On 06/05/2012 12:51 PM, Alexander Bokovoy wrote:
On Tue, 05 Jun 2012, Willem Bos wrote:
Hi Alexander,
Thanks for your quick response.
Yes, the server on which the external IM environment is hosted does not
have the ipa utils available. As a matter of fact, the server might
even be
hosted
On 06/18/2012 03:44 PM, george he wrote:
Hello all,
here is the error message from /var/log/ipaclient-install.log on the
client machine:
Connecting to myserver|myserver ip|:80... failed: No route to host.
Retrieving CA from myserver failed.
Command '/usr/bin/wget -O /tmp/tmpjibrhe/ca.crt -T 15
*From:* Petr Viktorin pvikt...@redhat.com
*To:* freeipa-users@redhat.com freeipa-users@redhat.com
*Cc:* george he george_...@yahoo.com
*Sent:* Monday, June 18, 2012 10:06 AM
*Subject:* Re: [Freeipa-users] is not an IPA v2 Server.
On 06/18/2012 03:44 PM
On 06/29/2012 03:55 PM, Alexander Bokovoy wrote:
On Fri, 29 Jun 2012, Petr Viktorin wrote:
On 06/29/2012 03:04 PM, Alexander Bokovoy wrote:
On Thu, 28 Jun 2012, sysad...@noboost.org wrote:
Hi All,
Is there a weird restriction to UID 999 in ipa, as IPA keeps changing
the UID when I add a user
On 07/03/2012 05:55 AM, Nathan Kinder wrote:
On 06/29/2012 07:10 AM, Petr Viktorin wrote:
On 06/29/2012 03:55 PM, Alexander Bokovoy wrote:
On Fri, 29 Jun 2012, Petr Viktorin wrote:
On 06/29/2012 03:04 PM, Alexander Bokovoy wrote:
On Thu, 28 Jun 2012, sysad...@noboost.org wrote:
Hi All
On 07/24/2012 03:57 PM, Michael Mercier wrote:
Hello,
I am attempting to install the IPA 3.x beta on Fedora 17 and running into some
difficulty.
I performed the following steps attempting the install (following setup
instructions for FreeIPA 2.2):
1. Download Fedora 17
2. Install Fedora 17
On 01/07/2013 11:00 AM, Natxo Asenjo wrote:
hi,
on a workstation *not* joined to the IPA domain but with the the ipa
admin tools installed I get this error when trying to modify dns
settings and I have a kerberos ticket of an admin user:
$ kinit user.ad...@unix.domain.tld
Password for
On 01/11/2013 09:57 PM, John Dennis wrote:
On 01/11/2013 03:52 PM, Dmitri Pal wrote:
On 01/11/2013 03:27 PM, John Dennis wrote:
On 01/11/2013 03:10 PM, Dmitri Pal wrote:
On 01/10/2013 11:00 AM, John Dennis wrote:
On 01/10/2013 08:15 AM, Petr Spacek wrote:
Hello,
is there any user of CSV
Hello Brian,
On 01/15/2013 03:55 AM, Brian Smith wrote:
That helps a lot. Thanks! I would use ipalib, but I'm developing a
Rails application, so the JSON interface is the quickest (and since XML
may be deprecated)
While XML may be deprecated, it'll stick around for a long time. But
JSON is
On 02/15/2013 05:36 PM, Orion Poplawski wrote:
Is there a recommended way to distinguish between real human user
accounts in IPA and non-human system accounts in IPA?
What kind of system accounts do you have in IPA? Consider not storing
them in IPA at all.
--
Petr³
On 02/25/2013 03:04 PM, Bret Wortman wrote:
So I managed to replicate my old IPA master onto a new server, and now
I'd like that server to be the center of the universe. The master from
which all (new) replicas are created. At present, there are no other
replicas, just this one server now that
flag to the command then it must be
set in one of the config files.
Petr Viktorin pvikt...@redhat.com recently cleaned up how messages are
managed in the command line tools (I don't think this has made it out
into a public release yet). So there may be changes coming you'll want
to be aware
Hello list,
FreeIPA's self-sign CA is a holdout from days where the our integration
with a real CA wasn't that good. Also its name is confusing: the Dogtag
CA also uses a self-signed certificate by default.
We will soon be introducing a way to install IPA with custom
certificates without a CA
On 03/28/2013 09:10 AM, Christian Horn wrote:
Hi,
On Tue, Mar 26, 2013 at 05:02:34PM +0100, Petr Viktorin wrote:
We will soon be introducing a way to install IPA with custom
certificates without a CA at all. When that is merged, it will no
longer be possible to install a self-sign server.
I
Hello,
On 04/26/2013 07:22 AM, Peter Brown wrote:
Hi everyone.
I am attempting to get Google Apps to sync with FreeIPA and I am having
problems getting the sync utility to talk to freeipa.
It complains about the ssl cert.
