On 03/20/2017 03:14 PM, Lachlan Musicman wrote:
Directly editing the lse.ldif didn't work. ipactl start hangs on
pki-tomcatd. I think I've broken it. I seem to recall ldap not liking
being edited by hand.
You have to make sure dirsrv is not running before you edit dse.ldif.
Not sure if
Directly editing the lse.ldif didn't work. ipactl start hangs on
pki-tomcatd. I think I've broken it. I seem to recall ldap not liking being
edited by hand.
cheers
L.
--
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
On 17 March 2017 at 19:45,
On ma, 20 maalis 2017, Iulian Roman wrote:
On Mon, Mar 20, 2017 at 4:24 PM, Alexander Bokovoy
wrote:
On ma, 20 maalis 2017, Iulian Roman wrote:
On Mon, Mar 20, 2017 at 4:00 PM, Alexander Bokovoy
wrote:
On ma, 20 maalis 2017, Iulian Roman wrote:
Hello,
We do plan to integrate IPA with IdentityIQ (sailpoint) for user
provisioning. Because IPA does abstract all the ldap commands via new set
of commands and APIs, i am not sure if the standard ldap connector is the
right option and if it is supported ( taking into consideration that a
On Mon, Mar 20, 2017 at 4:24 PM, Alexander Bokovoy
wrote:
> On ma, 20 maalis 2017, Iulian Roman wrote:
>
>> On Mon, Mar 20, 2017 at 4:00 PM, Alexander Bokovoy
>> wrote:
>>
>> On ma, 20 maalis 2017, Iulian Roman wrote:
>>>
>>> Hello,
I noticed
Martin Basti wrote:
>
>
> On 20.03.2017 16:12, Ian Pilcher wrote:
>> On 03/20/2017 04:00 AM, David Kupka wrote:
>>> Generally I would not recommend touching this on production system.
>>> Why do you want to change the database format?
>>
>> My FreeIPA server also acts as a reverse proxy/TLS
On 20.03.2017 16:12, Ian Pilcher wrote:
> On 03/20/2017 04:00 AM, David Kupka wrote:
>> Generally I would not recommend touching this on production system.
>> Why do you want to change the database format?
>
> My FreeIPA server also acts as a reverse proxy/TLS endpoint for my
> home sprinkler
On ma, 20 maalis 2017, Lukas Slebodnik wrote:
On (20/03/17 17:00), Alexander Bokovoy wrote:
On ma, 20 maalis 2017, Iulian Roman wrote:
Hello,
I noticed that nested group feature do not work with the unix ldap clients
(AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
On Mon, Mar 20, 2017 at 4:00 PM, Alexander Bokovoy
wrote:
> On ma, 20 maalis 2017, Iulian Roman wrote:
>
>> Hello,
>>
>> I noticed that nested group feature do not work with the unix ldap clients
>> (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used.
>>
On ma, 20 maalis 2017, Iulian Roman wrote:
On Mon, Mar 20, 2017 at 4:00 PM, Alexander Bokovoy
wrote:
On ma, 20 maalis 2017, Iulian Roman wrote:
Hello,
I noticed that nested group feature do not work with the unix ldap clients
(AIX) if the default groupbasedn
On (20/03/17 16:39), Alexander Bokovoy wrote:
>On ma, 20 maalis 2017, Artem Golubev wrote:
>> Good day!
>>
>> We use freeipa server 4.3.1, we usually grant access via ssh keys to linux
>> clients.
>> We currently face the following issue with access on certificate: when we
>> add certificate to
On 03/20/2017 04:00 AM, David Kupka wrote:
Generally I would not recommend touching this on production system.
Why do you want to change the database format?
My FreeIPA server also acts as a reverse proxy/TLS endpoint for my
home sprinkler system (https://opensprinkler.com/), allowing me to
On Mon, Mar 20, 2017 at 02:55:37PM +0300, Artem Golubev wrote:
> Good day!
