URI
http://ipa-ca.$DOMAIN/ca/ocsp and CRL distribution point
http://ipa-ca.$DOMAIN/ipa/crl/MasterCRL.bin (these are set in the
certificate extensions).
flo
Thanks! Does it h
>
> Certificates are issued from IPA CA with the OCSP responder URI
> http://ipa-ca.$DOMAIN/ca/ocsp and CRL distribution point
> http://ipa-ca.$DOMAIN/ipa/crl/MasterCRL.bin (these are set in the
> certificate extensions).
>
> flo
Thanks! Does it have to be an IPA server with CA? What if it do
On 9/2/19 4:58 PM, Dmitry Perets via FreeIPA-users wrote:
Hi,
I know of one usage - all the IPA ansible modules (ipa_*) query for 'ipa-ca'
record to find the IPA server.
But for other cases - looks like IPA clients mostly rely on entries like
'_kerberos.*' and '_ldap.*'...
What other function
