On 11/04/2012 01:25 PM, Steven Jones wrote:
Hi,
Yes you can winsync and passsync RHEL6.3 IPA from win2k3 r2 + AD, it should be
in your RH supported channel tree?
The passsync.msi has to go on each AD box
Each Domain Controller.
Also note that you asked if Can I be able to synchronize the
On 11/12/2012 09:27 AM, Simo Sorce wrote:
On Mon, 2012-11-12 at 09:51 -0600, Anthony Messina wrote:
On Monday, November 12, 2012 09:17:17 AM Anthony Messina wrote:
I also find that when I do a manual ldapsearch for the non-upgraded
clients as
follows:
ldapsearch -x -D cn=directory manager
On 12/11/2012 12:21 PM, Nalin Dahyabhai wrote:
On Tue, Dec 11, 2012 at 01:04:37PM -0500, Bret Wortman wrote:
This appears to require dirsrv-1.3, which I assume is part of
389-base-devel. I don't see where 1.3 has been made available yet, or am I
missing something?
Hmm. I'm seeing packages for
On 12/19/2012 07:04 AM, Simo Sorce wrote:
On Wed, 2012-12-19 at 13:32 +, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/19/2012 01:20 PM, Simo Sorce wrote:
On Wed, 2012-12-19 at 12:30 +, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/20/2012 04:04 AM, Nate Marks wrote:
I'm struggling with this output from ipa-replica-manage against an AD
machine. Can anyone tell me what the'-11 -System Error means?
Thanks!
Added CA certificate
/etc/openldap/cacerts/testdc.testdomain.corp_testdomain-TESTDC-CA.crt
to
On 01/10/2013 03:45 PM, Orion Poplawski wrote:
On 01/10/2013 03:29 PM, Orion Poplawski wrote:
On 01/10/2013 03:22 PM, Rich Megginson wrote:
On 01/10/2013 02:59 PM, Orion Poplawski wrote:
With our current 389ds installs we are making use of the db2bak.pl and
db2ldif utilities to backup the ds
On 01/17/2013 09:49 AM, Orion Poplawski wrote:
On 01/17/2013 09:27 AM, Rob Crittenden wrote:
Orion Poplawski wrote:
But then on ipa-replica-install, problems as predicted:
ipa-replica-install --setup-ca
/var/lib/ipa/replica-info-ipapub.cora.nwra.com.gpg
...
[16/30]: configuring ssl for ds
On 01/22/2013 11:46 AM, Rob Crittenden wrote:
Joseph, Matthew (EXP) wrote:
Hello,
I’m trying to configure the oneWaySync option for IPA so only the
Windows AD can replicate changes to IPA.
When I use the command that I listed below it says it works but when I
delete a user form IPA it will
On 01/30/2013 03:41 PM, Christian Hernandez wrote:
Hello,
I had a crash due to full disks. I cleared the offending directory
(backups and such).
But I cannot start IPA. I drilled it down to the DirSrv not starting.
Isolating the error I tried just starting the dirsrv
service dirsrv start
mailto:christi...@4over.com
www.4over.com http://www.4over.com/ http://www.4over.com
http://www.4over.com/
On Wed, Jan 30, 2013 at 3:36 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 01/30/2013 03:41 PM, Christian Hernandez wrote:
Hello,
I had a crash due
On 02/01/2013 01:42 PM, Christian Hernandez wrote:
We are trying to configure our internal GitHub server to use Our IPA
server's LDAP for user logins.
We successfully configured it; but users can't seem to login.
So, before you ask, yes we do have an active support case with
githubenterprise
.4over.com/ http://www.4over.com
http://www.4over.com/
On Fri, Feb 1, 2013 at 12:57 PM, Rich Megginson
rmegg...@redhat.com mailto:rmegg...@redhat.com wrote:
On 02/01/2013 01:42 PM, Christian Hernandez wrote:
We are trying to configure our internal GitHub server to use
sequence.
Thank you,
Christian Hernandez
On Fri, Feb 1, 2013 at 12:57 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 02/01/2013 01:42 PM, Christian Hernandez wrote:
We are trying to configure our internal GitHub server to use Our
IPA server's LDAP
:42 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 02/01/2013 05:25 PM, Christian Hernandez wrote:
Hello
Attached is a TCPDUMP.
