Hi Lune,
On Thu, Dec 20, 2018 at 4:14 PM lune voo via FreeIPA-users
wrote:
>
> Re Florence.
>
> I performed the following command :
>
> ipa config-mod --searchtimelimit=5
>
>
> It solved this "problem".
>
> May I ask what can be the impacts on increasing searchtimelimit please ?
It's a
Hi,
my IPA system consists of 2 masters with their own self-signed CAs, one of
them being the certificate renewal master (ipa1). The system has been
running for years and has been migrated from an IPA 3 system.
Since a while, the Web UI logins on ipa1 don't work anymore ("Login failed
due
Thanks for all these answers guys (and woman) o/
Lune
Le jeu. 20 déc. 2018 à 16:23, Mark Reynolds a écrit :
>
> On 12/20/18 10:13 AM, lune voo via FreeIPA-users wrote:
>
> Re Florence.
>
> I performed the following command :
>
> ipa config-mod --searchtimelimit=5
>
>
> It solved this
Is it true that this feature is only available to native ipa users?
On 30.11.18 09:42, Ronald Wimmer via FreeIPA-users wrote:
Is there any possibility to use the vault feature for external (AD)
users?
___
FreeIPA-users mailing list --
On Wed, Dec 19, 2018 at 09:41:49PM -0600, Bryan Mesich via FreeIPA-users wrote:
> On Wed, Dec 19, 2018 at 09:18:35PM -0600, Bryan Mesich via FreeIPA-users
> wrote:
[snip...]
> I was able to reproduce the problem on my end. I forgot that Kerberos
> can canonicalize host names. If I set
On 12/20/18 10:13 AM, lune voo via FreeIPA-users wrote:
Re Florence.
I performed the following command :
ipa config-mod --searchtimelimit=5
It solved this "problem".
May I ask what can be the impacts on increasing searchtimelimit please ?
Hi Lune,
The purpose of setting these kinds of
Re Florence.
I performed the following command :
ipa config-mod --searchtimelimit=5
It solved this "problem".
May I ask what can be the impacts on increasing searchtimelimit please ?
Best regards.
Lune
Le jeu. 20 déc. 2018 à 12:37, Florence Blanc-Renaud a
écrit :
> Hi,
>
> based on
YES YES OK
Replication Status ef-idm02 0 ef-idm01 0 ef-idm01 0
ef-idm03 0
=
grant@ef-idm03:~[20181220-5:42][#112]$
thanx
& merry christmas
- grant
This e-mail and any attachments are intended on
Hi folks,
I recently posted a thread to pki-users,
https://www.redhat.com/archives/pki-users/2018-December/msg3.html . Working
with 'cipherboy' on IRC in #dogtag-pki, we narrowed the issue down to the
searches that Dogtag performs against a VLV index/search. These are being
paginated to
Hi,
based on the err code err=3 I can see that I was wrong, it's not a size
limit but rather a time limit issue. It looks like the LDAP server is
busy after the modification on the cn= entry and takes more
than 33sec to answer.
The default search time limit is 2 seconds at IPA level:
dn:
I tried to perform an ldapsearch using the same kind of command :
ldapsearch -x -D "cn=Directory Manager" \
> -h \
> -p 389 \
> -W \
> -b "cn=ipaconfig,cn=etc,dc=" \
> -s sub \
> objectclass=*
Enter LDAP Password:
I got this result immediately :
# extended LDIF
#
# LDAPv3
# base >
On 19-12-18 12:06, Kees Bakker via FreeIPA-users wrote:
> On 18-12-18 17:50, Florence Blanc-Renaud wrote:
> [...]
>> If you have a spare machine you can also use replication, and create a
>> replica of your current master with all the needed services (CA, KRA, DNS if
>> needed).
>> If you really
Bryan,
Thanks a ton! I am working on this now.
