On Jan 20, 2011, at 17:32 , Rob Crittenden wrote:
Yes, that was going to be my next question. While throwing any old
self-signed cert in there might get the server up other things won't
work, notably replication.
Ok, here are some steps I worked out that I think will get you back
in
On Tue, 1 Feb 2011 12:38:50 -0500
Peter Doherty dohe...@hkl.hms.harvard.edu wrote:
If I want to start from scratch with the new Beta release, how would
I dump the entire LDAP/KRB database so that I could import it into a
new server?
The Docs mention doing regular backups, but they don't even
Ian Stokes-Rees wrote:
Rob,
Thanks for your most recent comments. I'm not sure if I should try these
*before* or *after* the steps described in the 5:32 EST email.
Ian
I think roll back the time to the 15th, disable SSL in 389-ds and bring
the servers back up. Then follow the instructions
Some good news: turning off security has the Directory Server starting
up properly. If the directory server is only accessible within our
small intranet, can we safely run it without security enabled? If this
is theoretically possible it looks like the trick will be to change the
IPA config for
Hello,
We have a deployment of IPA that we have been using successfully
for 185 days. We are 3 days past the "half year" mark, and the
self-signed cert that was created with the original IPA install
(FreeIPA v2 alpha) has expired. I have created a new
Ian Stokes-Rees wrote:
Hello,
We have a deployment of IPA that we have been using successfully for 185
days. We are 3 days past the half year mark, and the self-signed cert
that was created with the original IPA install (FreeIPA v2 alpha) has
expired. I have created a new self-signed cert,
Some more info:
1. certmonger wasn't running, so I started it. Then I can execute
"ipa-getcert list" but it doesn't return anything.
2. /var/log/ipa/default.log (the only log file in that dir)
appears to show the *new* cert being imported
Ian Stokes-Rees wrote:
Just so I have the full context, where did the original self-signed
cert come from? The initial cert should have been good for 12 months
so I'm a little confused. Do you know where the initial certificate
came from?
I have to plead ignorance, since it was our regular
Ian Stokes-Rees wrote:
Some more info:
1. certmonger wasn't running, so I started it. Then I can execute
ipa-getcert list but it doesn't return anything.
Ok, your install must have pre-dated our implementation of it.
2. /var/log/ipa/default.log (the only log file in that dir) appears to
