Ian Pilcher via FreeIPA-users wrote:
> I've hit a roadblock while trying to generate a certificate for a VMware
> vSphere appliance.
>
> The VMware "Certificate Management" tool doesn't allow one to upload a
> certificate and key. Instead, one has to generate a CSR in the VMware
> GUI which then
I've hit a roadblock while trying to generate a certificate for a VMware
vSphere appliance.
The VMware "Certificate Management" tool doesn't allow one to upload a
certificate and key. Instead, one has to generate a CSR in the VMware
GUI which then gets submitted to the CA (IPA in this case).
I've hit a roadblock while trying to generate a certificate for a VMware
vSphere appliance.
The VMware "Certificate Management" tool doesn't allow one to upload a
certificate and key. Instead, one has to generate a CSR in the VMware
GUI which then gets submitted to the CA (IPA in this case).
Hi
so there are replication conflicts in the LDAP database.
To find the conflicting entries, run the following commands on each server:
export BASEDN=
ldapsearch -D "cn=Directory Manager" -W -b $BASEDN
"(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))" \* nsds5ReplConflict
And then follow the
On 06/07/2021 07:27, Florence Renaud wrote:
Hi,
is the topology at domain level 1 or domain level 0?
# kinit admin
# ipa domainlevel-get
If the level is 1, the right command in order to remove a
replica + ignore topology disconnect issues is
# kinit admin
# ipa server-del
iulian roman via FreeIPA-users wrote:
> Hi,
>
> Bellow I attached the output from a non-anonymous bind :
>
> # extended LDIF
> #
> # LDAPv3
> # base with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # OracleContext, ipadev.example.com
> dn:
Hi,
Bellow I attached the output from a non-anonymous bind :
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# OracleContext, ipadev.example.com
dn: cn=OracleContext,dc=ipadev,dc=example,dc=com
objectClass: orclContext
objectClass: top
cn:
iulian roman via FreeIPA-users wrote:
> Hello,
>
> I tried to grant read/search access to a specific subtree in IPA for
> anonymous bind. The ipa permission-add command completed successfully, but
> when I try ldapsearch it does not display any objects.
>
> ipa permission-show 'read oracle
Hello,
I tried to grant read/search access to a specific subtree in IPA for anonymous
bind. The ipa permission-add command completed successfully, but when I try
ldapsearch it does not display any objects.
ipa permission-show 'read oracle context'
Permission name: read oracle context
Dear Florence
Thank you for your response!
We identified the node initialized from (we knew but confirmed it) and there we
found the following log entries:
> [Mon Jul 05 17:01:55.151483 2021] [:error] [pid 32729] SSL Library Error:
> -12224 SSL peer had some unspecified issue with the
Hi,
can you provide the logs of the replica installation
(/var/log/ipareplica-install.log and /var/log/pki/pki-ca-spawn.$date.log) ?
In the logs you can find which server was used to initialize the data (look
for a line with ipa-replica-conncheck), the logs from this server may also
be useful
Hi,
is the topology at domain level 1 or domain level 0?
# kinit admin
# ipa domainlevel-get
If the level is 1, the right command in order to remove a replica + ignore
topology disconnect issues is
# kinit admin
# ipa server-del --ignore-topology-disconnect
The error "not allowed on non-leaf
12 matches
Mail list logo
