hi,
This works:
$ ldapsearch -LLL -x -b cn=users,cn=accounts,dc=cxn
(|(mail=admin*)(uid=admin)) uid
dn: uid=admin,cn=users,cn=accounts,dc=cxn
uid: admin
This not:
$ ldapsearch -LLL -x -b cn=users,cn=accounts,dc=cxn
(|(aaa=admin*)(uid=admin)) uid
$
If there is search filter with
On 06/19/2015 11:12 AM, Christoph Kaminski wrote:
for this problem you can see the thread Haunted servers? here on ml.
There is a solution from me for this but it doesnt work 100% :/
I would rather rerun the replication.
we have a Ticket @Red Hat for this problem,
On 06/22/2015 10:49 AM, Christoph Kaminski wrote:
In my particular case I'm interested, whether it can crash servers.
Does it for you? I don't see it in that thread.
tamas
yes... we has had a really often a crash on virtual machines
installations. On bare metal we had 2-3x a crash.
On 06/22/2015 10:31 AM, Christoph Kaminski wrote:
Unfortunately I don't have access there.
In fact we have a bigger issue here, but I don't know, if it's related.
The whole story is the following:
I migrated (ipa migrate-ds) about 150 users between two ldap
databases. Old one was v3.0
,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Christoph
Kaminski
*Sent:* Monday, June 22, 2015 2:50 PM
*To:* Tamas Papp
*Cc:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] Antwort: Re
On 06/22/2015 02:20 PM, thierry bordaz wrote:
On 06/22/2015 11:50 AM, Tamas Papp wrote:
Fascinating.
Can you Red Hat guys reproduce this in you test environment?
Most of my tests are on RHEV with RHEL 7.1, I have not seen a crash of DS.
About the test case, you installed a server+replicas
hi All,
$ ipa-replica-manage list-ruv
unable to decode: {replica 6} 55832e8e00030006 55832e8e00030006
ipa31.bph.cxn:389: 8
ipa12.bpo.cxn:389: 5
ipa32.bph.cxn:389: 7
ipa11.bpo.cxn:389: 3
ipa.cxn.com:389: 4
$ ipa-replica-manage clean-ruv 6
unable to decode: {replica 6}
On 06/10/2015 03:33 PM, Martin Kosek wrote:
On 06/10/2015 03:18 PM, Tamas Papp wrote:
hi,
Currently there are CentOS 6.5 servers and IPA 3.0.
The goal is migrating users to CentOS 7.1 and IPA 4.1.
This is the command I use:
$ ipa migrate-ds ldap://ipa11 --user-container=cn=users,cn
I can't answer you, but don't use .local, it conflicts with avahi.
--
Sent from mobile
On June 12, 2015 17:45:52 James Benson james.ben...@utsa.edu wrote:
Hi all,
I'm trying to duplicate freeIPA on a local host but I keep on getting
errors, primarily a RuntimeError('CA did not start in %%ss'
On 06/10/2015 03:35 PM, Martin Kosek wrote:
On 06/10/2015 03:32 PM, Christopher Lamb wrote:
Hi Tamas
I think the general advice is to replicate rather than to migrate. I am
sure Martin K will jump in on this.
Yes :-)
However some weeks ago, when doing a very similar move to yours, we
hi,
Currently there are CentOS 6.5 servers and IPA 3.0.
The goal is migrating users to CentOS 7.1 and IPA 4.1.
This is the command I use:
$ ipa migrate-ds ldap://ipa11
--user-container=cn=users,cn=accounts,dc=foo
--group-container=cn=groups,cn=accounts,dc=foo --base-dn=dc=foo
Yes, it's fine.
--
Sent from mobile
On June 8, 2015 18:47:41 Christopher Lamb christopher.l...@ch.ibm.com wrote:
Hi All
we are interested to know if anybody has succeeded (or for that matter
failed) in using FreeIPA to provide user authentication for Atlassian
products such as JIRA or
On 06/02/2015 10:30 AM, Sandor Juhasz wrote:
It is confirmed, the password policy was changed with password
expiration beyond 2038.