I have it setup so it only accepts ssl or tls encrypted connections and
On 05/02/2013 03:49 PM, Lager, Nathan T. wrote:
I have an IPA server that i'm rebuilding. It was part of a 3 server
replication. That is, three ipa replicas. Caroline0 through 2.
I have the server rebuilt, the problem is, it wasn't cleanly removed from the
ipa replication in the first
On 05/02/2013 04:17 PM, Nathan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm sorry, I should have mentioned that I've tried that already.
Here's the ouput.
[root@caroline2 PROD ~]# ipa-replica-manage del --force
caroline1.lafayette.edu
'caroline2.lafayette.edu' has no replication
On 05/02/2013 05:21 PM, Nathan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
List still shows caroline1.
[root@caroline2 PROD ~]# ipa-replica-manage list
caroline0.lafayette.edu: master
caroline2.lafayette.edu: master
caroline1.lafayette.edu: master
- -v does not seem to change the
On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
Hi,
A while back I got some help writing a python script who extends the user
classes in ipalib to run
a custom command when a user is added/modified/deleted. This has been working
perfectly in our
production environment for a few years now, until I
On 06/14/2013 03:37 PM, Josh wrote:
I'm trying to install freeipa on RHEL6.4 running version
ipa-server-3.0.0-26.el6_4.2.x86_64 but it keeps failing at the
Configuration of CA failed. I believe the problem is that the python
used to generate the perl command doesn't wrap any of the arguments in
): ===
* Prevent *.pyo and *.pyc multilib problems
* Remove rpmlint warnings in spec file
* Fix selected minor issues in the spec file and license
=== Nathaniel McCallum (1): ===
* Bypass ipa-replica-conncheck ssh tests when ssh is not installed
=== Petr Viktorin (4): ===
* Allow freeipa-tests to work
On 08/30/2013 10:23 AM, Bret Wortman wrote:
Morning update. I made the change Rob suggested to
/etc/ipa/default.conf, which appeared to work, but didn't quite. It
asked me to back out the whole server installation and start over:
[ipamaster2]# ipa-ca-install --skip-conncheck
On 09/16/2013 12:43 PM, Ainsworth, Thomas wrote:
please remove tainswo...@vsi-corp.com
from the distro email list.
Thanks,
Tom Ainsworth
Hello,
This list is managed by Mailman. You can unsubscribe yourself at
https://www.redhat.com/mailman/listinfo/freeipa-users (bottom of the
page), or by
On 09/26/2013 12:00 AM, Charlie Derwent wrote:
On Mon, Sep 16, 2013 at 3:21 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
[...]
http://freeipa.org/page/__TroubleshootingGuide#Replica___Re-Initialization
On 11/06/2013 06:32 AM, William Leese wrote:
Hi,
Trying to install freeIPA and have it a sub-ca of an existing one. Sadly
I'm not getting anywhere.
The version I have installed:
ipa-server-3.0.0-26.el6_4.4.x86_64
This is what I run:
ipa-server-install -U -a testtest -p testtest
On 11/06/2013 03:33 PM, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Pablo Carranza wrote:
Have you guys/gals considered using Sphinx http://sphinx-doc.org/,
instead (perhaps, in conjunction with
ReadTheDocs.orghttps://readthedocs.org/
)?
Yes, we considered it.
Sphinx and ReadTheDocs are
On 11/07/2013 08:34 AM, William Leese wrote:
[root@vagrant-centos-6 CA]# cat /root/server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
On 11/08/2013 09:01 AM, Martin Kosek wrote:
Thanks for heads up. You mean by the difference between O=MW and
O=MELTWATER.COM?
Petr, is this possible? Can it be validated in the the installer if this is the
root cause?
It is possible. It's hard to tell without the logs; looks like the
failure
On 01/03/2014 02:23 AM, Will Sheldon wrote:
This is cause for concern. Is there a hardening / best practices for
production guide anywhere, did I miss a section of the documentation?
What else do I need to secure?
I understand that there is a tradeoff between security and
compatibility, but
On 01/22/2014 06:26 PM, Dimitar Georgievski wrote:
Would you use ldapmodify -f file-name-with-exported-data to import the
data back to a new copy of FreeIPA?
No, that generally won't work. There's more to IPA than the data in LDAP.
Instead of copying data you should install the new server as a
On 02/06/2014 09:31 AM, barry...@gmail.com wrote:
Hi:
I can make it show on ldap browser or the ui but finding where to add it
in command base.
ipa user-mod ---employeenumber no such parameter.
You can use setattr where we don't provide specialized CLI arguments.
Also note that
On 02/06/2014 01:08 PM, Dmitri Pal wrote:
On 02/06/2014 05:59 AM, Petr Viktorin wrote:
On 02/06/2014 09:31 AM, barry...@gmail.com wrote:
Hi:
I can make it show on ldap browser or the ui but finding where to add it
in command base.
ipa user-mod ---employeenumber no such parameter.
