Re: [Freeipa-users] Locked out admin

2014-04-15 Thread Martin Kosek
On 04/14/2014 11:49 PM, Mario Gonzalez wrote: Den 14. april 2014 23:25, skrev Rob Crittenden: Steven Jones wrote: Login a directory manager? Right, something like: $ ldappasswd -x -D 'cn=directory manager' -W -S uid=admin,cn=users,cn=accounts,dc=example,dc=com And don't set the maxlife

Re: [Freeipa-users] FreeIPA backend. Mavericks server shows UIDs instead of usernames in File Sharing.

2014-04-15 Thread Simo Sorce
On Fri, 2014-04-11 at 10:37 -0400, Fredy Sanchez wrote: Hi all, We asked this same question at discussions.apple.com, but figured we'd have better luck here. I apologize in advance if this is the wrong forum. We are switching from Synology (DSM 5) to Mavericks server (v3.1.1. running in

Re: [Freeipa-users] External Collaboration Domains

2014-04-15 Thread Nordgren, Bryce L -FS
Variant (A) - IdP + PKINIT: A1) User authenticates to his SAML/OpenID provider (external domain) A2) User locally generates CSR A3) User contacts IdP (gssapi/saml ; gssapi/openid) and sends CSR to the IdP A4) IdP returns short-lived certificate (validity period matches policy for

[Freeipa-users] Updated Mavericks (MAC) Client setup or am I doing something wrong?

2014-04-15 Thread Chris Whittle
So I am a partial noob to this so I appreciate any leeway / help ahead of time. We found http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8 and we're just wanting to use the directory functions of Free IPA for now. Walking through the directory until works until we try

[Freeipa-users] Handle openssl issue

2014-04-15 Thread barrykfl
Dear all: http://heartbleed.com/ openssl announced before. We use 3rd part official cert ref. to this and convert to pck12 format by openssl. ( centos 6.4 ipa 3.0) http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP any patch for ipa need to added or OS level ? Regards

Re: [Freeipa-users] Handle openssl issue

2014-04-15 Thread Nathan Broadbent
Hi Barry, FreeIPA only uses OpenSSL for some client libraries. The web server and CA components are not affected by heartbleed. Best, Nathan On Tue, Apr 15, 2014 at 7:34 PM, barry...@gmail.com wrote: Dear all: http://heartbleed.com/ openssl announced before. We use 3rd part official