Question is, how can we restore the pw policy without a working admin
user?
hi Martin,
Additional info:
ipa-server-3.0.0-42.el6.centos.x86_64
CentOS 6.6
On 06/02/2015 02:00 PM, Martin Kosek wrote:
On 06/02/2015 11:42 AM, Tamas Papp wrote:
On 06/02/2015 10:35 AM, Martin Kosek wrote:
You would need to do the modifications as Directory Manager or other user in
adminsgroup.
To resolve this, you would need manually fix admin entry attribute
On 06/02/2015 10:35 AM, Martin Kosek wrote:
You would need to do the modifications as Directory Manager or other
user in adminsgroup.
To resolve this, you would need manually fix admin entry attribute
krbPasswordExpiration to some future date, kinit as admin and then
fixing the global
hi All,
I'm stuck:
$ kinit admin
Password for admin@CXCLIENTS:
kinit: Password incorrect while getting initial credentials
[root@ipa-clients1 ~]$ kinit admin
Password for admin@CXCLIENTS:
Password expired. You must change it now.
Enter new password:
Enter it again:
kinit: Password has expired
hi All,
I have CentOS 6.6 server and want to upgrade to 7.1.
What is the upgrade path, can I do it directly or first I need to make
it to 3.3?
Also is there any known issue I should expect with workarounds?
Thanks,
tamas
--
Manage your subscription for the Freeipa-users mailing list:
On 04/03/2015 03:46 PM, Brian Topping wrote:
On Apr 3, 2015, at 6:48 AM, Tamas Papp tom...@martos.bme.hu wrote:
hi All,
I have CentOS 6.6 server and want to upgrade to 7.1.
What is the upgrade path, can I do it directly or first I need to make it to
3.3?
Also is there any known issue I
hi All,
-- Finished Dependency Resolution
Error: Package: freeipa-server-4.1.1-1.1.el7.centos.x86_64 (mkosek-freeipa)
Requires: pki-ca = 10.2.0-3
Available: pki-ca-10.0.5-3.el7.noarch (base)
pki-ca = 10.0.5-3.el7
Available:
I am good in waiting;)
Thanks for the prompt reply.
--
Sent from mobile
On November 19, 2014 11:54:40 AM Martin Kosek mko...@redhat.com wrote:
On 11/19/2014 11:37 AM, Tamas Papp wrote:
hi All,
-- Finished Dependency Resolution
Error: Package: freeipa-server-4.1.1-1.1.el7.centos.x86_64
Peck b...@pecknet.com
To: Martin Kosek mko...@redhat.com
Cc: Tamas Papp tom...@martos.bme.hu, freeipa-users@redhat.com
Sent: Wednesday, November 19, 2014 5:34:10 PM
Subject: Re: [Freeipa-users] freeipa-server from copr repo
Hi Marin,
I was able to install from the copr repo now as well. Thank
On 11/19/2014 09:29 PM, Martin Kosek wrote:
Ah, yes. This one is not a problem with the CentOS port, but rather
existing problem in FreeIPA 4.1.1 which will be fixed in FreeIPA 4.1.2
on all platforms, including Fedora 21 and CentOS.
See upstream ticket:
On 11/19/2014 10:27 PM, Martin Kosek wrote:
Actually no, FreeIPA 4.1 is planned to be included in RHEL-7.1 release
- so you can look forward to that :-)
Very good!
Then everything is good for testing:)
t
--
Manage your subscription for the Freeipa-users mailing list:
On 10/01/2014 10:19 AM, Les Stott wrote:
Hi,
I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.
I am working on doing an unattended ipa client installation. I have it
working with the following….
/usr/sbin/ipa-client-install -p admin -w admin_password -U --no-ntp
On 09/29/2014 12:35 PM, Martin Kosek wrote:
On 09/29/2014 11:51 AM, Tamas Papp wrote:
hi All,
Is there a solution to integrate gravatar images and IPA? Something like
a field for the gravatar url or actually I am not sure, what the right
solution would be.
Also is there a solution the add
hi All,
Is there a solution to integrate gravatar images and IPA? Something like
a field for the gravatar url or actually I am not sure, what the right
solution would be.
Also is there a solution the add IM details to users, like skype id,
hangouts id..etc?
10x
tamas
--
Manage your
On 09/12/2014 02:47 PM, Martin Kosek wrote:
On 09/11/2014 02:06 AM, Dmitri Pal wrote:
On 09/10/2014 07:10 PM, Tamas Papp wrote:
hi All,
Is there an offficial API documentation available?