Communication is happening between 192.168.114.95 and 192.168.114.114
Thanks. The problem is that 389 doesn't like
On 02/13/2013 08:10 AM, Rob Crittenden wrote:
Dag Wieers wrote:
Hi,
We are investigating whether IPA is an acceptable solution for our
environment. One of the aspects that is not clear (from reading the
documentation and testing it without AD) is whether the synchronization
with AD can be
On 02/14/2013 06:54 AM, Simo Sorce wrote:
On Thu, 2013-02-14 at 10:02 +0100, Dag Wieers wrote:
Hi,
Another interesting recommendation from security is that all granted
access (that is exceptional, rather than permanent) should be limited in
time from the onset.
If this is not possible all
On 02/20/2013 06:00 PM, KodaK wrote:
On Wed, Feb 20, 2013 at 8:41 AM, Bret Wortman
bret.wort...@damascusgrp.com mailto:bret.wort...@damascusgrp.com
wrote:
Eureka!
Someone had deleted the contents of
/etc/dirsrv/slapd-PKI-IPA/dse.ldif. I replaced it from a saved
copy and
On 02/20/2013 06:43 PM, Bret Wortman wrote:
Mine was not.
What platform? What version of 389-ds-base?
—
Bret Wortman
On Wed, Feb 20, 2013 at 8:16 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 02/20/2013 06:00 PM, KodaK wrote:
On Wed, Feb 20
, 2013 at 9:03 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 02/20/2013 06:43 PM, Bret Wortman wrote:
Mine was not.
What platform? What version of 389-ds-base?
—
Bret Wortman
On Wed, Feb 20, 2013 at 8:16 PM, Rich Megginson
rmegg
On 02/25/2013 11:33 AM, Kriss Von Prosst wrote:
Hi,
I have multimaster replication enviroment, IPA v2.2 on Fedora 17. On
each replica, folder /var/lib/dirsrv/slapd-cosp/cldb/ has big size
(~7GB). This is half of all available space for '/'. I found that
changelog file can be trim using
On 03/21/2013 12:37 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm currently in the processing of installing/configuring IPA 2.2.0-16
on a Red Hat 6.4 Server and I'm running into some issues trying to
get IPA to replicate to a Windows 2003 SP2 DC.
Here is the steps I took (I used the Red Hat
.
This means it is doing an anonymous search of which AD allows.
Try this:
ldapsearch -xLLL -ZZ -h adserver.domain.ca -D
cn=idmpasssync,cn=users,dc=domain,dc=ca -w 'WindowsIDMPassSyncPW' -s
base -b cn=users,dc=domain,dc=ca
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Thursday
you know the windows admin password? If so,
try this:
ldapsearch -xLLL -ZZ -h adserver.domain.ca -D
cn=administrator,cn=idmpasssync,cn=users,dc=domain1,dc=domain2,dc=ca
-w 'admin password' -s base -b
cn=idmpasssync,cn=users,dc=domain1,dc=domain2,dc=ca
*From:*Rich Megginson [mailto:rmegg
On 04/05/2013 08:41 AM, Simo Sorce wrote:
On Fri, 2013-04-05 at 08:30 -0600, Brent Clark wrote:
You were correct, my reverse DNS entries for the master and replica
were missing. Odd, since they both existed at one point.