>
> We use freeipa server 4.3.1, we usually grant access via ssh keys to linux
> clients.
> We currently face the following issue with access on certificate: when we
> add certificate to user's account, user is not able to
On (20/03/17 17:00), Alexander Bokovoy wrote:
>On ma, 20 maalis 2017, Iulian Roman wrote:
>> Hello,
>>
>> I noticed that nested group feature do not work with the unix ldap clients
>> (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
>> i use the cn=compat and change the
On ma, 20 maalis 2017, Iulian Roman wrote:
Hello,
I noticed that nested group feature do not work with the unix ldap clients
(AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
i use the cn=compat and change the mapping the nested groups are listed
properly.
Compat tree
Hello,
I noticed that nested group feature do not work with the unix ldap clients
(AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
i use the cn=compat and change the mapping the nested groups are listed
properly.
My question is if it is allowed to mix the compat and
On ma, 20 maalis 2017, Artem Golubev wrote:
Good day!
We use freeipa server 4.3.1, we usually grant access via ssh keys to linux
clients.
We currently face the following issue with access on certificate: when we
add certificate to user's account, user is not able to login via ssh.
How can we
When yum updating our ipa-server running CentOS 7.3.1611 from
ipa-server-4.4.0-14.el7.centos.1.1.x86_64 to
ipa-server-4.4.0-14.el7.centos.6.x86_64 we got this error:
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
Unexpected error - see
Good day!
We use freeipa server 4.3.1, we usually grant access via ssh keys to linux
clients.
We currently face the following issue with access on certificate: when we
add certificate to user's account, user is not able to login via ssh.
How can we solve this problem? We would like to have a
On 20 March 2017 at 19:38, Martin Basti wrote:
> On 19.03.2017 22:58, Lachlan Musicman wrote:
>
> Hi,
>
> I've reported a bug against SSSD and Lukas has pointed to a number of
> FreeIPA errors in our logs.
> I've can't find any information on how I might fix these errors or
On Sat, Mar 18, 2017 at 11:58:35AM -0500, Ian Pilcher wrote:
> Can IPA 4.4 (on CentOS 7) use a SQLite format NSS database in
> /etc/httpd/alias?
>
> I would presumably have to prepend "sql:" to the NSSCertificateDatabase
> setting in nss.conf.
>
> Anything else?
>
> --
>
On 19.03.2017 22:58, Lachlan Musicman wrote:
> Hi,
>
> I've reported a bug against SSSD and Lukas has pointed to a number of
> FreeIPA errors in our logs.
> I've can't find any information on how I might fix these errors or
> what I might do to mitigate them. Any pointers appreciated:
>
> First
On 20/03/2017 08:29, Jakub Hrozek wrote:
> On Fri, Mar 17, 2017 at 01:52:17PM +, Bob Hinton wrote:
>> On 17/03/2017 12:48, Lukas Slebodnik wrote:
>>> On (17/03/17 10:40), Bob Hinton wrote:
On 17/03/2017 08:41, Jakub Hrozek wrote:
> On Fri, Mar 17, 2017 at 06:50:34AM +, Bob Hinton
On Sun, Mar 12, 2017 at 10:47:02PM -0400, Rob Foehl wrote:
> I'm looking at deploying FreeIPA in a few environments with substantial DNS
> and/or CA infrastructure, and have some choices to make...
>
> How much trouble will I have if FreeIPA is delegated a zone like
> ipa.example.com with all
On Fri, Mar 17, 2017 at 01:52:17PM +, Bob Hinton wrote:
> On 17/03/2017 12:48, Lukas Slebodnik wrote:
> > On (17/03/17 10:40), Bob Hinton wrote:
> >> On 17/03/2017 08:41, Jakub Hrozek wrote:
> >>> On Fri, Mar 17, 2017 at 06:50:34AM +, Bob Hinton wrote:
> Morning,
>
> We have
25 matches
Mail list logo