Informationally, I'll pass along that after reading your email last night where
you mentioned the client looking for a host/10.10.1...@example.com principal, I
found that logging onto the host and using ipa-join -h created
such an IP
On 12/20/18 11:51 AM, Kees Bakker via FreeIPA-users wrote:
On 19-12-18 12:06, Kees Bakker via FreeIPA-users wrote:
On 18-12-18 17:50, Florence Blanc-Renaud wrote:
[...]
If you have a spare machine you can also use replication, and create a replica
of your current master with all the needed
On to, 20 joulu 2018, Ronald Wimmer via FreeIPA-users wrote:
Is it true that this feature is only available to native ipa users?
'ipa help vault' has this description:
Based on the ownership there are three vault categories:
Hi Florence,
On Thu, 20 Dec 2018, Florence Blanc-Renaud via FreeIPA-users wrote:
On 12/20/18 4:22 PM, dbischof--- via FreeIPA-users wrote:
my IPA system consists of 2 masters with their own self-signed CAs, one of
them being the certificate renewal master (ipa1). The system has been
Hi Florence,
Thanks for the reply! So, I've been looking at those and I currently, don't
have any limit that I can find configured to 2,000 entries.
Current setup: https://paste.fedoraproject.org/paste/75jhSM1qonlQB-Uqtgug-Q
However, with those set, and after restarting ipa (to make sure any
On 12/20/18 4:22 PM, dbischof--- via FreeIPA-users wrote:
Hi,
my IPA system consists of 2 masters with their own self-signed CAs, one
of them being the certificate renewal master (ipa1). The system has been
running for years and has been migrated from an IPA 3 system.
Since a while, the Web
Evening,
I have done this before but for the life of me, I can't seem to find a way
to undo my previous change.
I am using autofs to mount home directories. The autofs maps are on IPA
server. A while back, I adjusted the mount idle timeout from the default 5
minutes to 2 hours.
I now want to
All,
This is solved. For those that find themselves in the same ship as I do,
it was versioning, as Fraser said.
The dir /var/lib/pki/pki-tomcat/ca/webapps was pointing to the wrong pki
package.
# Correct:
[root@starkey webapps]# rpm -qf
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-cmscore.jar
All,
Apologies for the subject. It translates to 'Encrypted Message'.
Something went wrong with saving to Concepts and other lame excuses.
Arjen
Op 20-12-18 om 21:53 schreef Arjen Heidinga via FreeIPA-users:
> All,
>
> I am here again bothering with my seemingly borked installation. The
>
All,
I am here again bothering with my seemingly borked installation. The
upgrade from 7.0 to 7.2 on fedora 28-29 finished (finaly), when I
spotted in my journal a stacktrace.
Digging into it, this appears to be the cause. all I find in the
internet are ancient (solved) bugs...
It appears that
William Muriithi via FreeIPA-users
writes:
> I am using autofs to mount home directories. The autofs maps are on IPA
> server. A while back, I adjusted the mount idle timeout from the default 5
> minutes to 2 hours.
>
> I now want to undo the change, essentially bring down the timeout to 5
>
Hello Florence.
Can you see in 389-ds logs which operation is triggering the size-limit
> error? In /var/log/dirsrv/slapd-domXXX/access, you will find a line with
> RESULT err=4, note the conn=xx and op=yy values, then look above for a
> line with conn=xx op=yy SRCH and finally another line above
Here is the value of nsslapd-sizelimit
nsslapd-sizelimit: 2000
For the anonymous queries, we disabled them long time ago.
If I understand well, the problem comes from this search :
SRCH base="cn=ipaconfig,cn=etc,dc=" scope=0
filter="(objectClass=*)" attrs=ALL
Do you know why this search is
On 12/19/18 8:39 PM, Grant Janssen via FreeIPA-users wrote:
New replica looks to be fully joined. I can add users, and I have verified
by log examination
that the new replica is actually the server adding the user.
I cannot detect any issues, BUT the 3rd replica does not appear as a
26 matches
Mail list logo