Rob,
I think we should open a ticket against 389ds, we should never
On 04/05/2013 11:49 AM, Simo Sorce wrote:
On Fri, 2013-04-05 at 09:51 -0600, Rich Megginson wrote:
On 04/05/2013 08:41 AM, Simo Sorce wrote:
On Fri, 2013-04-05 at 08:30 -0600, Brent Clark wrote:
You were correct, my reverse DNS entries for the master and replica
were missing. Odd, since
On 04/05/2013 12:40 PM, Dmitri Pal wrote:
On 04/05/2013 01:50 PM, Rich Megginson wrote:
On 04/05/2013 11:49 AM, Simo Sorce wrote:
On Fri, 2013-04-05 at 09:51 -0600, Rich Megginson wrote:
On 04/05/2013 08:41 AM, Simo Sorce wrote:
On Fri, 2013-04-05 at 08:30 -0600, Brent Clark wrote:
You were
On 04/05/2013 08:53 PM, Simo Sorce wrote:
On Fri, 2013-04-05 at 09:51 -0600, Rich Megginson wrote:
On 04/05/2013 08:41 AM, Simo Sorce wrote:
On Fri, 2013-04-05 at 08:30 -0600, Brent Clark wrote:
You were correct, my reverse DNS entries for the master and replica
were missing. Odd, since
On 04/11/2013 11:58 PM, Peter Brown wrote:
On 12 April 2013 15:51, Simon Williams
simon.willi...@thehelpfulcat.com
mailto:simon.willi...@thehelpfulcat.com wrote:
I use Atlassian products, but use Crowd to provide single signon.
This means that Crowd is the only application that needs
On 05/14/2013 07:57 AM, Rob Crittenden wrote:
James A wrote:
Hello all,
I have been playing with trying to set up synchronization between
windows AD -- IPA following the instructions at
On 05/15/2013 01:31 AM, James A wrote:
On Wed, May 15, 2013 at 9:02 AM, James A ja...@atia.se
mailto:ja...@atia.se wrote:
On Tue, May 14, 2013 at 5:07 PM, Rich Megginson
rmegg...@redhat.com mailto:rmegg...@redhat.com wrote:
On 05/14/2013 07:57 AM, Rob Crittenden wrote
On 05/17/2013 09:26 AM, Steve Dainard wrote:
Hello,
We're running a single IPA server (CentOS 6) on our network as a side
project for some testing before we implement.
It had been a significant period of time since I had last logged into
the web interface, so I had to kinit from a client
.miovision.corp -D ldap-a...@miovision.corp -W -b
dc=miovision,dc=corp '(samAccountName=jkeller)' cn samAccountName
Steve Dainard
Infrastructure Manager
Miovision Technologies Inc.
On Fri, May 17, 2013 at 11:39 AM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 05/17
On 06/05/2013 07:20 PM, JR Aquino wrote:
On Jun 5, 2013, at 5:26 PM, Rich Megginson wrote:
On 06/05/2013 05:49 PM, JR Aquino wrote:
I have been having replication issues since the update to RHEL6.4 and
389-ds-base-1.2.11.15-12.
It is entirely possible that we have more than just 1 problem
On 06/21/2013 02:39 PM, Joshua J. Kugler wrote:
On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote:
We'd need to see /var/log/ipareplica-install.log to see what the LDAP
error is. If you look on the remote master DS access log it may have
additional information on what was requested.
Logs
On 06/21/2013 02:50 PM, Joshua J. Kugler wrote:
On Friday, June 21, 2013 14:46:50 Rich Megginson wrote:
On 06/21/2013 02:39 PM, Joshua J. Kugler wrote:
On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote:
We'd need to see /var/log/ipareplica-install.log to see what the LDAP
error
On 06/27/2013 01:11 PM, Marc Grimme wrote:
Hi together,
I updated my ipa servers last week.
Since then the primary master is running under heavy load.
What exactly do you mean by heavy load?
It look like that the ldap server reponsible for my domain is causing high I/O
load.
Where do you
[27/Jun/2013:21:20:44 +0200] - Retry count exceeded in modify
This is a bug we are working on - https://fedorahosted.org/389/ticket/47412
and a related bug is https://fedorahosted.org/389/ticket/47392
Hope this makes it a little more clear.
Thanks Marc.
- Original Message -
From: Rich
On 07/09/2013 12:49 PM, Brian Vetter wrote:
Here is the directory listing ...
