On 12.2.2013 20:21, John Dennis wrote:
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near krbprincipalexpiration date) ?
Not currently. In 3.0+ we will provide a notice when one logs into
The FreeIPA team is proud to announce version FreeIPA v2.2.2
This release contains Security Updates.
It can be downloaded from http://www.freeipa.org/page/Downloads.
A build is currently on the way to updates-testing for Fedora 17.
== Highlights ==
This release contains a Security Advisory:
On 13.2.2013 11:38, Rajnesh Kumar Siwal wrote:
It has been found that any user can see the details of other users
through the IPA Web Interface (even ldapsearch with anonymous user).
It would be great if we could hide the details of the other users from
the current user (including emai, phone
Yes. We would still like to restrict the Visibility of the users.
We could implement the ACL's in 389-ds. However, I was concerned
whether it breaks the IPA.
--
Regards,
Rajnesh Kumar Siwal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
It's a good idea. I will try that.
2013/2/13 Petr Spacek pspa...@redhat.com
On 12.2.2013 20:21, John Dennis wrote:
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near
Petr Spacek wrote:
On 12.2.2013 20:21, John Dennis wrote:
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near krbprincipalexpiration date) ?
Not currently. In 3.0+ we will provide a notice
Rajnesh Kumar Siwal wrote:
Yes. We would still like to restrict the Visibility of the users.
We could implement the ACL's in 389-ds. However, I was concerned
whether it breaks the IPA.
To disable anonymous you need to set nsslapd-allow-anonymous-access to
off in cn=config (bind as Directory
On 02/13/2013 12:47 AM, It Meme wrote:
Thank you for your reply.
Could there be anyway that accounts can be provisioned to IPA, via
LDAP, from existing IAM system?
The newly provisioned accounts can be temporarily stored in IPA's 389
Directory Server, and subsequently an automated task can
It Meme wrote:
Thank you for your reply.
Could there be anyway that accounts can be provisioned to IPA, via LDAP,
from existing IAM system?
The newly provisioned accounts can be temporarily stored in IPA's 389
Directory Server, and subsequently an automated task can IPA-ize the
accounts (i.e.
Hi,
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/36]: creating directory server user
Robert M. Albrecht wrote:
Hi,
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/36]:
Hi,
We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the synchronization
with AD can be limited to a subset.
Since we would like to only synchronize
Dag Wieers wrote:
Hi,
We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the synchronization
with AD can be limited to a subset.
Since we would like to only
On 02/13/2013 08:10 AM, Rob Crittenden wrote:
Dag Wieers wrote:
Hi,
We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the synchronization
with AD can be
Hi,
You can specify a --winsubtree, provided all the users you want are in that, I
think that will work.
For filters, Ive suggested that, we have so much garbage in our AD that its
cluttering IPA badly. eg we have hundred templates, so I'd like to block those
from being transferred.
regards
Hi,
Isnt Postfix the RHEL default now? So is it that hard to do a
Postfix-ipa-config.rpm?
Its something we want as well, so I'll do a RFE, RH support will love me more
I'm sure
;]
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463
Hi Rob,
yes, worked after downgrading nss* and xulrunner firefox because of deps.
Thanks.
cu romal
Am 13.02.13 15:48, schrieb Rob Crittenden:
Robert M. Albrecht wrote:
Hi,
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to
What is the IIRC docs ?
2013/2/13 Rob Crittenden rcrit...@redhat.com
Petr Spacek wrote:
On 12.2.2013 20:21, John Dennis wrote:
On 02/12/2013 01:40 PM, Rob Crittenden wrote:
Is it possible to ipa to send a email to user when his account is about
to expire (the current date is near
thanks for your code. :)
2013/2/13 Jan-Frode Myklebust janfr...@tanso.net
On Wed, Feb 13, 2013 at 09:29:42AM +0100, Petr Spacek wrote:
Yeah, I don't think we want to be in the business of installing and
configuring an MTA. However, we should be able to detect if one is
available
and
James James wrote:
What is the IIRC docs ?
IIRC == If I Recall Correctly.
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#pwd-expiration
rob
2013/2/13 Rob Crittenden rcrit...@redhat.com
On Sun, Feb 10, 2013 at 1:48 AM, Rob Crittenden rcrit...@redhat.com wrote:
Charlie Derwent wrote:
Hi
Whenever I attempt an unattended installation with a principal and
password. The installation fails.
I'm using the following syntax for my command
ipa-client-install --domain=example.com
On 02/13/2013 09:58 AM, Dag Wieers wrote:
Hi,
We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the
synchronization with AD can be limited to a subset.
On 02/13/2013 04:57 PM, Charlie Derwent wrote:
On Sun, Feb 10, 2013 at 1:48 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Charlie Derwent wrote:
Hi
Whenever I attempt an unattended installation with a principal and
password. The
Hi,
However trusts open a whole nest of vipers...
The advantage of using winsync is you can control what happens in IPA, so if AD
say gets hacked anything in IPA probably will survive.
The reverse is of course also true
;]
regards
Steven Jones
Technical Specialist - Linux RHCE
24 matches
Mail list logo