On 12/21/2012 08:31 AM, Martin Kosek wrote:
On 12/20/2012 12:34 AM, David Copperfield wrote:
Hi Howdy,
Two questions on IPA usage are listed below. Please help.
1, How to reset a normal IPA user's password through web interface
when the
password is expired?
when the normal user's password is close to expiration but still
not expired,
he/she can change it by self through the web interface
https://ipaserver/.
Otherwise he/she has to do ssh/kinit to update his/her password. But the
problem is: quite some users are non tech-savy -- managers,
marketing, sales --
and they have no ideas of Linux or Kerberos, what they can do is
accessing a
web interface and filling HTML forms.
Hello David,
This feature was introduced in FreeIPA 3.0, you can see the relevant
ticket:
https://fedorahosted.org/freeipa/ticket/2755
When your IPA server is upgraded to this version (it will be part of
next RHEL 6 minor version release), Web UI users with expired password
will be automatically offered a form to reset it.
2, When the freeIPA 3.0 and 3.1 series RPM will be available on
Redhat 6?
does IPA version 3.0/3.1 has backup/restore solutions, and merged CA
LDAP
instance and IPA LDAP instance?
Merged CA/LDAP instance is available in FreeIPA 3.1 which is not
available in RHEL-6. As for BackupRestore solution, a FreeIPA
provided solution is not ready yet, but we have a ticket filed and
planned already. You can take a look here:
https://fedorahosted.org/freeipa/ticket/3128
To elaborate a bit.
1) backup and restore
This is a loaded topic. There are two major use cases that are confused.
One is business continuity driven and another is data corruption driven.
For business continuity case here are our current recommendations and I
do not think there is anything else needed.
a) Run sufficient amount of replicas in different data centers
b) Backup the whole image of one of the replicas that has all the
components you use periodically so that if you have to start over you
have an image to use and create other replicas from. In case of disaster
the procedure would be - boot this image, create other replicas from it
and install following normal procedures. You are up and running back
within minutes.
c) For an easier snapshoting it might make sense to run a replica in a
VM so you can easily make a copy of it.
The recommendation above is pretty sufficient for the business
continuity case. It is not however for the data corruption case.
The ticket mentioned will be focusing on the data corruption case (when
data is removed or DB gets corrupted and needs to be restored) and we
have plans to look into this use case in the upcoming year.
2) Merged DB is 3.1 and will be supported in RHEL7
HTH,
Martin
Presently the IPA version on redhat 6.3 is 2.2.0, I can wait if
IPA 3.0 or
3.1 will comes out soon for redhat 6 and have the cool features.
Thanks a lot.
--Guolin
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users