On Jul 8, 2013, at 8:13 PM, Rich Megginson wrote:
On 07/08/2013 06:15 PM, Brian Vetter wrote:
We had to shut down our FREEIPA server and move it. When I brought it back up
again today (all same IPs, network, etc
On 07/16/2013 01:48 PM, Tovey, Mark wrote:
Is there a way to limit what user accounts are synchronized from
Active Directory? There are around 15,000 entries in our production
AD system, but probably only about 300 of those need to have an
account in the IPA system. Can we set an
| Portland
| Oregon | 97204 | USA
mto...@go2uti.com mailto:mto...@go2uti.com | O / C +1 503 953-1389 |
Skype: mark.tovey2
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Tuesday, July 16, 2013 1:00 PM
*To:* Tovey, Mark
*Cc:* Freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users
- UNIX Engineer | Service Strategy Design*
UTi http://www.go2uti.com/ | 400 SW Sixth Ave, Suite 1100 | Portland
| Oregon | 97204 | USA
mto...@go2uti.com mailto:mto...@go2uti.com | O / C +1 503 953-1389
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Tuesday, July 16, 2013 3:17 PM
-boun...@redhat.com] on behalf of Tovey, Mark
[mto...@go2uti.com]
*Sent:* Wednesday, 17 July 2013 10:06 a.m.
*To:* Rich Megginson
*Cc:* Freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] Limit password synchronization from
Active Directory
Ouch! The AD admins have already expressed
| Oregon | 97204 | USA
mto...@go2uti.com mailto:mto...@go2uti.com | O / C +1 503 953-1389
*From:*Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* Tuesday, July 16, 2013 4:06 PM
*To:* Tovey, Mark
*Cc:* Freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] Limit password synchronization from
Active
On 08/05/2013 09:17 PM, John Moyer wrote:
Hello,
So I've been preparing my infrastructure for a big change from an
older openldap system to a nice new IPA server. I have a redundant
secondary server and snapshots taken daily. I populated all my user
data into IPA, and gave the users a
On 08/12/2013 11:37 AM, luis lugo wrote:
Hi,
I have the following error when I try to sync Freeipa 3.2.2 with
Active Directory.
reports: Update failed! Status: [-1 Total update abortedLDAP error:
Can't contact LDAP server]
Failed to start replication
All current users sync with
On 08/30/2013 01:31 PM, John Moyer wrote:
Rob or anyone else,
So while struggling along on this server I just grabbed the logs off
it and ran that log program with the options you suggested. There
are a lot of unindexed requests. These are the top issues I've
removed the one username
On 09/04/2013 07:51 AM, Martin Kosek wrote:
Ah, ok. One of the reasons why I was poking to this thread is exactly this
ticket. It does not contain much information _what exactly_ is making IPA
performance poor - whether it is missing indices (which ones?) or some issue
in IPA plugins during
On 09/04/2013 07:58 AM, John Moyer wrote:
It was our opinion that it wasn't an index issue. I cleared the logs
from the IPA server, and then just ran a JIRA sync with the server. I
gave Rich the log file from my IPA for that sync. I can't find the
exact conversation, but we determined that
On 09/04/2013 12:18 PM, Terry Soucy wrote:
I am experiencing some long execution times, and I'm wondering if
anyone can give me some insight.
We are running FreeIPA 3.0.0-26 on Redhat 6.1. We have multimaster
replication running among 4 hosts. We have approv 100 users, 25
usergroups and
On 09/09/2013 11:40 AM, Charlie Derwent wrote:
On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 09/09/2013 10:20 AM, Charlie Derwent wrote:
Hi,
2 questions, some of our automation accounts are needlessly
querying the IPA
On 09/09/2013 10:20 AM, Charlie Derwent wrote:
Hi,
2 questions, some of our automation accounts are needlessly querying
the IPA server every time they call a command via sudo. This is
generating a lot of noise in our access logs. Is there any way to
ensure certain system accounts don't call
On 09/13/2013 03:16 AM, Marina Moreda wrote:
Hi all,
I need to add in my LDAP an attribute to save the date of last access
to mail account, or something similar, to know when an user has
stopped using his mail account. I can't find any attribute like this
one. Any suggestions on how I can do
On 09/12/2013 08:04 PM, Charlie Derwent wrote:
On Mon, Sep 9, 2013 at 5:32 PM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 09/09/2013 10:20 AM, Charlie Derwent wrote:
Hi,
2 questions, some of our automation accounts are needlessly
querying
think you'll have to use the workaround where you change replication
to use simple bind in order to initialize the consumer, then switch back
to sasl/gssapi.
