Morning update. I made the change Rob suggested to /etc/ipa/default.conf,
which appeared to work, but didn't quite. It asked me to back out the whole
server installation and start over:
[ipamaster2]# ipa-ca-install --skip-conncheck
replica-info-ipamaster2.foo.net.gpg
Directory Manager (existing
On Thu, Aug 29, 2013 at 10:04:43PM -0400, Rob Crittenden wrote:
Michał Dwużnik wrote:
Sorry for quick continuation...
Certificate added to nss DB in /etc/pki
certutil -A -d /etc/pki/ -n IPA CA -t CT,C,C -a -i pki/ca.crt
sssd configured according to
On 08/30/2013 10:23 AM, Bret Wortman wrote:
Morning update. I made the change Rob suggested to
/etc/ipa/default.conf, which appeared to work, but didn't quite. It
asked me to back out the whole server installation and start over:
[ipamaster2]# ipa-ca-install --skip-conncheck
Bret Wortman wrote:
Still odder ... I went ahead and tried to delete the agreement:
[ipamaster]# ipa-replica-manage del ipamaster3.foo.net
http://ipamaster3.foo.net --force
'ipamaster.foo.net http://ipamaster.foo.net' has no replication
agreement for 'ipamaster3.foo.net
Ok, I somehow assumed certs are very much needed for ldaps...
In the meantime, I set up a debian wheezy machine to try the freeipa-client
from debs.
I managed to get working ipa-client (with a few quirks...- default nss
database needed to be created) with packages from
deb http://apt.numeezy.fr
On Fri, Aug 30, 2013 at 03:54:54PM +0200, Michał Dwużnik wrote:
Ok, I somehow assumed certs are very much needed for ldaps...
Well, for most operations the SSSD uses GSSAPI authentication. Only when
passwords are migrated, we do an LDAP bind with StartTLS.
In the meantime, I set up a debian
Rob or anyone else,
So while struggling along on this server I just grabbed the logs off it and ran
that log program with the options you suggested. There are a lot of unindexed
requests. These are the top issues I've removed the one username that showed
up.
So just to double check
If objectclass eq is already indexed how are these on my top unindexed list?
Wouldn't objectclass eq cover this (objectclass=inetorgperson)? and the third
and fourth entry? I apologize if I'm way off as I am new to the intricacies
of LDAP indexing.
Thanks,
Hello,
Sorry for cross posting to 4 different lists but it seems that this is
the best way to include most of people who might be interested in this
discussion.
The question of When FreeIPA will be available on Debian? has been
coming up periodically on the list(s) without any resolution.
On 08/30/2013 01:31 PM, John Moyer wrote:
Rob or anyone else,
So while struggling along on this server I just grabbed the logs off
it and ran that log program with the options you suggested. There
are a lot of unindexed requests. These are the top issues I've
removed the one username
I'm sorry that was my top unique filter list not my unindexed list. Please
disregard my last email.
Thanks,
_
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
Mobile:
11 matches
Mail list logo