On Mon, 29 Aug 2016, Deepak Dimri wrote:
Hi All,
I have created below permission for my "testhostgroup" with the
expectation that this permission will only allow write permission to
the members of "testhostgroup" but, then it allows me to add/delete
other hostgroup members as well. I tried
The exact same error is in the /var/log/ipareplica-install log
Here are the last few relevant lines.
File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py",
line 28, in
from backports.ssl_match_hostname import match_hostname
2016-08-11T03:53:02Z DEBUG The ipa-replica-install
Hi All,
I have created below permission for my "testhostgroup" with the expectation
that this permission will only allow write permission to the members of
"testhostgroup" but, then it allows me to add/delete other hostgroup members as
well. I tried changing the effective attribute to
On 08/29/2016 12:48 PM, Ian Harding wrote:
>
> On 08/25/2016 03:10 PM, Mark Reynolds wrote:
>>
>> On 08/25/2016 02:04 PM, Ian Harding wrote:
>>> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
Ian Harding wrote:
> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>> Ian Harding wrote:
On 08/29/2016 10:53 AM, Rakesh Rajasekharan wrote:
Hi Thierry,
My machine has 30GB RAM ..and 389-ds version is 1.3.4
ldapsearch shows the values for nsslapd-cachememsize updated to 200MB.
ldapsearch -LLL -o ldif-wrap=no -D "cn=directory manager" -w
'mypassword' -b 'cn=userRoot,cn=ldbm
**adding FreeIPA-Users***
Hi Alexander,
I was referring to you below reply regarding managing the access ( adding and
deleting etc) for only those hosts which are part of a particular hostgroup -
you mentioned i can do that using "additional target filter based on the
hostgroup membership."
On 08/25/2016 03:10 PM, Mark Reynolds wrote:
>
>
> On 08/25/2016 02:04 PM, Ian Harding wrote:
>>
>> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>>> Ian Harding wrote:
On 08/24/2016 06:33 PM, Rob Crittenden wrote:
> Ian Harding wrote:
>> I tried to simply uninstall and
Hi Thierry,
My machine has 30GB RAM ..and 389-ds version is 1.3.4
ldapsearch shows the values for nsslapd-cachememsize updated to 200MB.
ldapsearch -LLL -o ldif-wrap=no -D "cn=directory manager" -w 'mypassword'
-b 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config'|grep
nsslapd-cachememsize
Hi Rakesh,
Those tuning may depend on the memory available on your machine.
nsslapd-cachememsize allows the entry cache to consume up to 200Mb but
its memory footprint is known to go above.
200Mb both looks pretty good to me. How large is your machine ? What is
your version of 389-ds ?
Those
Hi Thierry,
Coz of the issues we had to revert back to earlier running openldap in
production.
I have now done a few TCP related changes in sysctl.conf and have also
increased the nsslapd-dbcachesize and nsslapd-cachememsize to 200MB
I will again start migrating hosts back to IPA and see if I
My IPA server has bunch of IPA-clients registered with it, i have done
department/product wise grouping of my ipa clients and users. Example: for
business unit1 (BU1) i have "BU1UserGroup" and "BU1HostGroup" similarly for
BU2 its "BU2UserGroup" & "BU2HostGroup". Now i want to have department
Sorry, I missed adding the mailing list, added now.
Ah, I'll bear that in mind about authentication prior to 4.4. I have 4.3.1
on Fedora 24 right now. I'm using anonymous authentication for now, for my
various situations such as Jira/etc, and it seems to work, and I'll try
again in 4.4 with
Don't answer directly, answer to the list.
On Mon, 29 Aug 2016, Harry Kashouli wrote:
Gotcha, updated error below:
$ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
SASL/GSSAPI authentication started
SASL username: ad...@outland.zsazouli.com
SASL SSF: 56
SASL data security
On Mon, 29 Aug 2016, Harry Kashouli wrote:
This is the error I get:
ldapsearch -LLL GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
This is the error I get:
ldapsearch -LLL GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
-Harry
On 28 August 2016 at 08:01, Rob
On 21.04.2016 22:01, Timo Aaltonen wrote:
>
> ps. Debian unstable will have 4.3.1 once the package has gone through
> the NEW queue because the packaging got split in certain ways
No it did not, because the ftpmaster rejected the upload since it ships
with minified javascript which is not
Never mind, I see this is a known bug in 4.2.x fixed in 4.3.1
When I am allowed to upgrade my servers I'll try again. I guess the workaround
is to use CLI with -gid (which kind of defeats the the purpose of the autogroup
for me)
Thanks for listening to my rant!
Larry
--
Manage your
I am trying to create a new automember rule to assign certain user classes into
a default group using the web GUI, however it fails with the message
FreeIPA, version: 4.2.0
IPA Error 4001: NotFound
Default group for new users is not POSIX
But it (xfstest) IS a POSIX group and
18 matches
Mail list logo