Simo/Rob - which ticket was this? Does freeipa.org have the workaround?
Cheers,
Charlie
On Fri, Sep 13, 2013 at 2:49 PM, Rich Megginson
On 09/16/2013 07:57 PM, Dmitri Pal wrote:
On 09/16/2013 12:02 PM, KodaK wrote:
Yet another AIX related problem:
The AIX LDAP client is called secldapclntd (sure, they could make it
more awkward, but the budget ran out.) I'm running into the issue
detailed here:
On 09/18/2013 11:53 AM, mees virk wrote:
I do not have a valid support contract, or other contracts with
RedHat. Doesn't that stop me from opening proper RFE ticket?
Not at all - https://fedorahosted.org/freeipa/newticket - depending on
what you mean by proper.
In any case, my interest
To Perform
err=493Invalid Credentials (Bad Password)
I'm still trying to figure out why there are so many error 32s.
Are there any usual suspects I should know about? (That's just
the current access log, btw.)
On Tue, Sep 17, 2013 at 9:01 AM, Rich Megginson
On 09/30/2013 11:27 AM, Andrew Tranquada wrote:
Well I feel silly for not checking this earlier. You were correct.
Sep 18 01:09:35 freeipa1 kernel: : ns-slapd[16553]: segfault at 4 ip
0041227a sp 7fb9d15edc68 error 4 in ns-slapd[40+53000]
I am installing the
On 10/15/2013 01:22 AM, Alexander Bokovoy wrote:
On Mon, 14 Oct 2013, janice.psyop wrote:
Hi,
I've been setting up an IPA server (centos 6.4) with AD trust (2008R2
domain) following the FC18 freeipa guide.
AD trusts is different from AD sync agreement.
What you describe below is use of
on the 8192
log level and see what it is doing. If that shows nothing, then try
ipa-replica-manage re-initialize It looks like winsync is already
connected.
thanks,
-J.
On Tue, Oct 15, 2013 at 9:26 AM, Rich Megginson rmegg...@redhat.com wrote:
On 10/15/2013 01:22 AM, Alexander Bokovoy
if the winsync update finished? Is there a query
command or other log file?
If you use the repl (8192) log level, it should tell you.
Thanks very much for all the help!
-J.
On Tue, Oct 15, 2013 at 11:58 AM, Rich Megginson rmegg...@redhat.com wrote:
On 10/15/2013 09:51 AM, janice.psyop wrote:
Thanks
On 11/05/2013 06:04 AM, Alexander Bokovoy wrote:
On Tue, 05 Nov 2013, Tamas Papp wrote:
hi,
The systems are uptodate F19 KVM guests.
I'm trying to login the web ui with no success:
Your session has expired. Please re-login.
To login with Kerberos, please make sure you have valid tickets
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed upstream and in some releases - to allow
replication to proceed despite excessive clock skew - what is your
389-ds-base version and platform
On 11/05/2013 08:05 AM, EP wrote:
Hi,
I'm pushing to get password and user synchronization from AD to
FreeIPA at the company I work for.
Our windows administrators are very nervous about installing the
PassSync service on their AD-controllers, and have asked me to provide
a reference
On 11/05/2013 08:29 AM, Антон Костенко wrote:
Hello everyone!
Please, explain me a one thing.
I have a that kind situation:
In our company we have two domains - AD for everyone and FreeIPA for
developers and servers. They have a different dn. Freeipa have
dn=privatedomain,dn=loc, AD have
On 11/05/2013 08:45 AM, EP wrote:
Hi,
They had a phone session with Red Hat first line support, so they are feeling
quite safe with the solution itself (in theory).
What they're after now is more or less some end user testimonials... perhaps a
few of you PassSync users out there could write
On 11/05/2013 01:03 PM, Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed upstream and in some releases - to allow
replication
On 11/05/2013 04:23 PM, Tamas Papp wrote:
On 11/05/2013 09:25 PM, Rich Megginson wrote:
On 11/05/2013 01:03 PM, Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org
On 11/06/2013 06:41 AM, Tamas Papp wrote:
On 11/06/2013 04:16 AM, Rob Crittenden wrote:
5. If I have a network like this:
A1__B1
A2 B2
A2 and B1,2 are replicated from A1
If the connection gets lost between A and B site, are B1 and 2 (and
A1,2) replicated fine?
