[Freeipa-users] Re: Trying To Connect FreeIPA with OKTA/OneLogin/Bitium

Hi Chris and all! Chris, thanks for putting together the guide on integrating FreeIPA with Okta. The integration works fine except for accounts with expired passwords. Okta will allow login for an account with an expired password. Although the guide says "This is all well documented and supported

[Freeipa-users] Re: Trying To Connect FreeIPA with OKTA/OneLogin/Bitium

Hi all, Anybody having this issue? Thanks in advance! GUILLERMO FUENTES SENIOR SYSTEMS ADMINISTRATOR T: 561-880-2998 x1337 E: guillermo.fuen...@modmed.com [image: [ Modernizing Medicine ]] [image: [ Facebook ]] [image:

[Freeipa-users] Re: ns-slapd hangs for 2-3 minutes, then resumes.

Hi list, Just closing the loop on this one. This issue finally got resolved for us after installing the latest FreeIPA update available for CentOS 7: OS version: CentOS Linux release 7.4.1708 (Core) ipa-server-trust-ad-4.5.0-22.el7.centos.x86_64 ipa-common-4.5.0-22.el7.centos.noarch

[Freeipa-users] Re: CA subsystem certificates failing to renew.

ost! >> > All the best, >> > Guillermo >> > >> Here you go: >> >> >> https://frasertweedale.github.io/blog-redhat/posts/2019-07-26-dogtag-replica-ranges.html >> >> Cheers, >> Fraser >> >> > On Tue, Jul 23, 2019

[Freeipa-users] CA subsystem certificates failing to renew.

Hi list, I'm having an issue where the CA subsystem certificates are failing to renew. *** Environment: 4 FreeIPA replica servers with CA. Currently CentOS 7 up-to-date. Initially setup as FreeIPA 3 on CentOS 6 upgraded to CentOS 7 and kept up-to-date with the latest stable release available:

[Freeipa-users] Re: CA subsystem certificates failing to renew.

Thanks so much Fraser for your reply. Looking forward to your blog post! All the best, Guillermo On Tue, Jul 23, 2019 at 8:22 PM Fraser Tweedale wrote: > > On Tue, Jul 23, 2019 at 12:50:53AM -0400, Guillermo Fuentes via FreeIPA-users > wrote: > > Hi list, > > > >

[Freeipa-users] Re: CA subsystem certificates failing to renew.

Guillermo > > > Here you go: > > > https://frasertweedale.github.io/blog-redhat/posts/2019-07-26-dogtag-replica-ranges.html > > Cheers, > Fraser > > > On Tue, Jul 23, 2019 at 8:22 PM Fraser Tweedale > wrote: > > > > > > On Tue, Jul 23, 20

[Freeipa-users] Re: Adding new replica with CA fails.

es via FreeIPA-users > wrote: > > On Mon, Jul 6, 2020 at 5:31 PM Rob Crittenden wrote: > > > > > > Guillermo Fuentes via FreeIPA-users wrote: > > > > Hi Flo, > > > > Here is the value of the entry: > > > > # certificateRep

[Freeipa-users] Adding new replica with CA fails.

Hi all, I'm having an issue creating a new replica with CA. The Directory Service installation works fine but adding the CA clone fails with a java.lang.NumberFormatException when getting the serial number range. This is the error logged in /var/log/pki/pki-tomcat/ca/debug: ## ...

[Freeipa-users] Adding new replica with CA fails.

Hi all, I'm having an issue creating a new replica with CA. The Directory Service installation works fine but adding the CA clone fails with a java.lang.NumberFormatException when getting the serial number range. This is the error logged in /var/log/pki/pki-tomcat/ca/debug: ## ...

[Freeipa-users] Re: Adding new replica with CA fails.

On Mon, Jul 6, 2020 at 12:35 PM Florence Blanc-Renaud wrote: > > On 7/6/20 5:18 PM, Guillermo Fuentes via FreeIPA-users wrote: > > Hi all, > > > > I'm having an issue creating a new replica with CA. > > The Directory Service installation works fine but

[Freeipa-users] Re: Adding new replica with CA fails.

On Mon, Jul 6, 2020 at 5:31 PM Rob Crittenden wrote: > > Guillermo Fuentes via FreeIPA-users wrote: > > Hi Flo, > > Here is the value of the entry: > > # certificateRepository, ca, ipaca > > dn: ou=certificateRepository,ou=ca,o=ipaca > > objectClass: to