On 22.08.19 15:57, Jakub Hrozek via FreeIPA-users wrote:
[...]
As far as I remember, Keycloak uses the D-Bus interface of SSSD to
retrieve the user's attribute. Can you check if the ifp service is up
and running and if there are any helpful logs in the sssd_ifp.log file?
I do not get AD
Hello everyone.
I was wondering if it is possible to embed ipa modules in a python virtual
environment ?
Or is it too tightly linked with the ipa-client installed on the system ?
Best regards.
Lune
___
FreeIPA-users mailing list --
It can be pretty intensive, for the master, you mean ?
I would like to avoid that but I am very interested to determine the users
who are inactive.
Ipa user find needs to be performed on each master I have ?
Best regards.
Lune.
Le mar. 20 août 2019 à 20:44, Rob Crittenden a écrit :
> lune
On pe, 23 elo 2019, lune voo via FreeIPA-users wrote:
Hello everyone.
I was wondering if it is possible to embed ipa modules in a python virtual
environment ?
Or is it too tightly linked with the ipa-client installed on the system ?
You can use
https://pypi.org/project/ipaclient/
$
Hello Alexander.
Thank you for your answer.
Do you know if I will have any problem with the certificate to connect to
the server ?
Generally there is a ca.crt in /etc/ipa/ca.crt, does it need to be included
in the virtual environment also ?
Best regards.
Lune
Le ven. 23 août 2019 à 15:06,
On pe, 23 elo 2019, lune voo wrote:
Hello Alexander.
Thank you for your answer.
Do you know if I will have any problem with the certificate to connect to
the server ?
Generally there is a ca.crt in /etc/ipa/ca.crt, does it need to be included
in the virtual environment also ?
See manual page
On Fri, Aug 23, 2019 at 01:07:23PM +0200, Ronald Wimmer via FreeIPA-users wrote:
> On 22.08.19 15:57, Jakub Hrozek via FreeIPA-users wrote:
> > [...]
> > As far as I remember, Keycloak uses the D-Bus interface of SSSD to
> > retrieve the user's attribute. Can you check if the ifp service is up
> >
Thank you again for your answer Alexander.
A last question :
I'm setting up a python virtual environment for an old project that I need
to maintain without any modification.
This old project use currently an ipa 3.0 on a physical RHEL 6.6 using
python 2.6.6.
I'm trying to create the python
On pe, 23 elo 2019, lune voo via FreeIPA-users wrote:
Thank you again for your answer Alexander.
A last question :
I'm setting up a python virtual environment for an old project that I need
to maintain without any modification.
This old project use currently an ipa 3.0 on a physical RHEL 6.6
lune voo wrote:
> It can be pretty intensive, for the master, you mean ?
Intensive for all masters. If you run it on all users then every master
will be queried # of users times, minimum. Just run it at a quiet time
and (e.g. middle of the night) and it should be fine.
> I would like to avoid
On 23.08.19 15:53, Jakub Hrozek via FreeIPA-users wrote:
[...]
Hmm, I don't remember from the top of my head which attributes does KC
try to fetch, but e-mail sounds like what it would need, at least that's
what's most commonly used for claims and such.
If you correlate the KC lookup errors
On pe, 23 elo 2019, Ronald Wimmer via FreeIPA-users wrote:
On 23.08.19 15:53, Jakub Hrozek via FreeIPA-users wrote:
[...]
Hmm, I don't remember from the top of my head which attributes does KC
try to fetch, but e-mail sounds like what it would need, at least that's
what's most commonly used for
On 23.08.19 18:03, Alexander Bokovoy wrote:
[...] Is this Keycloak installation done separate from IPA master? If
yes,
then you need to have ldap_user_extra_attrs on both IPA client where
Keycloak runs and on IPA masters that SSSD would talk to to obtain
information about AD users.
Keycloak
On pe, 23 elo 2019, Ronald Wimmer wrote:
On 23.08.19 18:03, Alexander Bokovoy wrote:
[...] Is this Keycloak installation done separate from IPA master?
If yes,
then you need to have ldap_user_extra_attrs on both IPA client where
Keycloak runs and on IPA masters that SSSD would talk to to
On Fri, Aug 23, 2019 at 05:48:18PM +0200, Ronald Wimmer via FreeIPA-users wrote:
> On 23.08.19 15:53, Jakub Hrozek via FreeIPA-users wrote:
> > [...]
> > Hmm, I don't remember from the top of my head which attributes does KC
> > try to fetch, but e-mail sounds like what it would need, at least
15 matches
Mail list logo
