[Freeipa-users] Re: Deleting this server is not allowed as it would leave your installation without a KRA.

Rob Crittenden via FreeIPA-users writes: > Jochen Kellner via FreeIPA-users wrote: >> >> Hi, >> >> I'm about to decomission one of my IPA replicas running on up to date >> fedora 35 (freeipa-server-common-4.9.7-4.fc35.noarch). On my CA renewal >> master (freeipa1.example.org) I try to remove

[Freeipa-users] Re: sudorules attribute "entryuuid" not allowed

On Centos 7 389-ds-base-snmp-1.3.9.1-13.el7_7.x86_64 389-ds-base-libs-1.3.9.1-13.el7_7.x86_64 389-ds-base-1.3.9.1-13.el7_7.x86_64 389-ds-base-debuginfo-1.3.9.1-13.el7_7.x86_64 On Centos 8 Stream 389-ds-base-1.4.3.23-7.module_el8.5.0+889+90e0384f.x86_64

[Freeipa-users] Re: sudorules attribute "entryuuid" not allowed

Hi, the error looks similar to https://github.com/389ds/389-ds-base/issues/4872. The CentOS 8 Streams master probably has a version of 389ds that doesn't contain the fix, and has entryuuid plugin enabled (that generates an entryuuid attribute). The schema failed to be replicated to the CentOS 7

[Freeipa-users] Re: Deleting this server is not allowed as it would leave your installation without a KRA.

Jochen Kellner via FreeIPA-users wrote: > > Hi, > > I'm about to decomission one of my IPA replicas running on up to date > fedora 35 (freeipa-server-common-4.9.7-4.fc35.noarch). On my CA renewal > master (freeipa1.example.org) I try to remove freeipa4.example.org: > > [root@freeipa1 ~]# ipa

[Freeipa-users] sudorules attribute "entryuuid" not allowed

Hi, On my Centos 7 master there was this error message [19/Nov/2021:11:16:11.863597190 +0100] - ERR - oc_check_allowed_sv - Entry "ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com" -- attribute "entryuuid" not allowed [19/Nov/2021:11:16:26.331298112

[Freeipa-users] Re: freeipa upgrade from CentOS7 -> CentOS8 results in SSSD backtrace (but still functional)

I've found an older thread where you've given some recommendations on how to change this via LDAP. I've fixed this by applying the following: ldapmodify -D 'cn=Directory Manager' -W << EOF dn: cn=REDACTED-DOMAIN.COM_id_range,cn=ranges,cn=etc,dc=redacted-domain,dc=com changetype: modify add:

[Freeipa-users] Re: Unable to find certificates

Hi, Sorry the delay in getting back to you, I tried ipactl restart and that resolved issue. Many Thanks for helping me solving this issue. Tania ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: freeipa upgrade from CentOS7 -> CentOS8 one replica is missing certificate SAN for ipa-ca

Hi Sam, Thanks for the insight. I've deployed all IPA servers via freeipa ansible collection, all of them defined as CAs. I've fixed the issue for now but in a slightly different way (before your reply): mv /var/lib/ipa/private/httpd.key ./ mv /var/lib/ipa/certs/httpd.crt ./ ipa-getcert request