[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

I think you are right Alexander, the selinux was a false alarm. The scriptlet happened to complete exactly after I made the selinux changes after I got concerned it was stuck or hung on something; on my 3 other IPA systems I allowed the 'dnf module install idm:DL1/adtrust' command to run for

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

On ma, 12 loka 2020, Chris Dagdigian wrote: Thanks Alexander (you've been helpful for *years* on this list, much appreciated ...) Looks like my issue was being unfamiliar with the CentOS/RHEL 8  "dnf" repo commands ... For CentOS 8 the specific command was: # dnf module install

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

Thanks Alexander (you've been helpful for *years* on this list, much appreciated ...) Looks like my issue was being unfamiliar with the CentOS/RHEL 8  "dnf" repo commands ... For CentOS 8 the specific command was: # dnf module install idm:DL1/adtrust And for what it's worth installing the

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

On ma, 12 loka 2020, Chris Dagdigian via FreeIPA-users wrote: Spoke too soon -- looks like FreeIPA 4.8.7 does not support the '--idoverrideusers' stuff shown on that URL: Usage: ipa [global-options] group-add-member GROUP-NAME [options] $ ipa group-add-member admins --idoverrideusers Usage:

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

I don't have a 4.8.7 installation to test this, but the release notes[1] seem to indicate that this functionality should be available: - 8357: Allow managing IPA resources as a user from a trusted Active Directory forest A 3rd-party plugin to provide management of IPA resources as users

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

Spoke too soon -- looks like FreeIPA 4.8.7 does not support the '--idoverrideusers' stuff shown on that URL: Usage: ipa [global-options] group-add-member GROUP-NAME [options] $ ipa group-add-member admins --idoverrideusers Usage: ipa [global-options] group-add-member GROUP-NAME [options]

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

Aha ! I was missing the Default Trust View work -- much appreciated! Chris David Sastre October 12, 2020 at 2:10 PM Does this help? https://freeipa.readthedocs.io/en/latest/designs/adtrust/admin-ipa-as-trusted-user.html#usage Chris Dagdigian

[Freeipa-users] Re: How to use the forms based login interface to give IPA admin access to selected federated users?

Does this help? https://freeipa.readthedocs.io/en/latest/designs/adtrust/admin-ipa-as-trusted-user.html#usage On Mon, Oct 12, 2020 at 7:59 PM Chris Dagdigian via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi folks, > > I've got a three-node replicating FreeIPA cluster

[Freeipa-users] How to use the forms based login interface to give IPA admin access to selected federated users?

Hi folks, I've got a three-node replicating FreeIPA cluster running in AWS with a one-way trust to an Active Directory domain. Things work well with respect to user overrides and RBAC rules affecting client machines but I can't for the life of me figure out the order of operations for

[Freeipa-users] Re: SmartCard-HSM authentication using pinpad card reader for improved security

On Mon, Oct 12, 2020 at 10:48:45AM -, Peter Steen via FreeIPA-users wrote: Hello ! I opened a bugzilla ticket with all details: https://bugzilla.redhat.com/show_bug.cgi?id=1886841 Thanks, I've already seen it. bye, Sumit ___ FreeIPA-users

[Freeipa-users] Re: SmartCard-HSM authentication using pinpad card reader for improved security

Hello ! I opened a bugzilla ticket with all details: https://bugzilla.redhat.com/show_bug.cgi?id=1886841 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: SmartCard-HSM authentication using pinpad card reader for improved security

Hello ! I opened a bugzilla so far, https://bugzilla.redhat.com/show_bug.cgi?id=1886841 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of

[Freeipa-users] Announcing SSSD 2.4.0

# SSSD 2.4.0 The SSSD team is proud to announce the release of version 2.4.0 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/sssd-2_4_0 See the full release notes at: https://sssd.io/docs/users/relnotes/notes_2_4_0

[Freeipa-users] Re: Adding subjectAltName when the certificate is signed

Hi. On 10/12/20 3:05 AM, Fraser Tweedale via FreeIPA-users wrote: On Thu, Oct 08, 2020 at 10:03:03PM +0200, Radoslaw Kujawa via FreeIPA-users wrote: On 10/8/20 9:06 PM, Rob Crittenden via FreeIPA-users wrote: Radosław Kujawa via FreeIPA-users wrote: Is it possible to add email