You can
Moving to freeipa-devel since we're going rather deep.
On 02/12/2014 10:02 AM, Martin Kosek wrote:
On 02/11/2014 08:52 PM, Rob Crittenden wrote:
Josh wrote:
On Feb 11, 2014, at 2:44 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Josh wrote:
I have a situation
On 03/07/2014 04:34 PM, Rich Megginson wrote:
[...]
The ipa command line tools use RPC, but they use XML. If you run ipa
-vv dnsrecord-add ... you can see the XML sent and received. There is a
bit of work converting from XML to JSON. e.g.
On 03/07/2014 05:31 PM, Erinn Looney-Triggs wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/07/2014 08:57 AM, Petr Viktorin wrote:
On 03/07/2014 04:34 PM, Rich Megginson wrote: [...]
The ipa command line tools use RPC, but they use XML. If you run
ipa -vv dnsrecord-add ... you can
On 04/28/2014 01:52 PM, Bret Wortman wrote:
I'm trying to stand up a new ipa server on a clean box, and I keep
getting this error so _something_ is amiss but I'm not sure what:
:
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30 seconds
[1/22]: creating certificate
.
DevOps | Recommendations Team | BSkyB
From: Petr Viktorin [pvikt...@redhat.com]
Sent: 15 July 2014 14:59
To: freeipa-users@redhat.com; Choudhury, Suhail
Subject: Re: [Freeipa-users] IPA Replica Install Failing with UnboundLocalError:
local variable 'replman
On 07/16/2014 02:34 PM, Choudhury, Suhail wrote:
Hi,
I'd like some clarification on what a master and replica is please.
Once installed, all masters are identical (except some might have a CA
and some not).
The distinction is useful when installing a replica, where master and
replica
On 07/29/2014 10:58 AM, Andreas Ladanyi wrote:
Am 28.07.2014 15:30, schrieb Petr Viktorin:
On 07/28/2014 03:08 PM, Andreas Ladanyi wrote:
Hi,
iam looking for the ldif file where i could find the objectclass
definition of ipaobject.
[...]
So the objectclass ipaobject seems to have one
On 08/05/2014 07:48 PM, Simo Sorce wrote:
On Tue, 2014-08-05 at 17:47 +0200, Luca Tartarini wrote:
[...]
with HTTP 500 Internal Server Error (GET /idp HTTP/1.1 500 619)
The line is this one (in
/usr/lib/python2.6/site-packages/ipsilon/admin/login.py):
plugins_by_name = {p.name: p for p in
On 08/15/2014 06:02 PM, James wrote:
On Fri, Aug 15, 2014 at 5:25 AM, Michael Lasevich
mlasev...@lasevich.net wrote:
Sorry, I did not intend to belittle your efforts - just misread the code
Didn't take it that way, no worries :)
(saw you pass in $admin and $password and made wrong assumption
On 08/15/2014 08:11 PM, Lucas Yamanishi wrote:
On 08/15/2014 10:33 AM, Redmond, Stacy wrote:
I installed my ipa server with –no-ntp but find that I want to enable
it on my server, and all my replicas. Is it possible to do post install?
Yes, you can do that. There’s no |ipa-ntp-install|
wildcard records
=== Martin Košek (2) ===
* Do not crash client basedn discovery when SSF not met
* ipa-adtrust-install does not re-add member in adtrust agents group
=== Nathaniel McCallum (1) ===
* Ensure ipaUserAuthTypeClass when needed on user creation
=== Petr Viktorin (8) ===
* Update API.txt
On 09/12/2014 03:36 PM, Tamas Papp wrote:
On 09/12/2014 02:47 PM, Martin Kosek wrote:
On 09/11/2014 02:06 AM, Dmitri Pal wrote:
On 09/10/2014 07:10 PM, Tamas Papp wrote:
hi All,
Is there an offficial API documentation available?
Unfortunately not much. You can search archives and find
qrcode support for newer python-qrcode
=== Petr Viktorin (4) ===
* Update referential integrity config for DS 1.3.3
* permission plugin: Auto-add operational atttributes to read permissions
* Allow deleting obsolete permissions; remove operational attribute
permissions
* Become IPA 4.0.3
--
Manage
On 09/15/2014 04:45 PM, Nathaniel McCallum wrote:
FYI, for any Fedora testers out there, we have updated to 4.0.3 in
Fedora 21 in part because it substantially reduces the size of the
install media for the upcoming Alpha release. If you'd like to test and
provide feedback on the packages, the
On 11/05/2014 05:22 PM, Rob Verduijn wrote:
I saw in the upstream foreman-prepare-realm script that the new
permission names should include a prefix System:
That Prefix is not there, what did change was that some permissions
where no longer lower case only.
ie in 3.3.5 the permission is 'write
47 matches
Mail list logo