[Freeipa-users] Is something changed in the compat tree in CentOS/RHEL 8?

2021-04-22 Thread Peter Tselios via FreeIPA-users
We use the FreeIPA servers as authentication source for Opestack Keystone. However, after the migration of our FreeIPA to CentOS 8 from CentOS 7, Openstack users cannot login. IPA Logs from the Openstack queries where I detected the different answer: CentOS 7 op=4 SRCH

[Freeipa-users] Migrate IPA users to local user after unjoin from IPA

2021-04-22 Thread Petar Kozić via FreeIPA-users
Hi folks, I want to unjoin several linux servers from IPA, but I want to still use same usernames locally. When I unjoin server from IPA user UID and GID changed to IPA UID and GID, and that users I don’t have locally in passwd file. How can I smooth migrate that users to local users? P.S. I

[Freeipa-users] ipa user-mod --rename failed with Operations error

2021-04-22 Thread Janez Molicnik via FreeIPA-users
I've seen a similar thread from two years ago, but with no solution. Something similar happened here. We use FreeIPA VERSION: 4.6.8, API_VERSION: 2.237 on CentOS Linux release 7.8.2003 (Core) and when I've tried to rename the test user, I got the following error: ipa user-mod --rename=testis

[Freeipa-users] Re: PKI-Tomcat flagging up on security scans

2021-04-22 Thread Jake Reynolds via FreeIPA-users
Thanks for the comprehensive reply! I'll follow your suggestion ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct:

[Freeipa-users] Re: Is something changed in the compat tree in CentOS/RHEL 8?

2021-04-22 Thread Peter Tselios via FreeIPA-users
Well, Openstack Keystone (in both RHOSP 13 and RHOSP 16) doesn't support nested groups, so, we have to use compat. The different behavior of the "-s sub" and "-s one" point us to a change, but we can't be sure of course. Is there any way to "populate" (or re-populate) the compat tree?

[Freeipa-users] Re: Is something changed in the compat tree in CentOS/RHEL 8?

2021-04-22 Thread Alexander Bokovoy via FreeIPA-users
On to, 22 huhti 2021, Peter Tselios via FreeIPA-users wrote: We use the FreeIPA servers as authentication source for Opestack Keystone. However, after the migration of our FreeIPA to CentOS 8 from CentOS 7, Openstack users cannot login. IPA Logs from the Openstack queries where I detected the

[Freeipa-users] Re: ipa user-mod --rename failed with Operations error

2021-04-22 Thread Rob Crittenden via FreeIPA-users
Janez Molicnik via FreeIPA-users wrote: > I've seen a similar thread from two years ago, but with no solution. > Something similar happened here. We use FreeIPA VERSION: 4.6.8, API_VERSION: > 2.237 on CentOS Linux release 7.8.2003 (Core) and when I've tried to rename > the test user, I got the

[Freeipa-users] Re: Migrate IPA users to local user after unjoin from IPA

2021-04-22 Thread Rob Crittenden via FreeIPA-users
Petar Kozić via FreeIPA-users wrote: > Hi folks, > > I want to unjoin several linux servers from IPA, but I want to still use > same usernames locally. > When I unjoin server from IPA user UID and GID changed to IPA  UID and > GID, and that users I don’t have locally in passwd file. > > How can

[Freeipa-users] missed ipa-certupdate after adding certificates root ca and httpd

2021-04-22 Thread Embedded Devel via FreeIPA-users
any work around for missing the ipa-certupdate step ? we injected the root CA and missed the step, so now we are basically locked out from doing anything ipa, even loggging in with the error ipa: ERROR: cannot connect to 'https://ipa.domain.com/ipa/json' :

[Freeipa-users] Re: missed ipa-certupdate after adding certificates root ca and httpd

2021-04-22 Thread Florence Blanc-Renaud via FreeIPA-users
On 4/22/21 5:02 PM, Embedded Devel via FreeIPA-users wrote: any work around for missing the ipa-certupdate step ? we injected the root CA and missed the step, so now we are basically locked out from doing anything ipa, even loggging in with the error ipa: ERROR: cannot connect to