-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 29, 2015 7:05 AM
To: Andy Thompson; freeipa-users@redhat.com; Jakub Hrozek
Subject: Re: [Freeipa-users] allow trust users to login without domain
On 04/29/2015 12:57 PM, Andy Thompson wrote:
In the environment I'm working on currently we have a single trusted AD domain
and will never have any additional domain trusts in place. Is there a way to
allow users to login without using @ad_domain in their username? We use DB2 in
the environment and it's from the dark ages and doesn't
I'm trying to delete an IPA account and I get a generic operations error when
trying to remove it. It looks like something is messed up with the group
object. The user doesn't show up in the ipausers group and there also isn't a
group object for the user in question. Here is the error from
On 04/29/2015 12:57 PM, Andy Thompson wrote:
In the environment I'm working on currently we have a single trusted AD
domain and will never have any additional domain trusts in place. Is there
a way to allow users to login without using @ad_domain in their username?
We use DB2 in the
On 04/28/2015 11:53 PM, Dmitri Pal wrote:
On 04/28/2015 05:39 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 04/28/2015 05:11 PM, Christopher Lamb wrote:
HI All
I have just tested with the FreeIPA Web UI public demo
https://ipa.demo1.freeipa.org/ipa/ui/
Using the public demo, when I log
HI Simo, Dmitiri, Rob and co.
Simos log in with a different user suggestion is pretty much what I was
intending. I want to be able to log out of the web ui, then log back in
with a different user. e.g. to allow a newly added user to change their
password to something secret.
On this particular
On 04/28/2015 11:53 PM, Dmitri Pal wrote:
On 04/28/2015 05:39 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 04/28/2015 05:11 PM, Christopher Lamb wrote:
HI All
I have just tested with the FreeIPA Web UI public demo
https://ipa.demo1.freeipa.org/ipa/ui/
Using the public demo, when I log
On 04/29/2015 01:26 PM, Andy Thompson wrote:
I'm trying to delete an IPA account and I get a generic operations error
when trying to remove it. It looks like something is messed up with the
group object. The user doesn't show up in the ipausers group and there also
isn't a group object
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 29, 2015 8:31 AM
To: Andy Thompson; freeipa-users@redhat.com; Ludwig Krispenz; Thierry
Bordaz
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 01:26 PM, Andy Thompson wrote:
I'm
On 04/29/2015 01:42 PM, Christopher Lamb wrote:
HI Petr
thanks.
Can you qualify has a valid Kerberos Ticket?
In my case, my user has a valid ticket on the LDAP server, but not on the
OSX workstation from which I am using Firefox / Web UI.
On the OSX workstation, if the user has a
On 29.4.2015 13:26, Petr Vobornik wrote:
On 04/28/2015 11:53 PM, Dmitri Pal wrote:
On 04/28/2015 05:39 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 04/28/2015 05:11 PM, Christopher Lamb wrote:
HI All
I have just tested with the FreeIPA Web UI public demo
On 04/29/2015 05:58 PM, Andy Thompson wrote:
dn:
nsuniqueid=7e1a1f87-e82611e4-99f1b343-
f0abc1a8,cn=username,cn=groups,c
n=accounts,dc=mhbenp,dc=lin
nscpentrywsi: dn:
nsuniqueid=7e1a1f87-e82611e4-99f1b343-
f0abc1a8,cn=username,cn=groups,c
n=accounts,dc=mhbenp,dc=lin
nscpentrywsi:
On 04/29/2015 06:45 PM, Andy Thompson wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 29, 2015 12:28 PM
To: Andy Thompson
Cc: Ludwig Krispenz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On
This is looking like that on the replica where the errors are logged.
The entry is a tombstone but can not be find with the nsuniqueid.
If on that server you do
ldapsearch -LLL -o ldif-wrap=no -Hldap://mdhixnpipa02 -x -D cn=directory
manager -W -b dc=...
Hi all
@Craig, and using the WebUI for that purpose is much more user friendly
then doing the same via a ssh terminal session.
@Simo, as requested I have opened a ticket on this issue
https://fedorahosted.org/freeipa/ticket/5010
As this my first Fedora ticket, please forgive me If I didn't do
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 11:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 05:08 PM, Andy Thompson wrote:
On 04/29/2015 05:35 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 11:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On
dn:
nsuniqueid=7e1a1f87-e82611e4-99f1b343-
f0abc1a8,cn=username,cn=groups,c
n=accounts,dc=mhbenp,dc=lin
nscpentrywsi: dn:
nsuniqueid=7e1a1f87-e82611e4-99f1b343-
f0abc1a8,cn=username,cn=groups,c
n=accounts,dc=mhbenp,dc=lin
nscpentrywsi: objectClass;vucsn-55364a4200050004:
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Christopher Lamb
Sent: Tuesday, April 28, 2015 10:58 PM
To: Simo Sorce
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] FreeIPA WebUI Logout logs back in
HI Simo,
On 04/29/2015 05:08 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:59 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On
Qing Chang wrote:
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service was available at all at installation stage.
I think we'd need to see the full ipareplica-install.log.
