Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

Natxo Asenjo wrote: > > By the way, revoking the certificate does not block applications using > it from ldap. > > I can still access the ldap server using this cert/key pair *after* > revoking the certificate using ipa cert-revoke . In order to > block it I need to remove the seeAlso value of

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

By the way, revoking the certificate does not block applications using it from ldap. I can still access the ldap server using this cert/key pair *after* revoking the certificate using ipa cert-revoke . In order to block it I need to remove the seeAlso value of the user account, or the certificate

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

On Fri, Mar 4, 2016 at 11:00 PM, Simo Sorce wrote: > On Fri, 2016-03-04 at 14:34 -0500, Rob Crittenden wrote: > > Natxo Asenjo wrote: > > > > when I go to http://www.freeipa.org/page/Special:OpenIDLogin to login > > > with the fedora account I get > > > > > > > > > OpenID

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

On Fri, 2016-03-04 at 14:34 -0500, Rob Crittenden wrote: > Natxo Asenjo wrote: > > > > > > On Fri, Mar 4, 2016 at 4:58 PM, Natxo Asenjo > > wrote: > > > > > > > > On Fri, Mar 4, 2016 at 3:43 PM, Rob Crittenden

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

Natxo Asenjo wrote: > > > On Fri, Mar 4, 2016 at 4:58 PM, Natxo Asenjo > wrote: > > > > On Fri, Mar 4, 2016 at 3:43 PM, Rob Crittenden > wrote: > > Ah right. Because

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

On Fri, Mar 4, 2016 at 4:58 PM, Natxo Asenjo wrote: > > > On Fri, Mar 4, 2016 at 3:43 PM, Rob Crittenden > wrote: > >> Ah right. Because all the subjects are the same base the same map will >> be used for both DS and the CA. >> >> Any chance you

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

On Fri, Mar 4, 2016 at 3:43 PM, Rob Crittenden wrote: > Ah right. Because all the subjects are the same base the same map will > be used for both DS and the CA. > > Any chance you could write up a HOWTO on this? Gladly, but I seem unable to login using my recently created

Re: [Freeipa-users] Some high level questions (DNS & CA)

On 3.3.2016 13:26, Martin Basti wrote: > Hello, > > comments inline > > On 03.03.2016 13:11, Geselle Stijn wrote: >> >> Hello, >> >> We have a large Windows environment and around 50 RHEL servers (which will >> grow to a few hundred in the future). Our goal is to be able to login with >> our AD

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

Natxo Asenjo wrote: > hi, > > > On Thu, Mar 3, 2016 at 10:57 PM, Rob Crittenden > wrote: > > Natxo Asenjo wrote: > > > > > Using EXTERNAL, no cookie: > > $ ldapsearch -h kdc.sub.domain.tld -ZZ -Y EXTERNAL -LLL > >

Re: [Freeipa-users] user certificate ldap EXTERNAL authentication

hi, On Thu, Mar 3, 2016 at 10:57 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: > > > Using EXTERNAL, no cookie: > > $ ldapsearch -h kdc.sub.domain.tld -ZZ -Y EXTERNAL -LLL > > objectclass=person -s sub -b dc=sub,dc=domain,dc=tld cn > > SASL/EXTERNAL authentication

Re: [Freeipa-users] FreeIPA 4.2.0 / Replica / Join Issue

On 3.3.2016 22:05, de...@pabstatencio.com wrote: > Rob, > > Yeah i forgot to attach the file when I initially sent. I also attached the > output from all the nodes. I guess what i realized is that my agreements are > a little different than i originally thought. What is also strange is on a >

Re: [Freeipa-users] Version name changed?

On 04.03.2016 01:13, Simpson Lachlan wrote: Hi, I have just installed Spacewalk to manage my servers and I noticed that the FreeIPA wanted to update some packages. My FreeIPA server is Centos 7. I notices in Spacewalk that the ipa-server package (and various bits) wanted to update, and