Thank you! That was the hint i needed. I now created a binduser and its
working with the group.
On 22.05.2017 16:46, Alexander Bokovoy wrote:
> On ma, 22 touko 2017, Sebastian Kösters wrote:
>> so, like this?
>>
>> AuthBasicProvider ldap
>> AuthLDAPURL "ldaps://ipa01.hostname.de:636
>> ipa02.hostn
Hi All,
Need to setup and configure AIX 6.1 and 7.1 clients on our existing IPA server.
Currently all Linux clients have integrated and working fine. If anyone has
configured AIX client share me the configuration document, will beneficial for
my exercise. On web it contains guide to setup AIX
Hey,
Does anyone have a setup with a FreeIPA server and client PC's where users
have an encrypted HOME directory? I'm having difficulty to set it up. I'd be
grateful if someone could give some hints how to set it up. I have Ubuntu
on the server and on the PC's (and laptops).
What I tried so far.
On 05/22/2017 05:46 PM, John Bowman wrote:
This is technically two issues but hopefully one solution would solve
both problems.
We have a replica that has an EXTREMELY large cldb file and
unfortunately not in a position to be able to grow it.
# pwd
/var/lib/dirsrv/slapd-IPA-US/cldb
# ls -la
All,
We use freeIPA as the LDAP backend for OpenStack Keystone, GitLab, and a
few other things. We have been looking for a way to keep track of the
last time a user logged on, and the obvious answer seems to be the
krbLastSuccessfulAuth attribute. The problem is that this value for all
user
On Mon, May 22, 2017 at 12:19 PM, Pavel Vomacka wrote:
> Hello Steve,
>
> sorry for the delay.
No worries!
> Yes, now it is clear. This is example of plugin which adds what you want. :
This is perfect, thank you so much! I was able to integrate this in
the existing UI plugin I wrote, and it wo
Hey All,
I think this is fixed in 4.4.2 but since we use centos upstream we are limited
to 4.4.0, is there a way to manually re-issue the SSL Certificates used for
apache on the IPA masters for the web interface to include the DNS Names as
Subject Alternative Names?
Greatly appreciate it!
T
+1
W dniu wt., 23.05.2017 o 19:47 Jake via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> napisał(a):
> Hey All,
> I think this is fixed in 4.4.2 but since we use centos upstream we are
> limited to 4.4.0, is there a way to manually re-issue the SSL Certificates
> used for apache on the IPA
Running FreeIPA Version 4.2.0
Seeing a lot of these in the slapd error log:
the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the
syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [dc]
the SUBSTR matching rule [caseIgnoreIA5SubstringsMatch] is not compatible with
the
On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Hey All,
I think this is fixed in 4.4.2 but since we use centos upstream we are
limited to 4.4.0, is there a way to manually re-issue the SSL
Certificates used for apache on the IPA masters for the web interface
to include the DNS Names as Subje
Worked! Thanks!
I Suppose there isn't a way to get the output of getcert as JSON/object? I
would prefer to do this with ansible =)
Also, "sudo systemctl restart httpd" post renewal (looks like the hooks aren't
configured for the cert renewal to restart dependent services.)
- Original Messa
Jake via FreeIPA-users wrote:
> Worked! Thanks!
>
> I Suppose there isn't a way to get the output of getcert as JSON/object? I
> would prefer to do this with ansible =)
Not at the moment, just human-readable. You could file an RFE on the
certmonger pagure site.
>
> Also, "sudo systemctl restar
On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Worked! Thanks!
I Suppose there isn't a way to get the output of getcert as
JSON/object? I would prefer to do this with ansible =)
Not directly. You may want to explore D-Bus interface provided by
certmonger.
Also, "sudo systemctl restart h
Hello
A bugzilla for the same is already open
https://bugzilla.redhat.com/show_bug.cgi?id=1392858
From the current information, It will be released in RHEL 7.5
Regards
Arpit Tolani
On Mon, May 22, 2017 at 8:32 PM, Jason Hensley wrote:
> Is anyone running FreeIPA 4.5.0+ successfully on Rhel7/C
I posted this in the earlier thread, but didn't get a response. I was able
to fix this on the master, but "getcert list -d /etc/httpd/alias -n
"Server-Cert" on the replica doesn't return anything. Are the replica's SSL
certs handled differently ?
On Tue, May 23, 2017 at 3:08 PM, Alexander Bokovoy
For clarity I want to restate the fix is as follows, which will retain the
service restart functionality, tested on cent7 / ipa 4.4.0
as root, one liner:
getcert resubmit -i $(getcert list -d /etc/httpd/alias -n "Server-Cert" | grep
-o '[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][
I am trying to renew the last certificate for the IPA masters (previous email)
and am coming across this issue on my original IPA master (first server)
getcert list -d /etc/httpd/alias -n "Server-Cert"
Number of certificates and requests being tracked: 8.
Request ID '20170428162941':
status:
On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
I posted this in the earlier thread, but didn't get a response. I was able
to fix this on the master, but "getcert list -d /etc/httpd/alias -n
"Server-Cert" on the replica doesn't return anything. Are the replica's SSL
certs handled diffe
18 matches
Mail list logo