I assume
On 11/11/2013 08:42 AM, gflwqs gflwqs wrote:
Hi,
I have setup the winsync and passsync service according to the docs,
but having problems with passsync.
Scenario:
When i change password in IPA which does not meet the password policy
defined in AD the password does not get synced over to AD,
On 11/12/2013 01:29 AM, gflwqs gflwqs wrote:
Hi,
I have created the sync user with:
- *Replicating directory changes* rights to the synchronized Active
Directory subtree.
- A member of the *Account Operator* and *Enterprise Read-Only Domain
controller* groups.
The user attribute
On 11/20/2013 12:37 PM, Terry Soucy wrote:
I am currently having the following issue.
Running Redhat IPA on RHEL6.3 (ipa-server-3.0.0.25) in a basic two
server multimaster setup.
Servers A is running fine, but Server B is out of sync. More
specifically, the ldap service principal is out of
principal to a keytab file. If I
export from serverA using the ipa-getkeytab file, I get one
version number. If I export from server B, I get an older version
number. When I use the kvno command, I get an even older number.
Terry
On Wed, Nov 20, 2013 at 3:56 PM, Rich Megginson
On 11/25/2013 11:51 AM, Emil Petersson wrote:
On 25 Nov 2013, at 17:21, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 11/25/2013 08:14 AM, Emil Petersson wrote:
Hi,
I'm running FreeIPA 3.0 under RHEL6.4. I'm seeing some unexpected
behaviour with winsync
On 11/25/2013 04:57 PM, Rich Megginson wrote:
On 11/25/2013 11:51 AM, Emil Petersson wrote:
On 25 Nov 2013, at 17:21, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 11/25/2013 08:14 AM, Emil Petersson wrote:
Hi,
I'm running FreeIPA 3.0 under RHEL6.4. I'm seeing
On 12/18/2013 12:43 PM, Joe Mou wrote:
I have a broken IPA replica that appears to be suffering from a hung
directory server. The master seems to be working fine, but LDAP
requests to the replica hang indefinitely. I attached gdb to ns-slapd
and suspect a deadlock in cos_cache.c.
Thread 7
this entry:
ldapdelete -x -D cn=directory manager -W cn=Password
Policy,cn=accounts,dc=the,dc=flatiron,dc=com
Once everything is working again, add back the entry:
ldapmodify -x -D cn=directory manager -W -a -f pwpolicycos.ldif
On Thu, Dec 19, 2013 at 7:07 AM, Rich Megginson rmegg
On 12/19/2013 03:17 PM, Joe Mou wrote:
On Thu, Dec 19, 2013 at 10:01 AM, Rich Megginson rmegg...@redhat.com
mailto:rmegg...@redhat.com wrote:
On 12/19/2013 09:19 AM, Joe Mou wrote:
Here are the results of that command:
$ ldapsearch -xLLL -D cn=directory manager -W -b
dc
On 01/14/2014 07:57 PM, Les Stott wrote:
Still no joy. Although I don't profess to be a schema changing expert.
Compat plugin was already enabled. Ipa version is 3.0.0-37.el6
So I modified /etc/dirsrv/slapd-MYDOMAIN-COM/dse.ldif...
Under
dn: cn=users,cn=Schema
:
ldapsearch -LLLx -b cn=config -D cn=directory manager -W
'objectclass=nsdswindowsreplicationagreement' dn
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Friday, January 31, 2014 12:39 PM
*To:* Todd Maugh; d...@redhat.com
On 01/31/2014 02:09 PM, Todd Maugh wrote:
thank you for the reply. here is the out put of the first command. I'm
going to run the second now and will reply with that as well
LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-BOINGO-COM/ ldapsearch -d 1 -LLLx
-ZZ -H ldap://qatestdc2.boingoqa.local -b cn=idm
this:
ldapsearch -LLLx -b cn=config -D cn=directory manager -W
'objectclass=nsds5replicationagreement'
*From:* Todd Maugh
*Sent:* Friday, January 31, 2014 1:11 PM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users
fmt (}) ber:
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Friday, January 31, 2014 3:58 PM
]
*Sent:* Tuesday, February 04, 2014 9:04 AM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] Creating password sync
Ok, So I have my replication agreement set up.