Unfortunately not much. You can search archives and find some
recommendations
that helped people
On 09/12/2014 07:02 PM, Dmitri Pal wrote:
You have seen other answers but I think a fair question to ask here is
what does the service do and what kind of ldap info it needs?
Is it read only or read write?
Currently we have a forum, where users can register to a mysql database.
W would
hi All,
Is there an offficial API documentation available?
Also is there a simple way to logon and run commands through API without
a kerberos ticket?
Thanks,
tamas
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To
hi All,
$ ldapsearch -x -D uid=USER,cn=users,cn=compat,dc=foo -h localhost -w
`cat pw`
ldap_bind: Referral (10)
referrals:
ldap:///uid=USER,cn=users,cn=accounts,dc=foo
[12/Feb/2014:12:54:15 +0100] conn=25363 fd=79 slot=79 connection from
::1 to ::1
[12/Feb/2014:12:54:15 +0100]
On 02/12/2014 01:07 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
hi All,
$ ldapsearch -x -D uid=USER,cn=users,cn=compat,dc=foo -h localhost -w
`cat pw`
ldap_bind: Referral (10)
referrals:
ldap:///uid=USER,cn=users,cn=accounts,dc=foo
[12/Feb/2014:12:54
On 02/12/2014 01:34 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
On 02/12/2014 01:07 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
hi All,
$ ldapsearch -x -D uid=USER,cn=users,cn=compat,dc=foo -h localhost -w
`cat pw`
ldap_bind: Referral (10
On 02/12/2014 01:34 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
On 02/12/2014 01:07 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
hi All,
$ ldapsearch -x -D uid=USER,cn=users,cn=compat,dc=foo -h localhost -w
`cat pw`
ldap_bind: Referral (10
On 02/12/2014 03:04 PM, Petr Spacek wrote:
On 12.2.2014 15:01, Tamas Papp wrote:
On 02/12/2014 01:34 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
On 02/12/2014 01:07 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
hi All,
$ ldapsearch -x -D uid
On 02/12/2014 09:53 PM, Jakub Hrozek wrote:
On Wed, Feb 12, 2014 at 01:30:59PM -0500, Dmitri Pal wrote:
I don't know it.
After a quick look I wasn't able to set it up correctly, 'id USER'
didn't connected to it's socket like with nscd/nlscd, however
nsswitch.conf was configured.
Maybe with
On 02/12/2014 11:29 PM, Alexander Bokovoy wrote:
On Wed, 12 Feb 2014, Tamas Papp wrote:
On 02/12/2014 09:53 PM, Jakub Hrozek wrote:
On Wed, Feb 12, 2014 at 01:30:59PM -0500, Dmitri Pal wrote:
I don't know it.
After a quick look I wasn't able to set it up correctly, 'id USER'
didn't
On 02/12/2014 07:30 PM, Dmitri Pal wrote:
Please check SSSD web site for guidelines and if you have any
questions do not hesitate to ask on the sssd-users list.
SSSD is the best you can get nowadays for the connection of the client
systems to the central identity stores.
If you plan to use
hi All,
I'm trying to replicate the CA server:
$ ipa-replica-install -p XXX --setup-ca -d --mkhomedir
replica-info-ipa11.bpo.cxn.gpg
Without --setup-ca it works correctly.
The output of the above command:
[...]
ipa : DEBUGStarting external process
ipa : DEBUG
hi All,
Nov 11 08:56:15 ipa31 kernel: [324701.614162] traps: ns-slapd[1333]
general protection ip:7f438b682731 sp:7f43637fb9a8 error:0 in
libc-2.17.so[7f438b5fc000+1b6000]
Nov 11 08:56:15 ipa31 systemd[1]: dirsrv@CXN.service: main process
exited, code=killed, status=11/SEGV
Nov 11 08:56:15 ipa31
On 11/11/2013 09:37 AM, Alexander Bokovoy wrote:
On Mon, 11 Nov 2013, Tamas Papp wrote:
hi All,
Nov 11 08:56:15 ipa31 kernel: [324701.614162] traps: ns-slapd[1333]
general protection ip:7f438b682731 sp:7f43637fb9a8 error:0 in
libc-2.17.so[7f438b5fc000+1b6000]
Nov 11 08:56:15 ipa31 systemd
On 11/06/2013 02:08 AM, Rich Megginson wrote:
On 11/05/2013 04:23 PM, Tamas Papp wrote:
On 11/05/2013 09:25 PM, Rich Megginson wrote:
On 11/05/2013 01:03 PM, Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM
On 11/06/2013 02:07 AM, Rich Megginson wrote:
On 11/05/2013 04:34 PM, Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed
On 11/06/2013 04:16 AM, Rob Crittenden wrote:
5. If I have a network like this:
A1__B1
A2 B2
A2 and B1,2 are replicated from A1
If the connection gets lost between A and B site, are B1 and 2 (and
A1,2) replicated fine?
