[Freeipa-users] LDAP - Load Balancer - SSL cert with SAN

2016-12-29 Thread Michael Plemmons
I am trying to get FreeIPA LDAP to work when behind a load balancer and using SSL and I do not understand how I am supposed to get the server to use a certificate I created that has a SAN created. FreeIPA 4.4.0 on CentOS 7 Here is what I have: ipa-master.dev.crosschx.com - master

Re: [Freeipa-users] Valid Sender ? - Re: Using Privacyidea with FreeIPA - part 1/n

2016-12-29 Thread Jochen Hein
Martin Basti writes: > Hello, I have a few comments/questions related to HOTP inline Sure :-) > On 28.12.2016 13:54, Jochen Hein wrote: >> >> I've settled for the following usage of the slots: >> >> * Slot 1: This is a (reprogrammed) Yubico-AES token, which >>

Re: [Freeipa-users] Broken dirsrv and SSL certificate in CA-less install of FreeIPA 4.4 on CentOS 7.3

2016-12-29 Thread Peter Pakos
Access log: https://files.pakos.uk/access.txt Error log: https://files.pakos.uk/ipareplica-install.log.txt I hope it helps. On 29 December 2016 at 12:52, Peter Pakos wrote: > Hi guys, > > I'm facing yet another problem with CA-less install of FreeIPA replica and > 3rd party SSL

[Freeipa-users] Broken dirsrv and SSL certificate in CA-less install of FreeIPA 4.4 on CentOS 7.3

2016-12-29 Thread Peter Pakos
Hi guys, I'm facing yet another problem with CA-less install of FreeIPA replica and 3rd party SSL certificate. Few days ago I deployed a new CA-less server (ipa02) by running the following command: ipa-server-install \ > -r PAKOS.UK \ > -n pakos.uk \ > -p 'password' \ > -a 'password' \

Re: [Freeipa-users] Using Privacyidea with FreeIPA - part 1/n

2016-12-29 Thread Martin Basti
Hello, I have a few comments/questions related to HOTP inline On 28.12.2016 13:54, Jochen Hein wrote: [ This mail sets the stage for more parts, which will get into technical details. Comments or suggestions are welcome, possibly we should add refined texts in the relevant

Re: [Freeipa-users] Can't create replica

2016-12-29 Thread German Parente
HI Jim, it's normal to have an entry "cn=replica" under your mapping tree. That does not mean that you are replicating. It means the database is "enabled" for replication. And as it enabled, it needs a "replicaid" in the topology that in your case is 40. You cannot clean this id. In ipa, main