and I see accounts coming in to my IDM server from AD
I have followed this guide from
*From:* freeipa-users-boun...@redhat.com
[freeipa-users-boun...@redhat.com] on behalf of Todd Maugh
[tma...@boingo.com]
*Sent:* Tuesday, February 04, 2014 11:56 AM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users
...@boingo.com]
*Sent:* Tuesday, February 04, 2014 11:56 AM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] Creating password sync
Im seeing these errors in the passsync.log
32: No such object
02/03/14 16:23:40: Ldap error in QueryUsername
32
[tma...@boingo.com]
*Sent:* Tuesday, February 04, 2014 12:53 PM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] Creating password sync
I tried changing the password for a user in AD
this is what the passsync log shows:
02/04/14 12:29:14: Ldap
: Can't Contact LDAP Server is one of the many problems. It is
almost always a configuration issue.
*From:* Todd Maugh
*Sent:* Tuesday, February 04, 2014 12:48 PM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users
a configuration issue.
thanks
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Tuesday, February 04, 2014 12:45 PM
*To:* Todd Maugh; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* Re: Creating password sync
On 02
On 02/13/2014 12:58 PM, John Moyer wrote:
I think I know my problem, back in August I was having performance
issues so I hooked part of my IPA server to RAM disk. I'm assuming
looking at the symlink below that since I've rebooted the server that
I'm completely out of luck.
This is in this
On the ipa server:
ipactl start
From Rich Megginson:
Further reading for those interested in the particulars
of CS
On 03/04/2014 01:22 PM, Innes, Duncan wrote:
Hi,
I'm testing an upgrade of my prod IPA servers in a dev cluster at the
moment. Finally completed the upgrade, so I tested some user adds via
the WebUI.
Added user aardvark on ipa01 - replicated to ipa02
Added user beaver on ipa02 - NOT
beaver user, and
operations for a successful user.
Cheers
Duncan
*From:* Rich Megginson [mailto:rmegg...@redhat.com]
*Sent:* 04 March 2014 22:41
*To:* Innes, Duncan; freeipa-users@redhat.com
*Subject:* Re
tl;dr - A lot of detail about working with the IPA DNS command line
interfaces and JSON interfaces.
I'm working on integrating IPA with OpenStack Designate (DNSaaS), using
the /ipa/json interface. I've had some QA with the IPA DNS developer
(Thanks Petr Spacek!) that I thought would be
On 03/12/2014 04:18 PM, Todd Maugh wrote:
Hello.
I'm using latest IPA build on red hat 6.5
I retrieved my CA cert from the AD Domain controller
I try to set up my winsyncagreement and I am getting this
[r...@idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage connect
--winsync --binddn
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Wednesday, March 12, 2014 3:47 PM
*To:* Todd Maugh; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
On 03/12/2014 04:39 PM, Todd Maugh wrote:
thanks Rich,
when I
On 03/13/2014 11:02 AM, Todd Maugh wrote:
does IDM work with AD 2012 or only 2008
Are you talking about trusts? Not sure.
Winsync? The PassSync password sync agent?
I think so, with RHEL 6.5, or perhaps it is RHEL6.6.
-Todd
___
Freeipa-users
is.
not sure where to look for more errors about this
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Wednesday, March 12, 2014 4:23 PM
*To:* Todd Maugh; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users
password XX is not
correct for user **cn=idmadmin,cn=Users,dc=bwinc,dc=local
*
*additional info: 80090308: LdapErr: DSID-0C0903C5, comment:
AcceptSecurityContext error, data 52e, v2580
*
*From:* Rich Megginson [rmegg
with the winsync agreement?
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Thursday, March 13, 2014 11:43 AM
*To:* Todd Maugh; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
On 03/13
201 - 300 of 494 matches
Mail list logo