On ti, 31 tammi 2017, Jeff Goddard wrote:
I'm taking the next step in getting our freeipa environment set back up.
This is a centos 7.2 freeipa 4.4 environment. I'm using this guide as a
reference for setting up samba:
On ti, 31 tammi 2017, Rich Megginson wrote:
On 01/31/2017 04:46 PM, Michaël Van de Borne wrote:
That was the feared, but somehow expected, answer.
Any entry point/documentation about how to start such a script?
Do FreeIPA and OpenLDAP still support the syncrepl protocol?
a standard syncrepl
Seems like this is to blame: https://fedorahosted.org/freeipa/ticket/4291
The checkin says, "Installation in pure IPv6 environment failed
because pki-tomcat tried to use
IPv4 loopback. Configuring tomcat to use IPv6 loopback instead of IPv4
fixes this issue." However it would seem that in a
What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml?
Doesn't work so well on a host without IPv6 turned on...
Jan 31 14:26:59 ipa server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end
I'm taking the next step in getting our freeipa environment set back up.
This is a centos 7.2 freeipa 4.4 environment. I'm using this guide as a
reference for setting up samba:
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP.
Our environment does not include
Hi,
I figured out what was going on with this issue. Basically cache timeouts were
causing a large number of uid numbers in an arbitrarily-timed directory listing
to have expired cache records, which causes those records to be looked up again
by the data provider (and thus blocking ‘ls -l’).
On 01/31/2017 04:46 PM, Michaël Van de Borne wrote:
That was the feared, but somehow expected, answer.
Any entry point/documentation about how to start such a script?
Do FreeIPA and OpenLDAP still support the syncrepl protocol?
cheers,
m.
--
*Michaël Van de Borne*
Free Bird Computing
On 01/31/2017 03:37 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/30/17 09:10, thierry bordaz wrote:
I understand your concern and in fact it is difficult to anticipate a
potential bad impact of this cleanup. However,I think it is safe to get rid of
the following entry.
Before doing so you
This would be the best option!
But customer won't allow this :( Since the openLDAP is also used by
other apps.
So I need to sync them. Which means:
- adding the new users (not so difficult)
- removing old user (perhaps not too complicated)
- replicating changes like a password update (for
On ti, 31 tammi 2017, Michaël Van de Borne wrote:
h, ok, thank you.
But indeed, I would need HBAC and sudo rules in the future.
So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
Any clue on how to do this efficiently?
Well, we have 'ipa migrate-ds' functionality but
Is there a possibility to migrate OpenLDAP to IPA DS and use only one
source of Identity data?
Martin^2
On 31.01.2017 16:30, Michaël Van de Borne wrote:
h, ok, thank you.
But indeed, I would need HBAC and sudo rules in the future.
So I believe the only exit here is to keep openLDAP and
h, ok, thank you.
But indeed, I would need HBAC and sudo rules in the future.
So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
Any clue on how to do this efficiently?
Thank you,
Cheers,
m.
Le 31-01-17 à 16:23, Alexander Bokovoy a écrit :
On ti, 31 tammi 2017,
On ti, 31 tammi 2017, Michaël Van de Borne wrote:
Hello list,
Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is
secured with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.
For now, our solution is to copy the whole
Hello list,
Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured
with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.
For now, our solution is to copy the whole openLDAP user base to
FreeIPA, and then use FreeIPA
Hello list,
Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured
with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.
For now, our solution is to copy the whole openLDAP user base to
FreeIPA, and then use FreeIPA
Hi Thierry,
On 01/30/17 09:10, thierry bordaz wrote:
>
> I understand your concern and in fact it is difficult to anticipate a
> potential bad impact of this cleanup. However,I think it is safe to get rid
> of the following entry.
> Before doing so you may check it exists
>
>
Yep,
That was it for me. Changing /var/lib/pki/pki-tomcat/conf/server.xml to
listen on 127.0.0.1 instead of ::1 did it.
Many thanks Carlos,
Jeff
On Tue, Jan 31, 2017 at 7:05 AM, Carlos Silva wrote:
> Been there myself.
>
> Take a look at this bug report as it also have the
Been there myself.
Take a look at this bug report as it also have the solution to your
problem: https://fedorahosted.org/freeipa/ticket/6613
On Tue, Jan 31, 2017 at 9:21 AM, Rob Crittenden wrote:
> Jeff Goddard wrote:
>
>> My previous install of freeipa became corrupted so
Jeff Goddard wrote:
My previous install of freeipa became corrupted so I'm starting fresh.
I've got a new Centos 7.2 server set up and installed ipa version s 4.4.
Now I'm trying to set up a replica on another newly created and patched
centos server. The ipa-client-install command completes
19 matches
Mail list logo