I assume from the above that B1 does not know about
hi,
The systems are uptodate F19 KVM guests.
I'm trying to login the web ui with no success:
Your session has expired. Please re-login.
To login with Kerberos, please make sure you have valid tickets
(obtainable via kinit) and configured
http://ipa31.bph.cxn/ipa/config/unauthorized.html the
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed upstream and in some releases - to allow
replication to proceed despite excessive clock skew - what is your
389-ds-base version and platform?
What is the clock skewed? The date and
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed upstream and in some releases - to allow
replication to proceed despite excessive clock skew
On 11/05/2013 09:09 PM, Rob Crittenden wrote:
Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed upstream and in some releases
On 11/05/2013 09:20 PM, Tamas Papp wrote:
On 11/05/2013 09:09 PM, Rob Crittenden wrote:
Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
On 11/05/2013 09:25 PM, Rich Megginson wrote:
On 11/05/2013 01:03 PM, Tamas Papp wrote:
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed
On 11/05/2013 03:58 PM, Rich Megginson wrote:
On 11/05/2013 07:53 AM, Tamas Papp wrote:
On 11/05/2013 03:17 PM, Rich Megginson wrote:
https://fedorahosted.org/389/ticket/47516
This has been fixed upstream and in some releases - to allow
replication to proceed despite excessive clock skew
On 10/08/2013 06:33 PM, Mateusz Marzantowicz wrote:
Finally, I've managed to install FreeIPA on Fedora 20 without any
errors. I was even able to log in through web UI and make some changes.
Sadly after system reboot, non of IPA related services were started and
now nothing works as expected.
hi All,
I have a fedora directory server with memberOf attributes.
I'm able to migrate users to Freeipa, but I can see there are no such
attributes at the new place.
If I understand correctly, a memberOf plugin should be enabled. How can
I do that?
Thanks,
tamas
On 10/07/2013 06:06 PM, Tamas Papp wrote:
hi All,
I have a fedora directory server with memberOf attributes.
I'm able to migrate users to Freeipa, but I can see there are no such
attributes at the new place.
If I understand correctly, a memberOf plugin should be enabled. How can
I do
On 10/07/2013 08:59 PM, Dmitri Pal wrote:
On 10/07/2013 12:32 PM, Tamas Papp wrote:
On 10/07/2013 06:06 PM, Tamas Papp wrote:
hi All,
I have a fedora directory server with memberOf attributes.
I'm able to migrate users to Freeipa, but I can see there are no such
attributes at the new place
hi All,
I installed freeipa on F19 by yum and ipa-server-install.
It works fine until I reboot the machine, then it's not starting anymore:
# ipactl start
Existing service file detected!
Assuming stale, cleaning and proceeding
Starting Directory Service
Failed to data from service file: Failed
On 10/04/2013 05:25 PM, Martin Kosek wrote:
It seems that dirsrv fails to start or ipactl is unable to read from it. Can
you please:
1) Check /var/log/dirsrv/slapd-MARTINOVO-TEST/errors for start errors?
Hmm, you're right, I could start with this.
There was no /var/run/dirsrv
I guess it
On 10/04/2013 05:51 PM, Martin Kosek wrote:
This bug is probably the reason
https://bugzilla.redhat.com/show_bug.cgi?id=1008306
Tamas, can you try updating to 389-ds-base-1.3.1.11-1.fc19 and checking if it
fixes the /var/run/dirsrv issue?
Works like a charm.
Thanks,
tamas
57 matches
Mail list logo