You might also want to see if a ns-slapd process is running and check
On Wed, 2015-04-29 at 18:31 +0200, Christopher Lamb wrote:
Hi all
@Craig, and using the WebUI for that purpose is much more user friendly
then doing the same via a ssh terminal session.
@Simo, as requested I have opened a ticket on this issue
https://fedorahosted.org/freeipa/ticket/5010
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 29, 2015 1:07 PM
To: Andy Thompson
Cc: Ludwig Krispenz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 06:45 PM, Andy Thompson wrote:
On 04/29/2015 06:31 PM, Christopher Lamb wrote:
Hi all
@Craig, and using the WebUI for that purpose is much more user friendly
then doing the same via a ssh terminal session.
@Simo, as requested I have opened a ticket on this issue
https://fedorahosted.org/freeipa/ticket/5010
As this my first
ipareplica-install is big, folowing starts at around step 34/35 for
directory server config (see
red lines), and then CA steup sopped at second step. Relaevnt logs in error
and access are
attched too. It appears at the time when CA setup eed access to dirsrv, it
was down?
- ipareplica-install
On 04/29/2015 02:43 PM, Andy Thompson wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 29, 2015 8:31 AM
To: Andy Thompson; freeipa-users@redhat.com; Ludwig Krispenz; Thierry
Bordaz
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015
Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz:
On 04/26/2015 10:49 AM, Martin (Lists) wrote:
Hallo
after a reboot I get almost thousand of the following messages:
DSRetroclPlugin - delete_changerecord: could not delete change record
128755 (rc: 32)
this message comes from
On 04/29/2015 03:17 PM, Martin (Lists) wrote:
Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz:
On 04/26/2015 10:49 AM, Martin (Lists) wrote:
Hallo
after a reboot I get almost thousand of the following messages:
DSRetroclPlugin - delete_changerecord: could not delete change record
128755 (rc:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 9:22 AM
To: thierry bordaz
Cc: Andy Thompson; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 03:14 PM, thierry bordaz wrote:
On 04/29/2015 03:14 PM, thierry bordaz wrote:
On 04/29/2015 02:43 PM, Andy Thompson wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 29, 2015 8:31 AM
To: Andy Thompson;freeipa-users@redhat.com; Ludwig Krispenz; Thierry
Bordaz
Subject: Re:
On Wed, 2015-04-29 at 07:57 +0200, Christopher Lamb wrote:
HI Simo, Dmitiri, Rob and co.
Simos log in with a different user suggestion is pretty much what I was
intending. I want to be able to log out of the web ui, then log back in
with a different user. e.g. to allow a newly added user to
On 04/29/2015 03:40 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 9:22 AM
To: thierry bordaz
Cc: Andy Thompson; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:51 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
did you run the searches as directory manager
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:07 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 03:40 PM, Andy Thompson
can you do the followin search on both servers ?
ldapsearch -LLL -o ldif-wrap=no -h xxx p xxx -x -D cn=directory
manager -w xxx -b dc=xxx
((objectclass=nstombstone)(nsuniqueid=7e1a1f87-e82611e4-99f1b343-f0abc1a8))
nscpentrywsi | grep -i objectClass
-Original Message-
From:
CentOS7.1 with IPA server 4.1.
ipa-replica-install --setup-ca --setup-dns ... fails with this error
message:
-
[2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpaUGoKX'' returned
mripa2.mr.ric is the server to be setup as replica. I wonder if the ldap
service was available at all at installation stage.
Thanks,
Qing
On Wed, Apr 29, 2015 at 10:29 AM, Qing Chang tmp...@gmail.com wrote:
CentOS7.1 with IPA server 4.1.
ipa-replica-install --setup-ca --setup-dns ... fails
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
can you do the followin search on both servers
did you run the searches as directory manager ?
On 04/29/2015 04:34 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Is it possible to setup a Master level FreeIPA domain, then have 3 sub level
domains use it for authentication?
So master server at say ipa.domain.com http://ipa.domain.com/, then have a
secondary zone that is ipa2.sub1.domain.com http://ipa2.sub1.domain.com/.
We have 3 different environments
On 04/29/2015 08:38 PM, Aric Wilisch wrote:
Is it possible to setup a Master level FreeIPA domain, then have 3 sub
level domains use it for authentication?
So master server at say ipa.domain.com http://ipa.domain.com, then
have a secondary zone that is ipa2.sub1.domain.com
On 04/29/2015 05:35 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 11:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 29, 2015 12:28 PM
To: Andy Thompson
Cc: Ludwig Krispenz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 05:58 PM, Andy Thompson wrote:
On Wed, 29 Apr 2015, Aric Wilisch wrote:
Is it possible to setup a Master level FreeIPA domain, then have 3 sub
level domains use it for authentication?
So master server at say ipa.domain.com http://ipa.domain.com/, then
have a secondary zone that is ipa2.sub1.domain.com
Hi all,
Just wondering if anyone has put together a guide for integrating PWM
with IPA? I know there is a section on 389-ds, but that is kind of
raw-389 and not the highly modified-for-IPA 389-ds. I would like to set
this up for my users, but really don't want to do it using that guide
On 04/29/2015 04:49 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:51 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
did
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:59 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 04:49 PM, Andy Thompson
47 matches
Mail list logo