Re: [Freeipa-users] FreeIPA no CA: Which certs are used for LDAPS and web UI?

2017-03-26 Thread Fraser Tweedale
On Sun, Mar 26, 2017 at 10:52:56PM +, Dagan wrote: > Hi, > > I have been asked to look at configuring our new FreeIPA environment using > existing externally signed wildcard SSL certificates if possible. > > I see in the documentation options to specify --dirsrv-cert-file and >

Re: [Freeipa-users] Options for existing CA/DNS infrastructure

2017-03-26 Thread Rob Foehl
On Mon, 20 Mar 2017, David Kupka wrote: FreeIPA can be deployed in environment with existing DNS and/or CA server. IIRC you have following options: None of the documentation I've managed to find thus far addresses the general question of which option(s) to choose, and why; in particular, the

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

2017-03-26 Thread Dagan
Thanks for the clarification Standa. Cheers, Dagan McGregor On 25 March 2017 12:39:22 AM NZDT, Standa Laznicka wrote: >While I don't consider myself an expert, I should note that >ipa-replica-prepare has not been deprecated. The proposed solution to >follow >

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

2017-03-26 Thread Dagan
Thanks for this information Alexander. I just had a look at the domain levels page. This is very useful to know. Cheers, Dagan McGregor On 25 March 2017 1:28:03 AM NZDT, Alexander Bokovoy wrote: >On pe, 24 maalis 2017, Christophe TREFOIS wrote: >>I’m not expert but I

[Freeipa-users] FreeIPA no CA: Which certs are used for LDAPS and web UI?

2017-03-26 Thread Dagan
Hi, I have been asked to look at configuring our new FreeIPA environment using existing externally signed wildcard SSL certificates if possible. I see in the documentation options to specify --dirsrv-cert-file and --http-cert-file with relevant passwords. If we configure these options, are

Re: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x

2017-03-26 Thread Dagan
Hi, Do you mean by installing FreeIPA using freeipa-replica-install and manually adding using CLI to add replica agreements with the old cluster? Or relying on newer replica management? What command options would be needed for the installation in that scenario? I can see in Google results

Re: [Freeipa-users] Directory Manager password is correct but IPA-replica-prepare command fails with Invalid Credentials

2017-03-26 Thread Shiela Spaleta
Thanks for your quick reply. What I mean is I am supplying the DM password when prompted following ipa-replica-prepare. I only mentioned the admin user password change to prove that the DM password I have is correct/valid. Otherwise I could not have run this command (and other ldapsearch