[Freeipa-users] Re: ipa user-del fails with `ipa: ERROR: non-public: KeyError: 'ipauniqueid'`

2021-08-03 Thread Rob Crittenden via FreeIPA-users
Tiemen Ruiten via FreeIPA-users wrote: > Hello, > > OS: up-to-date CentOS 8, ipa > versions 4.9.2-4.module_el8.4.0+846+96522ed7.x86_64 > > I'm getting a traceback in the httpd log when I try to delete a test > user. See below. It appears the ipaUniqueId is missing for the user? I > can see the

[Freeipa-users] ipa user-del fails with `ipa: ERROR: non-public: KeyError: 'ipauniqueid'`

2021-08-03 Thread Tiemen Ruiten via FreeIPA-users
Hello, OS: up-to-date CentOS 8, ipa versions 4.9.2-4.module_el8.4.0+846+96522ed7.x86_64 I'm getting a traceback in the httpd log when I try to delete a test user. See below. It appears the ipaUniqueId is missing for the user? I can see the user with ipa user-show: [root@ipa-02 /]# ipa user-show

[Freeipa-users] Re: Allowing LDAP only via SSL?

2021-08-03 Thread Sam Morris via FreeIPA-users
> But is it possible to completely disable port 389 if we don't want > any client to ever try non-SSL connections? That will block communication between IPA servers, and from clients to servers. -- Sam Morris PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA

[Freeipa-users] Re: Allowing LDAP only via SSL?

2021-08-03 Thread Dominik Vogt via FreeIPA-users
On Tue, Aug 03, 2021 at 09:22:19AM -, Sam Morris via FreeIPA-users wrote: > You can set this option: > https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/setting_a_minimum_strength_factor > > But it breaks one or two things that may or may not

[Freeipa-users] Setting admin password after hash algo change

2021-08-03 Thread Dominik Vogt via FreeIPA-users
For our setup on RHEL8.1, the password hashing algorithm needs to be changed: 1. Run ipa-server-install with -a and -p options. 2. Use ldapmodify to change passwordStorageScheme. Now, the "admin" user's password needs to be rehashed with the new algorithm. What is the proper procedure to do

[Freeipa-users] Re: Allowing LDAP only via SSL?

2021-08-03 Thread Sam Morris via FreeIPA-users
> As far as I underrstand, the vanilla installation of the freeipa > server allows clients to communicate with the LDAP server with or > without SSL. We need to configure both, clients to always use > SSL, and the server to reject non-SSL communication attempts. > Where can I find the relevant

[Freeipa-users] Allowing LDAP only via SSL?

2021-08-03 Thread Dominik Vogt via FreeIPA-users
As far as I underrstand, the vanilla installation of the freeipa server allows clients to communicate with the LDAP server with or without SSL. We need to configure both, clients to always use SSL, and the server to reject non-SSL communication attempts. Where can I find the relevant