Hello,
My understanding is that FreeIPA is configured to accept connections on port
389 and the StartTLS is configured.
I managed to connect to the IPA server by using ldapsearch -x and without -ZZ
so, I suppose the TLS is not enforced.
Is there any option force TLS connections only?
On 11/27/18 10:14 AM, Peter Tselios via FreeIPA-users wrote:
Hello,
My understanding is that FreeIPA is configured to accept connections on port
389 and the StartTLS is configured.
I managed to connect to the IPA server by using ldapsearch -x and without -ZZ
so, I suppose the TLS is not
Mitchell Smith via FreeIPA-users wrote:
> Hi List,
>
> I am trying to migrate an old FreeIPA 4.3.1 server running on Ubuntu
> 16.04 to a new FreeIPA 4.5.4 server running on Centos 7.
>
> I am doing the migration via the "ipa migrate-ds" command, the command
> is running successfully and the
We have a use case for letting the FreeIPA named instances handle public
DNS for some zones, but we don't want them to allow anyone to use it as a
recursive resolver (DOS attacks and such).
I tested simply changing 'any' to 'none' for the allow-recursion setting in
/etc/named.conf and that worked
Hi Florence,
I intend to define a subdomain for each network, e.g.
DMZ = dmz..de (10.0.0.0/24) -> VLAN
LAN = local..de (192.168.1.0/24)
SHZ = smz..de (Smart Home Network) (10.0.10.0/28) -> VLAN
Does this make sense to you?
Or is this an overkill?
THX
Thomas
On ti, 27 marras 2018, 74cmonty via FreeIPA-users wrote:
Hi Florence,
I intend to define a subdomain for each network, e.g.
DMZ = dmz..de (10.0.0.0/24) -> VLAN
LAN = local..de (192.168.1.0/24)
SHZ = smz..de (Smart Home Network) (10.0.10.0/28) -> VLAN
Does this make sense to you?
Or is this an
On ti, 27 marras 2018, Peter Tselios via FreeIPA-users wrote:
I don't see any option to change the search schema.
Is there any way to get a similar result with the the RFC2307bis schema? Like,
using a more complex filter?
No.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security /
On ti, 27 marras 2018, Peter Tselios via FreeIPA-users wrote:
Hello,
I have an non-IPA aware application to succssfuly login users from IPA's LDAP.
However, I cannot make it work with group membership. It seems that the LDAP
filter is not working and using LDAP search proves that the app is not
Hi all,
I tried this as well, created a user for which otp and password is
both allowe to enforce OTP login on certain hosts but sudo without
otp:
ipa user-show winfried
User login: winfried
First name: Winfried
Last name: de
Hello,
I have an non-IPA aware application to succssfuly login users from IPA's LDAP.
However, I cannot make it work with group membership. It seems that the LDAP
filter is not working and using LDAP search proves that the app is not wrong.
So, what I have:
myself (ptselios) member of the
I don't see any option to change the search schema.
Is there any way to get a similar result with the the RFC2307bis schema? Like,
using a more complex filter?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send
Hello,
we ran into an issue after an upgrade to FreeIPA 4.6.4, API_VERSION:
2.229 (using the current Docker Image Fedora 27)
The ipa-upgrade ran without issues, but pki-tomcatd is causing trouble
after the upgrade.
The tomcatd system log:
0.localhost-startStop-1 - [05/Nov/2018:08:44:41
On Tue, Nov 27, 2018 at 01:34:25PM +0100, Winfried de Heiden wrote:
> Hi all,
>
> I tried this as well, created a user for which otp and password is both allowe
> to enforce OTP login on certain hosts but sudo without otp:
Enforcing 2FA for a host currently means enforcing it for all services
Hi all,
Mmmm, I was afraid so. Any (nearby) plans for a "feature
enhancement" on this :)
Winfried
Op 27-11-18 om 13:47 schreef Sumit
Bose:
On Tue, Nov 27, 2018 at 01:34:25PM +0100, Winfried de Heiden wrote:
Hi Alexander,
the main reason for us was that AD user can export keytab files for
their managed services. With current FreeIPA it's not possible, so the
admin team will do the job.
Thx for linking to documentation for RedHat 8, this is what we want (in
the future).
Greetings,
Micha
Am
Peter Tselios via FreeIPA-users wrote:
> I don't see any option to change the search schema.
> Is there any way to get a similar result with the the RFC2307bis schema?
> Like, using a more complex filter?
You would use member instead which requires a full DN:
ldapsearch -x -W -D
16 matches
Mail list logo
